The Dead Drops project was conceived by Berlin-based conceptual artistAram Bartholl, a member of New York'sFat lab art and technology collective. The first USB dead drop network of five devices was started by Bartholl in October 2010 in Brooklyn, New York City. The name comes from the dead drop method of espionage communication. An unrelated system called "deadSwap," in which participants use an SMS gateway to coordinate passing USB memory sticks on to one another, was begun in Germany in 2009. Each dead drop is typically installed without any data on the drive, except two files: deaddrops-manifesto.txt, and a readme.txt file explaining the project. Although typically found in urban areas embedded in concrete or brick since 2010, installation of USB dead drop into trees and other types of bodies in natural settings has also been mentioned since at least 2013. Wireless dead drops such as the 2011 PirateBox, where the user connects to a Wi-Fi hotspot with local storage rather than physically connects to a USB device, have also been created.
Comparison to other types of data transfer
Some of the advantages of utilizing USB dead drops are practical in nature: they permit P2P file sharing without needing any internet or cellular connection, sharing files with another person secretly/anonymously, and they record no IP address or similar personally identifying information. Other benefits are more social or artistic in nature: USB dead drops are an opportunity to practice "datalove" and can be seen as a way to promote off-grid data networks. The motive to utilize USB dead drops has been compared to what drives people involved in geocaching, which has been around for much longer and is somewhat similar in that often a set of GPS coordinates is used to locate a particular USB dead drop, in particular that USB dead drops give the user "the thrill of discovery" both in seeking out the location of the dead drop, and then also in addition when examining the data it contains.
Potential drawbacks to users
Dead drops are USB-based devices, which must be connected to an upstream computer system. The act of making such a connection, to a device which is not necessarily trusted, inherently poses certain threats:
Booby trap: a fake dead drop or USB Killer might be rigged up to electrically damage any equipment connected to it, and/or constitute a health and safety hazard for potential users. This risk can be mitigated by using a USB galvanic isolation adapter, which allows data exchange while physically decoupling the two circuits. Wifi-based dead drops do not suffer from this threat.
Mugging: because a USB dead drop is normally in a public or quasi-public location, it is possible for the location itself to be watched, and users of the dead drop attacked when they attempt to use the system.
Drawbacks to the system infrastructure
Publicly and privately available USB dead drops give anyone the ability to save and transfer data anonymously and free of charge. These features are advantages over the internet and the cellular network, which are at best quasi-anonymous and low-cost. However, offline networks are vulnerable to various types of threats and disadvantages, relative to online ones:
One device at a time: Users cannot plug in to a USB dead drop if someone else is already plugged in
Removal of stored data: anyone with physical access can erase all of the data held within the USB dead drop, or make it unusable by encrypting the data or the whole drive and hiding the key.
Removal of the entire device: thieves can steal the USB drive itself.
Disclosure: anyone can disclose the location of a private dead drop, by shadowing people that use it, and publishing coordinates in a public fashion. This impacts the anonymous nature of USB dead drops, since known drops can be filmed or otherwise observed.
Vandalism of the dead drop by physical destruction: anyone with physical access can destroy the dead drop by using for instance pliers or a hammer, by high voltage from a static field, with high temperature from a blowtorch, or other methods of physical force. It is possible to make the USB key more difficult to vandalize or to extract, by sealing it in a hole deeper than the length of the USB key, but this requires legitimate users to connect with a USB extender cable. For clarity, sometimes the installation of the dead-drop can itself be vandalism of the building; when a building owner destroys a dead drop placed without permission, they are not vandalizing the dead drop, but removing a device placed without their leave. Even when a device is placed legally, the device itself is vulnerable to third-party vandalism.
Exposure to the elements: dead drops tend to be exposed to rain and snow, which will presumably reduce their service lifetime.
Demolition or damage during maintenance: certain dead drop locations are limited to the lifespan of public structures. When a dead drop is embedded in a brick wall, the drop can be destroyed when the wall is destroyed. When a drop is embedded in a concrete sidewalk, the drop can be destroyed by sidewalk-related construction and maintenance. Sometimes dead drops are damaged when walls are repainted.
Prevalence
As of 2013, there were more than one thousand known USB dead drops. Countries which have large numbers of USB dead drops include the United States and several in Europe. As of 2016, it was estimated that the overall dead drop infrastructure contained more than ten terabytes of storage capacity, with the majority still in the United States and Europe, but also with significant numbers of devices reportedly installed in the Asia/Pacific region, South America, and Africa.
