Cloud-based dead-drop that can't be cracked

I need a dead-drop for files that if intercepted can’t be cracked.

I’m imagining that using VC vaults, sharded, spread across multi cloud repositories might be the solution?

What setup would you use?

What repositories would you use?

How would you drop the data with the best probability of avoiding interception?

I think there are IPFS based dead drop tools

  1. Use onionshare. It creates a Tor hidden server on your computer which you can drop files, like a dropbox. Then share the onion URL with the people you want to share those files with.

  2. Use torrents on the i2p network.

I think there is also something called “Secure Drop” but I’ve never used it.

2 Likes

There is secure drop a project run by Freedom of the Press Foundation.

It has a Qubes OS workstation

5 Likes

(Disclaimer: I work on Securedrop)

SecureDrop is an application designed for dead drops (originally and still mostly for news orgs). It has a couple of advantages: everything happens over the Tor Network and via Tor Browser, helping to protect source anonymity and giving a certain level of deniability; and it uses an offline decryption key, encrypting files on upload and relying on an airgapped workstation to decrypt them, making key exfiltration kinda difficult.

It also may have disadvantages for your use case - it relies heavily on physical security of the application server, so it’s best suited for orgs that can provide that. Cloud-based hosting or 3rd-party hosted ones (that can get subpoenaed or otherwise compromised) are not safe. Also, if you’re looking to share files as well as receive them, it’s one-way. Sources can upload but not download, even if they could they couldn’t decrypt them without access to the airgapped key.

I wouldn’t get into recommendations without understanding better what you’re trying to do.

1 Like

Server security will be an issue. I’m on the move and will not be able to secure a server.

I’m operating from the assumption I can’t fully close interception risks during file transit.

While files are encrypted with strong open-source encryption tools on cold computers, I can’t be certain of nation-state level abilities…as they certainly wouldn’t tell us. And what about 10-20 years from now. Will the encryption be crack-able then? This is why I’m looking for a solution to shard the files, and keep the pieces separated across several dead drops, transmitted at different times and/or from different computers… unless there is a simpler solution I haven’t thought of.