Travel Bugs Within Travel Bugs - Pgp

[+li_kao]

I had an idea to combine two interests of mine: geocaching and cryptography. My initial idea was to have a travel bug with an attached, waterproof USB jump drive. This travel bug would be a normal travel bug to which people could add photos or whatnot. The second portion would involve including a PGP public key for the PGP TB on the jump drive, and should the finder of the original TB send a PGP encrypted email to me, then I would respond with the PGP TB's number (the copy tag and actual TB tag staying in my GC vault at home). It could perhaps be extended to have each "finder" of the PGP TB digitally sign the TB's public key to escalate its "trust" on the keyservers.

 

I've done a bit of searching on the forums here about the concept of a virtual travel bug, and all I've seen are horror stories about TB hijacking, etc. So now I'm incredibly wary of trying this concept as it seems the phrase "virtual travel bug" is now a four-letter word. But this seems to be a different concept entirely, so I come here for advice.

 

Is this sort of thing allowable? If so, is there any reason anyone would strongly advise against trying it?

 

Thanks in advance for the input.

[+ZackJones]

I don't think your idea will fly. If I'm following you correctly you can only obtain the 6-digit secret number by sending you a PGP signed email?

 

Now if you released the jump drive with your public key and attached the tracking tag with 6-digit number then I think it would be pretty cool. I'd probably consider getting my own PGP key just so I could send the email.

[+Munin]

Hehe - that's one of the cooler/geekier TB concepts I've ever seen!

 

I don't think you'd be running afoul of the "virtual TB" prohibition with this - there really would be a physical TB getting moved from cache to cache, and it really does have an official TB number. I'll skip past the obvious question of "aren't you worried that somone will just steal the jump drive?" - presumably you've already decided that the opportunity to try something unusual like this is worth the chance of losing a small-capacity/inexpensive flash drive.

 

Still, I suspect you might run into some practical considerations that could make this a bit of a maintenance headache for you. But hey, it's your head. I'll just lay out the scenario I'm envisioning:

• You drop the traditional+crypto TB pair off in Cache #1.
  
• Cacher "A" picks them up, logs the traditional TB, but doesn't grok PGP and doesn't email you or log the crypto TB. Drops them off in Cache #2.
  
• Now you've got the trad TB listed in Cache #2, but the crypto TB still listed in Cache #1.
  
• You go to the crypto TB's page, pick it up from Cache #1, go to the page for Cache #2, log a note and drop the crypto TB off in the proper cache.
  
• Cacher "B" picks them up, doesn't read whatever instruction sheets you've attached, sees just one TB dogtag. Logs the pickup for the trad TB, drops the pair off in Cache #3.
  
• Trad TB now listed in Cache #3, crypto TB still listed in Cache #2.
  
• You sigh deeply, log a pickup of the crypto TB from Cache #2, do a note/drop to put it in Cache #3.
  
• Cacher "C" picks them up, reads the instructions, gets the gist of things, but has been instructed by their 15-year-old geek child to never copy unknown files onto their computer. Cacher "C" logs the pickup of the trad TB, moves them along, logs the drop for the trad TB when they visit Cache #4.
  
• You take an Excedrin, log a pickup of the crypto TB from Cache #3, note/drop it into Cache #4.
  
• ...20 "fixups" later...
  
• ...it's 5 am, you haven't slept, and the Excedrin bottle's empty. You've just gotten the email that the trad TB has once again been picked up. You're already firing up your browser in preparation for another fixup for the crypto TB. You wait and wait, silently cursing the day you first stumbled across a cypherpunk website, wondering when this latest n00b is going to drop the danged trad bug so you can find out where you need to move its crypto companion. Suddenly, you get an email. It's ZackJones - who's persistant and fears neither alligators nor technology - he's got PGP installed, created his own keypair, and sent you a properly crypted message!
  
• You dance with joy, send a reply with the tracking number, and ecstatically promise to name your next child 'Zack' in honor of the event.
  
• Both TBs are succesfully dropped off at another cache. You get a good night's sleep for the first time in weeks.
  
• The next day, Cacher "X" picks up the TBs, can't figure out this PGP thing, but logs the trad TB into the next cache. You fire up the browser and start rummaging through the couch, hoping you might find a long-forgotten Excedrin behind one of the cushions.
  

So, the question I might ask is: would you still be enjoying your TB's journey if only a fraction of the people who find it end up having the technical know-how to properly log it? (Everyone's got their own threshold of pain-vs-fun, so maybe 1 success in 20 is all you need to make it worthwhile.)

 

Possible alternative: Put the dogtag on the jump drive, make it a regular TB as far as logging/tracking goes. But as a bonus/incentive/encouragement for the more tech-oriented cachers out there, if they get the key off the flash drive and send you a properly encrypted email, you photoshop their caching name onto a picture of a special award certificate, and mail it back to them. Encourage them to upload a copy of their award picture to the TB's gallery page. Now no special skills are needed for a cacher to log the crypto TB's movement, so you won't have to constantly hop in and do "fixups" to get it listed in the proper cache. But there's still a special reward/recognition for people who are able and willing to put in a little bit of extra effort, which might encourage more people to try and figure out how it works so they can get their name on a certificate in the gallery.

[+li_kao]

I don't think your idea will fly. If I'm following you correctly you can only obtain the 6-digit secret number by sending you a PGP signed email?

 

Now if you released the jump drive with your public key and attached the tracking tag with 6-digit number then I think it would be pretty cool. I'd probably consider getting my own PGP key just so I could send the email.

 

You've hit it on the head with the second part. There will be a jump drive with an honest-to-goodness TB tag attached to it. There will be another different honest-to-goodness real TB tag back at home with me that would be emailed out to anyone who sent to me an email encrypted with the public key on the jump drive attached to the first, physically present TB.

[+li_kao]

Hehe - that's one of the cooler/geekier TB concepts I've ever seen!

 

I don't think you'd be running afoul of the "virtual TB" prohibition with this - there really would be a physical TB getting moved from cache to cache, and it really does have an official TB number. I'll skip past the obvious question of "aren't you worried that somone will just steal the jump drive?" - presumably you've already decided that the opportunity to try something unusual like this is worth the chance of losing a small-capacity/inexpensive flash drive.

 

...

 

Possible alternative: Put the dogtag on the jump drive, make it a regular TB as far as logging/tracking goes. But as a bonus/incentive/encouragement for the more tech-oriented cachers out there, if they get the key off the flash drive and send you a properly encrypted email, you photoshop their caching name onto a picture of a special award certificate, and mail it back to them. Encourage them to upload a copy of their award picture to the TB's gallery page. Now no special skills are needed for a cacher to log the crypto TB's movement, so you won't have to constantly hop in and do "fixups" to get it listed in the proper cache. But there's still a special reward/recognition for people who are able and willing to put in a little bit of extra effort, which might encourage more people to try and figure out how it works so they can get their name on a certificate in the gallery.

 

The alternative you propose is closer to what I had in mind. There will always be a normal TB tag to the jump drive. The "bonus" TB tag number would be sent via email in response to an encrypted requested using the public key on the jump drive itself. That way people who didn't give a rat's posterior could just use it as a regular travel bug. However, you do present an interesting quandary, which is what do I do with the location of the "virtual TB" inside when the person doesn't bother with the whole pgp thing? Leave it where it last was (confusing people who never see it there), or move it to a TB limbo? Or does it simply get "grabbed" from the last person who bothered? Hmm. More thinking to do, but I think I'll give it a try. Any feedback on the above logistics would be apppreciated.

[+li_kao]

Errr, I mean ... right. The solution to that headache is something I'm looking for. I was still responding to a different response. So, umm, ignore most of that. But more thought about the maintenance possibilities would still be appreciated.

[+Munin]

Hehe - yeah, I was a little confused there too...thought there were two separate TBs that were tied together or something like that.

 

After the crypto part of the TB is dropped into a cache, I guess you could either move it to an unknown location or grab it yourself. Either way it'd remove the crypto half of the TB from the cache, so only the "normal" part shows up in the cache listing. And if a series of people move along the normal half of the TB without trying to do the PGP part, no harm done - the crypto part just stays unknown (or in your possesion) until the next techno-cacher comes along. Non-geeks end up logging/moving and getting credit for one TB, geek cachers get the bonus of logging two TBs for the "price" of moving one physical object. You've still got some extra maintenance work, but at least it'd only come up when somebody's logging the crypto half - that's probably a lot more manageable than having to intervene whenever someone doesn't log the crypto half. Seems feasible to my little ol' bird-brain.

[+ZackJones]

You've hit it on the head with the second part. There will be a jump drive with an honest-to-goodness TB tag attached to it. There will be another different honest-to-goodness real TB tag back at home with me that would be emailed out to anyone who sent to me an email encrypted with the public key on the jump drive attached to the first, physically present TB.

 

Munin: Too funny, yo have a vivid imagination

 

Perhaps the way folks could log the 2nd TB would be to use the grab option. One problem with this is after I grab it from Munin it would stay in my inventory until someone grabbed it from me

[Ferreter5]

Perhaps the way folks could log the 2nd TB would be to use the grab option. One problem with this is after I grab it from Munin it would stay in my inventory until someone grabbed it from me

The owner could grab it back shortly afterward so it'd spend most of its time in the owner's inventory.

 

That's what I do with the travel bug attached to my dog's backpacks. If you meet my dog you can log the travel bug by grabbing it from me, then I'll grab it back from you.

[+Rich the Bushwhacker]

Do you think this Jump Drive can withstand the moisture and freeze cycles of a cache? Even if waterproof, weeks of sitting in an inch of periodically frozen water may be more than it can handle.

 

As long as it's a inexpensive one, I'd still give it a try. Don't expect many people to know or be willing to try PGP encryption though.

[+li_kao]

Do you think this Jump Drive can withstand the moisture and freeze cycles of a cache? Even if waterproof, weeks of sitting in an inch of periodically frozen water may be more than it can handle.

 

As long as it's a inexpensive one, I'd still give it a try. Don't expect many people to know or be willing to try PGP encryption though.

 

I really don't know what it will withstand. I'll provide a dry-bag container for it (I'm a diver), and am willing to find out. At the very least, I will have collected data to share with anyone else who might be as foolhardy as I.

 

I don't really expect too many people to be terribly interested in the pgp thing, but anyone who is interested, or already in the know, should find it an entertaining TB to find, eh? Also, I think I have a scheme for making it incredibly easy for them should they want to do it.

[+Munin]

Munin: Too funny, yo have a vivid imagination

Sometimes ya just gotta have fun. Even in the forums!

 

The owner could grab it back shortly afterward so it'd spend most of its time in the owner's inventory.

Yep, that's what I was envisioning. (Either that using the 'Mark bug missing' option - that'll make it show up as being in an 'Unknown' location rather than being anywhere specific.)

 

So now the storyline would go something like:

• li_kao drops TB off in Cache #1, and logs both tags into the starting cache, then logs the crypto tag back out.
  
• The crypto TB now resides in li_kao's inventory, and only the traditional tag shows up in the cache listing.
  
• Cachers "A", "B", "C", etc move the TB along to new caches. For whatever reason, they don't/can't do the crypto part, so they just log the non-crypto TB tag in and out of caches. No problem, just hitches along like a regular TB.
  
• Eventually ZackJones meets up with the TB, decides the crypto part sounds like fun, and sends li_kao the email. li_kao sends back the crypto TB info, ZackJones uses it to grab the TB. Later on, ZackJones drops the TB off at a new cache, and logs both tags into the cache.
  
• li_kao gets the two emails (one for the trad tag, one for the crypto tag) saying the TB was dropped off, and grabs the crypto tag back from the cache.
  
• Time passes, other cachers move the TB along using the traditional tag. Again, no problems or confusion, no extra work for li_kao. Non-cyphercachers just keep logging the regular tag in and out, and the crypto tag hangs out in li_kao's inventory.
  
• TB meets up with Ferreter5, who also thinks the crypto sounds neat, exchanges emails with li_kao, and later logs both tags into another cache.
  
• li_kao gets the TB emails about the dropoff, and grabs the crypto tag back out of the cache.
  
• ...and so on and so forth...maybe someday it even reaches me!
  

I think it's a neat idea - it'd be interesting to watch the logs/maps to see what the journey looks like from a "plaintext vs crypto" perspective.

[+li_kao]

Perhaps the way folks could log the 2nd TB would be to use the grab option. One problem with this is after I grab it from Munin it would stay in my inventory until someone grabbed it from me

The owner could grab it back shortly afterward so it'd spend most of its time in the owner's inventory.

 

That's what I do with the travel bug attached to my dog's backpacks. If you meet my dog you can log the travel bug by grabbing it from me, then I'll grab it back from you.

 

That sounds like a pretty workable plan. I guess that TB grabs don't accumulate mileage, but I'm not overly interested in that for this TB anyway. I think it'd be niftier for it to accumulate PGP key trust signings.

 

I should TB tag my dogs. They go with me half the time anyway!