Home | Search

2026-01-18

Why I don't usually recommend dead drops

Disclaimer

• Quick Note
• Contains info that might be politically sensitive, not sure
• I did this research back in 2024 and 2025. Only polished the notes and published in 2026-01.

Summary

• I was primarily interested in dead drops as a way of smuggling hard disks. I was concerned that Tor could be broken by govts and hence be untrustworthy.
• In practice, camera surveillance makes it hard to do dead drops. I have personal experience with this.
• I currently think that for most circumstances, the probability that govts have successfully broken Tor and will use this capability to attack you specifically, is lower than the probability that you will be caught while attempting a hard disk dead drop. Hence you should probably just use Tor.

Main

What are you smuggling?

• Drugs
  • For physical items like drugs, dead drops might still be an option. For example, dead drops for drugs are becoming increasingly popular in Russia as of 2025, as compared to snail mail and courier which the other dark web drug vendors use.
  • Side Note: If your only goal is to become rich, I don't recommend becoming a dark web drug dealer.
    • Maintaining tigh opsec as a drug vendor will make you lonely for many years, and you will struggle with building a trusted circle even after you leave the profession. Many drug vendors complain on the dark web about their loneliness. In theory, you can form a small group or a big group and combat this loneliness. In practice, there's limited evidence of people succeeding and plenty of dark web vendors getting caught every year. (Getting accurate stats on success rate is hard.)
    • Large-scale drug dealers are often operating in collusion with their govt, not in secrecy from it. You can google which countries are famous for this.
    • If you have the tech skills to sell drugs, you can probably start a more legal startup for the same ROI.
    • (But also, remember that my recommendation could be biased. Almost nobody is going to argue on clearnet under their real name why becoming a drug dealer is a good career path.)
    • (Also, I am talking strictly about dealing not manufacturing here. Read the story of Leonard Pickard, and the Rose of Paracelsus, if you want insider knowledge about manufacturing in more recent times.)
• Information
  • I was primarily interested in dead drops for smuggling information via SD cards, hard disks, etc.
  • This is useful in the rare circumstances where a government has successfully firewalled your entire country's internet from the rest of the world, and no VPN or other tactic can bypass it. Example: North Korean internet is firewalled this hard, and people have physically smuggled VCRs and mobile phones across the border. There's a low double-digit number of official IP addresses assigned to North Korea.
  • This is also useful in the circumstance that a govt successfully breaks Tor.
    • In practice, we don't have public evidence of a successful Tor deanonymisation attack by any govt.
    • In theory, it is possible for a govt to break Tor in two ways. The method that everyone discusses is that a govt could bribe/bully the Tor exit nodes until they get majority. The less known method is traffic analysis. If the number of packets and timing of packets of the sender and the receiver match, then a govt colluding with ISPs can trivially understand that these two people are talking to each other.
    • We know govts have successfully kept their capabilities hidden for many years, for example the whole NSA Prism stuff from Snowden leaks. Hence lack of evidence of attack does not significantly increase my probability of no attack capability.
    • See also: Internet anonymity without Tor

Here's some random dark web comment on how to setup a dead drop. onion link to this comment

It covers following steps:

• clean DNA
• avoid cameras and drones
• number of drop locations, time intervals to wait per drop
• airgapped GPS coordinates
• XMR laundering
• "controlled purchases" aka bait purchases made by law enforcement
• Also: You have to follow all the opsec guidelines for purchasing contraband over Tor, because the location of the dead drop is still being sent over some Tor chat app.

This is hard to execute correctly in practice

• The biggest reason this is hard is obviously the cameras. Camera surveillance is already pervasive across most urban cities of the world, that have a certain minimum standard of living that lets them purchase cameras. All major road highways are surveilled.
  • This is even increasingly true in villages. Villages also have high population density near their centre, and gossip information quickly. (Ofcourse some of this varies depending on country and geographic area.)
  • Side note: Gigapixel cameras, if popular, will increase surveillance coverage by a lot. The same goes for massive drone swarms (which AI could enable).
• Doing literally anything without your phone in your pocket is hard as of today.
• By default, you are not going to have a community publish guides for how to do this successfully.
  • Tails and Tor Project are willing to stick out their neck and provide recommendations and security for how to use Tor. This enables both drug dealing and political activists in parallel.
  • You will need a similar organisation willing to provide guidelines for dead drops, and update these guidelines with time.
  • When doing security, even one mistake is fatal. You should aspire to following a stress-tested guide, and not invent ad-hoc techniques.

I will stick my neck out a bit here and admit that I tried to set up dead drops too, but realised how difficult this would be in practice.

I currently think that for most circumstances, the probability that govts have successfully broken Tor and will use this capability to attack you specifically, is lower than the probability that you will be caught while attempting a hard disk dead drop.

Note that once govts tip their hand and use an attack, everyone else becomes aware that they did this attack. Parallel construction of evidence can only work so many times before the world finds out. Unless you are their highest value target (example: you're a nuclear spy from a foreign govt), it seems unlikely they'll use this capability on you.

Subscribe

Enter email or phone number to subscribe. You will receive atmost one update per month

Comment

Enter comment