I have been thinking about this idea of transfering the dead drop idea into the digital world further and the result is: The dead drop messenger and the dead drop API Server.
While I have just released the Version 0.1 not all of the desired features are complete or completely tested jet. But I do want to collect early feedback, to make it even better.
Messenger Client
The client messenger looks and works similar to other common messengers as well. The main difference is, that this messenger does not push messages. That has a simple reason: The server does not know who and where you are. Therefore, it can not push a message to you. This is probably not as convenient but much more secure in terms of keeping anonymity.
The messenger can send and receive text messages and files. However, the current Version supports text messages only but file exchange will be extended soon.
The messenger will be available in native versions for Windows, Android, MacOS and iOS.
Dead Drop Server
The Server API is offering to store data in a virtual dead drop. A drop has severasl properties. These properties can be configured, because different scenarios might require different security options.
A client must authenticate itself only on a technical level similar to the idea of certificates. A Persons identity is not necessary and no meta data will be stored.
General properties for a drop are the number of messages that fit into the drop and the duration a message can stay in the drop.
Drop Types
There are 5 Types of Drops that are possible:
- A PUBLIC_BULLETIN is intended to be a public chat. While the addresses of this type can be published, it is not a real dead drop. In Bulletins anyone can write and read, but only the drop creator can delete messages or the drop.
- A PUBLIC_DISPLAY is like a bulletin where only the creator or members the creator defines can write, but anyone can read.
- The HIDDEN_DROP comes closest to the classic physical dead drop. Its coordinates are not published. The creator can share the coordinates to whom he wants. Everyone, that knows this coordinate can read and write into this drop.
- A PRIVATE_DROP is a hidden drop in a secured area. It could be compared with a dead drop in a safe deposit box.
Only invited clients have access to these drops. It is not enough to know the coordinates. The creator can share invites. In these invites he can also configured the rights of the invited client. These rights could be Read only, read and write or read, write and invite. - The PRIVATE_SECURE_DROP is exactly like the private drop, but adds on an end to end encryption of the messages that are placed into the drop.
In the first Version only the HIDDEN_DROP is available