amr/memex
1
0
Fork 0
Code Issues 12 Pull Requests Actions Packages Projects 1 Releases Wiki Activity
Files
f6ce86bea3135190f7c9e65f92ef28a12cf619e9
memex/inbox/notes/bitcourier.org

8.9 KiB
Raw Blame History

BitCourier

An anonymous network for shipping physical items is theoretically possible, and could be organized like Tor.

  1. When you buy something you give the seller an encrypted version of your address that s/he cannot read.
  2. The seller ships the package to a reshipper who has the ability to decrypt your address.
  3. The reshipper then ships your package through normal channels like UPS.

The main benefit of this system is if the seller is busted for some reason, your name/address are not compromised.

An obvious weakness of this system is if the reshipper is compromised. A way around this is to have multiple reshippers with layers of encryption and each reshipper peels off only one layer to see which reshipper to send it next (or to you).

You the buyer could even encrypt the entire reshipping route to follow. The seller would then ship the package to the reshipper you specify when s/he decrypts the address.

The main weakness of this whole deal is the "exit node" i.e. reshippers that can see your real physical address so it can be shipped conventionally to you.

BitDrop.

Bitdrop would be a system for human "runners" to pass goods from person to person in the most cryptographically secure way possible.

Person A negotiates a sale of an item to person B online.

Upon deciding on BitDrop as means of distribution, distance would be calculated and current gas prices would be tabulated. This is the base shipping cost.

Person A types in their "willing to travel" radius, and, the machine would chew on the data and randomly/securely spit back out an exact lat-lon point within that radius.

A nearby runner gets notified that a package is ready for distribution. He's signed up with his own "willing to travel" radius as well. Ideally, if there are enough warm bodies in the chain, the venn diagrams all start overlapping, and form a human supply chain.

Upon the completed transaction, all runners in the chain would receive good feedback (ideas for delivery confirmation? sms? scanned qr codes?), and get higher GPG rankings, which would enable them to deliver goods that had been marked with higher trust requirements…and likewise, the more you're trusted in in the chain, the more the runners can charge. Seller wants to sell something of importance/high value? they can raise the trust threshold (and subsequently, the shipping rate)

As far as black market goods go, I've thought of this scenario. The TOS for bitdrop would state specifically that transfer of illegal goods is strictly prohibited; however, you may anonymously mark your package "shaded" if you feel the contents pose risk for any member of the chain, including senders, receivers and most importantly, runners. Shaded goods may be distributed exclusively via dead drops, and runners can opt into notifications of shaded packages, but only after a GPG trust threshold is passed, so a significant time expenditure is required before you go "googling for drugs". You basically knowingly waive your rights when you deal with shaded transacations. That being said, I'm sure it would turn into a profitable venture for risk-takers, while keeping clean runners away from things that could land them in jail for trafficking.

There are other details I've thought of, including the distinction between dead drops and trusted drops. Dead drops would be entry-points into the runner market. Let's say I want to make some extra money, and I want to sign up as a runner. I go to the bitdrop site and sign up for an entry-level position. This requires that I pledge a deposit for the first item I'll deliver. This means that new runners will mainly focus on delivering items of little value. It's a Low-risk, low-return scenario for everybody involved with the transaction. Once I, the runner, complete my transaction, the deposit is returned to my account, as well as the base shipping cost + small delivery fee. Part of becoming a runner is setting up GPG-Authentication. The buyer and seller then add ratings to my transaction, and after a threshold is reached, I'm allowed to forego placing a deposit on items of certain values or lower. Eventually, dead drops would give way of chains with "trusted drops", where people who've established their trust arrange meetups based on encrypted lat-lon values and anonymous instructions. The specifics should be debated about at length to promote the safety and longevity of the chain

I don't expect my first ramblings to be the end-all-be-all of this system, but unless I'm way off base, I think the concept has potential. I actually wrote up an extensive post detailing this idea yesterday, and stupidly hit f5 before I sent it, erasing my whole post instantly… I'd love to hear feedback and concerns.

BitDrop implementation

Along with the initial idea (the subject of this post) some extra details.

1)Use Tor style onion routing to deliver packages.

What does this mean?

Every node(person doing delivery) must have a gpg key.

When a new package is to be entered into the system the sytem works out the route, selecting the appropriate nodes.

It then uses the nodes public key to encrypt the nodes delivery location.

The result is that each node can only know the location they deliver to and not the final destination of the package. If geocaching is used then each node doesn't even know who the previous node was.

Example.

Person in New York wants to deliver a package to Washington D.C.

Logs into the system, gives the pickup(either someone comes to collect the package, or the user delivers it to the first drop off point), and the final destination.

The system works out the optimal route, notifies all the soon to be involved nodes, and gives the user the first drop off point for the package (or someone will come and collect it).

The person who collects the package first is the first node, the only information they have been given is where to collect the package and where to deliver it to, the next location is the collection point for the next node and so on.

The result is each node knows only a portion of the route, it increases privacy, and the strngth of the delivery network.

I'm also thinking of having an android app that each node can use to sign the delivery of the package to the next node (using gpg), so if something happens to the package we know who's responsible, it also allows some measure of package tracking for the customer.

Each node gets a portion of the overall payment for it's delivery.

Quote from: chodpaba on April 27, 2011, 06:22:25 PM

Putting the object in a Faraday cage (yes, wrapping in foil) could provide a defense from live location tracking. But once the package is opened its location could be reported. So, this would provide a measure of security to the delivery network, but not to the recipient.

Interesting, I was going to say that someone would need to have the address of the recipient to send the package to them in the first place, but then I remembered the system does.

Also a package that could transmit it's location over a reasonable distance would need to be reasonably powerful and not small in size, larger than a 19inch crt monitor?

Quote

However, I do not know what you would do with a data-logging device that uses accelerometer input to reconstruct location by dead reckoning, a Faraday cage would not help in this case, it could penetrate the security of both the delivery network as well as that of the recipient. It need not even be terribly accurate, with enough samples routes can be reconstructed with a very high accuracy if they are re-used… Even completely random routes and drops would only have the effect of limiting the degree of accuracy such a attack could deliver. It could also reveal a lot of other information, including the transportation mode of the carriers, (walk/run, bike, car, etc.) as well as gait, which could be used to identify individual carriers. With enough time/space data the travel path could be also be correlated to video surveillance.

Now you're being more paranoid than I.

Quote

The best defense in this case would be to severely limit the size/weight of packages delivered, and also wrap them in foil, to prevent RFID tracking.

I agree. Any other suggestions to prevent the network being attacked?

What about law enforcement using entrapment against entry nodes? For example, they have an entry node (first person to collect package from user) collect the package which they have put illegal items such as drug into, and then proceed to arrest the entry node.

I'm thinking that you will need some reputation to be able to send packages too, this should help the network to resist.

It is also a bodyguard on the move system. The package contents are always open

Entire route reputation is damaged (fined?) if the package is physically damaged map shows coverage and gaps to be filled?

Reference in New Issue View Git Blame Copy Permalink