Daniel sent us this one — and it's one of those questions that sounds simple until you actually sit with it. The dead drop. The hollowed-out rock, the taped USB stick under a park bench, the locker at the train station. It's the most cinematic thing in espionage. But we now live in a world where anyone can use Signal, where Tor exists, where end-to-end encryption is built into apps your grandmother uses. So the question is: why would an intelligence operative — or a cartel boss, or anyone running a covert operation — still use a physical dead drop in 2026? What does a dead drop give you that an encrypted message doesn't?
The question lands at a really interesting moment, because just last year we saw the takedown of a major European drug cartel's dead drop network. These weren't relics — they were running a sophisticated system of physical exchanges across multiple countries. So the assumption that encryption killed the dead drop is not just wrong — it's backwards. Physical tradecraft is evolving alongside digital surveillance, not being replaced by it.
Which is the kind of paradox that makes this worth an episode. So here's how we'll approach it. We're going to look at three buckets of reasons why dead drops persist: forensic avoidance, operational security, and human fallibility. Then we'll look at how the surveillance state has actually made dead drops more relevant, not less. And we'll wrap up with what this tradecraft means for people who aren't spies — journalists, activists, lawyers, anyone handling sensitive material.
Let's start with the obvious question. If encryption is so good — and we've spent a lot of time on this show establishing that it is — why risk physical contact at all? Why not just send an encrypted file?
And that question contains the whole answer, if you know where to look. Encryption solves the confidentiality problem. It scrambles the content so nobody can read it. But what it doesn't solve is everything around the content. Who's talking to whom.
Metadata is where you get caught. I've been reading through the 2024 Snowden archive leak — there was a follow-on release that didn't get as much attention as the original — and it revealed a GCHQ program called TEMPEST-2. The whole purpose of this program was to correlate encrypted message timestamps across multiple targets. They don't need to read your messages. They just need to see that Alice sent something at 2:14 PM and Bob received something at 2:14 PM, and that pattern repeats. Once you've got that correlation, you've identified a covert communication network without ever breaking a single cipher.
The encryption worked perfectly, and they still got caught by the shape of the silence.
The signal of signals. And a dead drop eliminates that entire category of surveillance. There is no cell tower ping. No IP log. No timing correlation. No digital exhaust of any kind. One person deposits a physical object. Another person retrieves it hours or days later. The two events are not digitally connected in any way that a surveillance system can correlate.
It's not just timing. It's location too. If I send you an encrypted message, my phone has to connect to a network. That network knows where I am, or at least which cell tower I'm near. With a dead drop, I can deposit something at 3 AM in a park with no cameras, and you can retrieve it at noon in a crowd. The where and the when are completely decoupled.
There's a 2025 case that illustrates this perfectly. The arrest of a Russian sleeper agent in Vienna. This agent was using a dead drop that involved chemically treated paper — the document would dissolve in about thirty seconds if exposed to air. The recipient had to photograph it immediately or lose it. The BVT, Austria's domestic intelligence service, eventually caught him through physical surveillance — they had to watch the drop site — but they got zero digital forensics from the operation. No messages to intercept. No metadata to analyze. The only reason they even found the drop site was because they followed the agent there.
That's a physical self-destruct that no encrypted file can match. Once a file is copied, it's copied forever. You can't make bits dissolve.
That gets at something deeper. An encrypted file can be seized, copied, and stored indefinitely. Maybe you can't decrypt it today, but what about in five years? What about when quantum decryption matures? The NSA has been very public about their "harvest now, decrypt later" strategy — they're stockpiling encrypted traffic specifically because they expect to break it eventually. A physical dead drop with a chemical timer doesn't give you that option.
Encryption handles the content, but what about everything around the content? That's where the dead drop comes back in. The metadata problem alone is reason enough to keep physical tradecraft alive.
There's a second layer here that most coverage misses. Dead drops aren't just about avoiding digital trails. Sometimes you need to move things that can't be turned into bits.
Right — cash, weapons, forged documents, chemical precursors, SIM cards, hardware implants. You cannot encrypt a brick of hundred-dollar bills. You cannot send a passport through Signal. At some point, physical objects have to move through physical space.
The 2025 Cartel de Sinaloa trial in Texas revealed the scale of this. The cartel was running a dead drop network across the US-Mexico border using abandoned oil drums. Each drum contained roughly five hundred thousand dollars in cash and a burner phone. The phone was there for one purpose — to send a single text message to a prearranged number saying which drum had been filled. That text contained no location data, no names, nothing incriminating. Just a drum number. The actual transfer — half a million dollars in physical currency — happened entirely offline.
The one digital element was stripped down to the absolute minimum. A drum number. That's it. Everything else was physical.
Here's where it gets clever. The burner phone wasn't used for coordination — it was used for confirmation. The coordination happened through the dead drop network itself. The schedule, the locations, the drum assignments — all of that was communicated through previous dead drops. So even if law enforcement seized the phone and cracked it, they'd get a single number and nothing else.
Which is a perfect example of what intelligence analysts call compartmentalization. Each piece of the operation only knows what it absolutely needs to know. The phone knows the drum number. The drum knows the cash. The courier knows the route. Nobody knows the whole picture.
That brings us to one of the most important documents to surface in recent years — the CIA's 2025 field manual, which leaked through DCLeaks. It describes something called the three-two-one dead drop protocol. Three potential sites are identified in advance. Two are confirmed as active through a separate signal — usually a public key signed message posted somewhere innocuous, like a classified ad or a forum comment. One is actually used. The choice of which one is made at the last possible moment, and it's communicated through that same public key signature.
An observer would see three possible locations, two confirmations, and one actual exchange — and even if they're watching all three sites, they don't know which one matters until the exchange has already happened.
The confirmations themselves are designed to look random. The manual specifies using a cryptographic signature that only the recipient can verify, but that looks like noise to anyone else. You could post it on a public forum and nobody would recognize it as a signal.
The three-two-one protocol is elegant because it forces surveillance to cover three sites instead of one. That triples the resource cost. If you're running a network of twenty drops, suddenly the adversary needs to cover sixty locations. That's not feasible even for a well-resourced intelligence agency.
Let's talk about the air gap advantage, because this connects to something we've discussed before in a different context. A dead drop creates a physical air gap between the source and the recipient. No digital connection exists between them. That means no remote compromise is possible.
We saw exactly why this matters with the SolarWinds follow-on investigation in 2024. The attackers — widely attributed to a Russian intelligence unit — needed to exfiltrate data from air-gapped networks. Networks that weren't connected to the internet at all. They physically walked out USB drives. Dead drops in parking lots, restaurant bathrooms, hotel lobbies. The most sophisticated cyber operation in recent history still ended with someone putting a USB stick under a park bench.
The SolarWinds two-point-oh investigation, as it was called, found that the exfiltration phase relied entirely on physical tradecraft. The attackers had compromised the digital infrastructure brilliantly, but they couldn't make the data teleport. Bits are abstract, but storage media are physical objects that obey the laws of physics.
There's something almost reassuring about that. All that code, all that sophistication, and the final step is still a person putting a thing somewhere for another person to pick up.
It's the persistence of the physical. And it points to a principle that the intelligence community understands deeply: every digital operation eventually terminates in a physical action. Someone has to touch something. A dead drop is just the recognition of that reality.
Let's shift to the human factors, because this is where the tradecraft gets really interesting. Dead drops allow for asynchronous, anonymous handoffs without face-to-face meetings. That protects against surveillance, obviously, but it also protects against something else — betrayal.
The Moscow Rules. These are still taught at Camp Peary, the CIA's training facility in Virginia. One of them is: "Dead drops are safer than live drops. Use them even when you don't think you need to." The logic is straightforward — if two agents never meet, a compromised agent cannot identify the other. They can describe a location, but they can't describe a face they never saw.
In an era where facial recognition is everywhere, not having a face to recognize becomes a genuine operational advantage.
There was a remarkable case in Berlin in 2024 — the Berlin Bench case. The BfV, Germany's domestic intelligence agency, intercepted a dead drop where a Chinese agent deposited a microSD card inside a hollowed-out bolt on a park bench. The bolt had been machined to look identical to the other bolts on the bench. The BfV found it, removed the card, and replaced it with a card containing a tracking beacon. They then watched to see who picked it up.
This is something you could never do with a digital file transfer. You cannot intercept an encrypted Signal message, swap the contents, and send it on its way. The encryption prevents that. But with a physical object, the object itself is vulnerable to tampering.
Which is why modern dead drops incorporate anti-tampering measures that are genuinely sophisticated. The chemically treated paper in Vienna is one example. But there are others. Some operatives use pressure-sensitive containers that destroy the contents if opened incorrectly. Others use GPS spoofing — they'll place a decoy drop at one location while the real drop is somewhere else, and the GPS coordinates in any surveillance report will point to the wrong place.
GPS spoofing for dead drops. That's a sentence I didn't expect to say today.
The 2025 Moscow Metro network took this even further. Russian FSB officers were using pre-programmed drones to deposit and retrieve packages from subway tunnel maintenance alcoves. No human being ever visited the drop site. The drone would fly into the tunnel during maintenance hours, deposit a package in a specific alcove, and a different drone would retrieve it hours later. Fully automated dead drop system.
Now we've got drones doing brush passes in subway tunnels. The tradecraft is evolving faster than the surveillance.
That's the thing — you might think that more surveillance would kill the dead drop. In practice, it's done the opposite. It's forced tradecraft to evolve.
Let's talk about that, because it's the counterintuitive heart of this whole topic. Cities are more surveilled than ever. London has something like six hundred thousand CCTV cameras. Automatic number plate recognition is everywhere. Cell-site simulators — Stingrays — can track phones in real time. You'd think this would make physical dead drops impossible. But what it's actually done is make operatives smarter about where and when they operate.
The 2026 London Drops investigation by MI5 found exactly this pattern. Operatives were deliberately using construction sites for dead drops. Because construction sites have temporary fencing, scaffolding, and constantly changing layouts that create surveillance gaps. A camera that had coverage yesterday might be blocked by a new stack of materials today. The temporary nature of construction sites makes them inherently hard to surveil consistently.
That's brilliant. They're exploiting the fact that the surveillance infrastructure itself has maintenance cycles and coverage gaps.
They're also exploiting the fact that CCTV footage is rarely reviewed in real time. Most of it is recorded and stored, and only pulled if something triggers an investigation. If your dead drop looks boring — if you're just someone sitting on a bench, then getting up and walking away — nobody is going to flag that footage for review. By the time anyone looks at it, the drop is long since completed.
The surveillance state creates a false sense of security for the surveillors. They think they're seeing everything, but they're actually seeing a firehose of boring footage, and the interesting signal is buried in the noise.
Operatives are getting better at being boring. The modern dead drop doesn't look like a spy movie. It looks like someone tying their shoe, or checking their phone, or sitting on a bench eating a sandwich. The physical action is designed to be indistinguishable from normal urban behavior.
The banality of espionage.
The best dead drop is the one that, even if you're watching the footage, you don't recognize as a dead drop. It's just another person in a city doing something unremarkable.
There's another dimension to this that we haven't touched yet, and it's about what happens when things go wrong. Digital communication fails in predictable ways — messages get intercepted, servers get seized, accounts get compromised. But a dead drop can fail in ways that actually protect the operation.
If a dead drop is discovered, what does the discoverer have? A physical object in a location. They don't know who put it there. They don't know who was supposed to pick it up. They don't know when the pickup was scheduled. They have an object and a place, and nothing else. The compartmentalization we talked about earlier means that even a compromised drop reveals almost nothing about the network.
Compare that to a compromised Signal account. If someone gets access to your Signal, they can see your contact list, your group memberships, your message history. Even if the messages are encrypted at rest, the metadata — who you talk to, how often, in what groups — is devastating.
The Berlin Bench case actually proves this point. The BfV found the drop, replaced the card, and tracked the recipient. But they still didn't know who deposited the original card. They had to stake out the bench and wait. And if the original depositor had used proper countersurveillance, they might have detected the stakeout and aborted the operation. The BfV got lucky.
Even a successful interception of a dead drop doesn't necessarily roll up the network. It might get you one recipient, but the source remains unknown.
Let's address a misconception that I think a lot of people carry around. The idea that dead drops are low-tech and therefore easily surveilled. This is completely wrong. Modern dead drops use sophisticated anti-forensic measures — chemical timers, tamper-evident containers, drone delivery, surveillance gap analysis, decoy drops, GPS spoofing. These are not amateurs leaving things under rocks. These are professionals using physical tradecraft that is just as sophisticated as any digital operation.
It's the difference between a dead drop and just hiding something. Anyone can hide something. A dead drop is a system — it has protocols, contingencies, abort procedures, and anti-surveillance measures built in.
Another misconception: that only spies use dead drops. The Cartel de Sinaloa case proves otherwise. Human traffickers use them. Arms dealers use them. And increasingly, journalists and activists are using dead drop techniques for physical items that cannot be digitized — documents, storage devices, evidence that needs to be physically transferred without creating a digital trail.
There's a whole category of people who aren't spies but who handle material that could get someone killed if it fell into the wrong hands. For them, the dead drop isn't a spy trope — it's a survival mechanism.
I want to pull on a thread that connects back to something we've discussed before. The metadata problem. We've established that metadata is often more revealing than content. A dead drop eliminates metadata entirely for the transfer itself. But what about the coordination? How do you arrange a dead drop without creating metadata?
That's where the tradecraft gets recursive. You arrange the next dead drop at the current dead drop. The instructions for drop number two are inside the package retrieved from drop number one. Each exchange contains the coordinates for the next exchange. There's no digital coordination at all.
It's a chain of physical trust. Each link only knows about the next link. And if any link is compromised, the chain breaks in a way that doesn't expose the other links.
This is essentially the same principle as a one-time pad, but applied to physical logistics. Each message contains the key for the next message, and no key is ever reused.
If you need to communicate something urgent — like an abort signal — you use a prearranged signal that doesn't look like a signal. A chalk mark on a specific wall. A specific item in a specific shop window. A classified ad with a specific phrase. These are called "signal sites" in tradecraft, and they're often used in conjunction with dead drops. The signal site says "the drop is hot" or "the drop is clear" without anyone ever having to send a message.
The chalk mark on the wall. It's almost absurdly low-tech, and yet it's still in use because it works. You can't hack a chalk mark.
You can — but you'd have to physically be there to erase it or alter it, which means you'd have to know where it is and what it means. And that's the whole point. The security isn't in the technology. It's in the obscurity of the location and the meaning.
Where does this leave us? We've got a world of ubiquitous encryption, and yet dead drops are not just surviving — they're evolving. Drones in subway tunnels. Chemically dissolving paper. Three-two-one protocols with cryptographic signatures. The physical and the digital are merging into a hybrid tradecraft that's more sophisticated than either approach alone.
I think that's the key insight. Dead drops are not a failure of encryption. They're not a retreat from digital security. They're a complementary layer. Encryption protects the content. Dead drops protect the metadata, the attribution, and the physical transfer of non-digital items. You need both.
The spy of 2030 is going to carry a USB stick in a hollowed-out rock, not because they can't use Signal, but because Signal alone isn't enough.
Let's translate this into something practical. What does spy tradecraft mean for someone who isn't a spy? Because the principles here apply to anyone handling sensitive material — journalists, lawyers, activists, whistleblowers.
The first actionable insight is this: digital encryption is necessary but not sufficient. The metadata of your communication is often more revealing than the content. If you're a journalist talking to a source, the fact that you communicated at all — when, for how long, from where — can be more damaging than what you said. Physical tradecraft eliminates entire categories of digital surveillance.
Meeting in person. Using dead drops for physical items. These aren't paranoid fantasies — they're operational security measures that address real vulnerabilities in digital communication.
The second insight is what I'd call the dead drop mindset. You can apply dead drop principles to digital security. Use delayed delivery. Use anonymous drop boxes like SecureDrop. Use dead man's switch services that release data only if you fail to check in. These mimic the operational security of physical drops — no direct communication, no timing correlation, no metadata linkage between source and recipient.
SecureDrop is a great example. It's essentially a digital dead drop. A source uploads documents to a server. A journalist downloads them. The source and the journalist never communicate directly. The server doesn't log IP addresses. There's no metadata connecting them. It's the same principle as the park bench, just implemented in software.
If you're handling truly sensitive material — the kind of thing where exposure could have serious consequences — consider a digital dead drop using a one-time-use encrypted container. Something like a VeraCrypt volume placed on a public server, or shared via OnionShare. The recipient downloads it without you ever communicating directly. No timing correlation. No digital trail connecting the two of you.
OnionShare is particularly elegant for this. It creates a temporary onion service that only exists while you're sharing the file. The recipient connects through Tor. Once the file is downloaded, the service disappears. There's no server to seize, no logs to subpoena. It's as close to a physical dead drop as you can get in the digital world.
The principle is the same: decouple the sender from the recipient. Break the metadata chain. Make it impossible to prove that the two parties ever interacted.
One more practical point. If you're using physical dead drops — and some people need to — the tradecraft matters. Don't use the same location twice. Don't establish patterns. Vary your timing. The operational security of a dead drop depends entirely on the discipline of the people using it.
The three-two-one protocol scales down. Even if you're just passing a USB stick to a colleague, having multiple potential locations and confirming the active one through a separate channel adds a meaningful layer of security.
Let's zoom out and think about where this is all heading. The 2026 NSA whitepaper on post-quantum tradecraft — and I should note this is an unclassified summary, not the full thing — suggests that physical operations will increase as digital surveillance becomes too cheap and too effective. When AI-driven surveillance can monitor every digital communication in real time, the only way to avoid detection is to not communicate digitally at all.
We might see a resurgence of low-tech tradecraft — dead drops, brush passes, dead-letter boxes — not because encryption is broken, but because digital surveillance has become so comprehensive that any digital communication, no matter how well encrypted, creates metadata that can be analyzed.
AI makes this worse. Machine learning models can sift through millions of hours of CCTV footage, billions of network logs, trillions of metadata records. They can find patterns that human analysts would never notice. In that environment, a physical dead drop — which generates no digital record at all — becomes more valuable, not less.
The arms race between surveillance and tradecraft is asymmetrical. Surveillance gets better at analyzing digital data. Tradecraft responds by moving off the digital grid entirely. It's a cycle, and we're entering a phase where the physical is making a comeback.
There's something almost cyclical about it. Spycraft in the 1950s was entirely physical — dead drops, brush passes, microfilm, one-time pads on paper. Then we had the digital revolution, and everything moved to encrypted communications. Now the digital environment is so heavily monitored that the pendulum is swinging back toward physical tradecraft. But it's not a return to the 1950s — it's a synthesis. Modern physical tradecraft uses digital tools for coordination and physical tools for transfer.
The drone in the Moscow subway tunnel is the perfect symbol of this. It's a physical operation enabled by digital technology. The drone is programmed digitally, but the package it carries is physical, and the transfer happens in physical space.
That's where I think we're heading. The spy of 2030 won't choose between digital and physical. They'll use both, in layers, with each layer compensating for the vulnerabilities of the other.
The dead drop isn't a relic. It's a response to a world where digital surveillance has become so pervasive that the only way to be invisible is to not be digital at all. The hollowed-out rock is more relevant in 2026 than it was in 1966.
That's a surprising conclusion. When Daniel sent this prompt, I think the assumption most people would make is that dead drops are obsolete. Why risk physical exposure when you can send an encrypted message from anywhere? But once you understand the metadata problem, the attribution problem, and the physical transfer problem, the answer flips. Dead drops aren't obsolete. They're essential.
Encryption is a solved problem. Confidentiality is a solved problem. Everything around confidentiality — the metadata, the attribution, the physical transfer of non-digital items — those are not solved problems. And dead drops address all of them.
What's the one thing listeners should take away from this? If you're relying solely on encryption for your security, you're protecting the content but exposing everything else. The fact that you communicated, when you communicated, from where, with whom, how often — all of that is visible to anyone with access to the network metadata. A dead drop, physical or digital, eliminates that exposure.
The dead drop mindset — decoupling sender from recipient, breaking metadata chains, using asynchronous anonymous transfers — applies to digital security just as much as physical security. You don't need to hollow out a rock. You just need to think like someone who would.
The question that I'm left with — and I think this is the open question for the next few years — is whether quantum computing and AI-driven surveillance will make dead drops more common or less common. The NSA whitepaper suggests more common. But there's a counterargument: as AI gets better at analyzing physical surveillance footage, maybe even physical dead drops become detectable at scale.
That's the next turn of the arms race. Right now, AI can analyze CCTV footage, but it's not good enough to reliably spot a dead drop in real time across a city of millions. But it's getting better. And when it gets good enough, the tradecraft will evolve again. Maybe dead drops will move to places with no cameras at all — rural areas, underground, underwater. The principle remains the same even as the methods change.
The cat-and-mouse game never ends. It just changes terrain.
With that, I think we've earned our transition to something completely unrelated.
Now: Hilbert's daily fun fact.
Hilbert: In the 1920s, a French mycologist calculated that if you unfolded all the fungal mycelium in a single cubic centimeter of soil from a Djiboutian acacia grove, it would stretch roughly the length of a cricket pitch — about twenty-two yards. He described this as "the quietest textile on earth.
The quietest textile on earth.
I have so many questions about the units chosen there.
Next week on My Weird Prompts, Episode 202: The Secret Life of SIM Cards — How Burner Phones Actually Work, and Don't Work. We'll dig into the forensic reality behind the Hollywood trope. Because it turns out buying a prepaid phone with cash is not nearly as anonymous as the movies would have you believe.
This has been My Weird Prompts. We're at myweirdprompts.com, where you can find every episode and sign up for the newsletter. If you enjoyed this one, leave us a review wherever you get your podcasts — it helps.
Thanks to our producer Hilbert Flumingtop. We'll be back next week.
