Monday, July 29, 2013

DDD - Digital Dead Drop

I wrote this program a while back. In light of the recent NSA and Snowden news, I thought it interesting enough to put up here. I wanted to see what people thought of the concept and hopefully someone with better programming skills could clean up the concept and make it safer for general consumption.



The thought occurred to me while reading the Ender's Game series (namely the Shadow series) which involved a lot of covert communication on part of the characters. One of the methods used, the characters would send messaged to private dead drops for later retrieval. At the time I became very interested in secure communications and set up my own private OpenVPN server. Since I developed this, much of the communication was "taken care of" from a security standpoint. My user base was limited to myself, so I didn't concern myself with cleaning up the code to avoid injection attacks and the like. I submit this code with the hopes that people realize my perspective with developing it, just having fun with a concept.

The interface is exceptionally simple, as I wanted to use it mostly from my phone (which I connect to my vpn). This allowed me to quickly enter random thoughts on the bus or while out and about. without using commercially available options or something stored locally on my phone. This made the text safely tucked away on a secured and backed up server.


The submitted text provides a response showing the message and IP address submitted (this is not checked from the server side, as a lot of things in this, it was assumed)

My sshing into the server the messages can be watched in real time by following the file with tail.


To accomplish this, I used Python 2.7 and the Twisted library. I generated my own SSL certificates (which might have been unnecessary for the scope of the project as the traffic is already encrypted over the vpn but provided insight in the process)

This was my first project involving web/ssl and python together.


The source code for the project can be found at my github repo HERE.

I would appreciate any feedback with the knowledge that I never meant for this to see anyone's eyes but my own and have tried to remove any "sensitive" info I may have accidentally left in during testing.