There are quite a few holes in the scheme as outlined in the article. The author asserts that dead drops are better than post office boxes because they're harder to surveil, but what keeps law enforcement from signing up their own personnel as distributors? Then it's just a matter of staking out their own dead drop and arresting whoever shows up. This is why the first rule of opsec has always been, "Involve as few people as possible." You can't improve security by adding more people to the loop.
The best way to do this is probably for the 'salesperson' to drive to an isolated area and chuck packages into the bushes at random intervals. The packages then send their GPS locations to a LoRaWAN gateway somewhere, to which their buyers have been sold access tokens. LE can still infiltrate the organization in the sales role, but with more difficulty. Adding an extra distribution layer with fixed dead-drop locations just seems pointless.
It's not just the cops that will be surveilling a dead drop.
You don't think a heroin addict who couldn't come up with the money for their next buy isn't going to go check every dead drop they ever bought at on the off chance that there is something there?
I mean, just thinking of the old espionage meaning of dead drop, if you have dead drops or safe houses or secret meeting locations that you could only use once a year, to avoid patterns, then researching them would become tremendously expensive. A full time job, really, probably for several people (and someone in logistics managing them all). I can't see how that'd be much different for criminals, and how do you make a profit at that? At least in the espionage case, you would have been State sponsored. You don't have to make money.
great observations. but as for “how do you make a profit at that?” I’m pretty sure it gets priced into the (expensive) product. That premium might be too high for retail, then this gets used for lower frequency, higher quantity and higher trust transactions.
I think law enforcement spending all that money to catch consumers is very unlikely, it's the wrong end of the stick. Not to mention once its known they are cops, they'd have to try and reestablish themselves. Doesn't seem too effective to me. If anything it would help create kingpins because certain places would have a good reputation and newcomers would be avoided.
The interesting thing about dead drops is that they are asymmetric, because whoever chooses the dead drop location has first-mover advantage. So, they are harder to surveil for an outsider, but easier for an insider - who can also involve third parties in a distributed way, similar to how the exchanges themselves happen. The article gets into this when it discusses how sellers might adapt to the possibility of a middle-man stealing from the dead-drop, or a supplier surveiling them.
> what keeps law enforcement from signing up their own personnel as distributors?
This only catches the end users, and that's not a great use of police resources. The police would much rather target the distributors, not the end users picking up a small amount of drugs for personal use.
It's plausible that the beacon need not be directly co-located with the drop, but be near enough. It should also be possible to re-use them for some time. I would imagine that the actual cost overhead would really only be $20 - $30 per active dead-drop location + some percentage for lost or damaged beacons.
The best way to do this is probably for the 'salesperson' to drive to an isolated area and chuck packages into the bushes at random intervals. The packages then send their GPS locations to a LoRaWAN gateway somewhere, to which their buyers have been sold access tokens. LE can still infiltrate the organization in the sales role, but with more difficulty. Adding an extra distribution layer with fixed dead-drop locations just seems pointless.