Silk Road forums
Discussion => Shipping => Topic started by: MissNatural on August 31, 2013, 03:22 am
-
This has dawned on me before, but I brushed it off....thinking about it though, with international packages I have received, the USPS receives all sorts of tracking numbers from hundreds of different countries, all with different formats, prefixes, letter/number combinations, etc.....I rationalize there cannot be THAT much cross country communication with every postal system in the world, it would mean so many delays in packaging if these hundreds of systems had to intercommunicate. So what is a simple solution? Allow packages to be tracked with very simple numbers on barcodes. That way all of the systems can accept packages from all the other systems by simply scanning whatever number is used to track that package.
So I started thinking about it... what if the USPS tracking system IS as simple as it seems? They scan barcodes that only carry number data, nothing else, and data from the scanning device is attached to that number onto the USPS website. So, what if a person were to get the picture format of a label 400 tracking label, and simply use a bar code generator to forge his own, and print the stickers/labels out?
Surely it can't be that easy? The only concern would be that the number would have to be one that has not been used before....but finding that out won't be hard. With the incredible length of USPS tracking numbers.... they're like 16+ digits right?
This would be incredibly easy to test out, really. Get a barcode generator and a label 400 template, put it all in photoshop, print, and attach to a test package and send it. If the logic above is correct it should register in the USPS system just fine......and if so... this is an amazing step forward for vendors as all vendors will be able to have tracking on their packages at no risk at all.
If USPS tracking codes are usually 16 random numbers, then you're talking about 1,000,000,000,000,000,000. That's over one sextillion possible number combinations. More than enough for our purposes, and for a billion more years.....The tracking numbers would have to be checked to make sure they haven't been used before.
Perhaps somebody could make a simple website that generates random tracking numbers and printable labels and simultaneously checks them to see if they have been used yet. It could also keep track of which ones are distributed to avoid redistributing out old ones that just haven't been activated yet, but this latter idea might pose a risk to buyers, so it's really not needed too badly. What do you guys think? I am going to try this ASAP with a bar code generator. Any one else?
I would love to hear input.... I am serously curious on whether or not this will work. I think it will... as long as the prefixes are correct for the tracking numbers.
-
except the only people using random barcodes in ranges they havent issued yet will be drugdealers.
-
I don't think that's a very on-base assumption. Do you think there is gonna be some alarm set off when a barcode gets scanned that wasn't official issued? It is very easy to generate numbers that fall within the range of the current issued numbers, or a little bit after them at least.
I do not think they have a system that is rigerously checking the validity of every scanned barcode. International tracking numbers come to mind primarily. The only way we will find out is if we print up our own tracking numbers and use them on some packages. If they work... then great! If they don't, then what's the harm? Just slap some fake tracking stickers on empty packages sent to random houses and see if that tracking number gets put into the system.
Because lets face it, the USPS isn't really a highly funded system... so with that notion I highly doubt they have sophisticated software monitoring and keeping in check every single tracking number in the globe.
-
Put simply. I wouldn't have thought so. Unless the designers of the system were morons. For the same reason I can't just slap a new barcode on a item in a shop and get it for a huge discount. Keeping track of huge numbers of items is something computers are very good it. Each unique barcode number will have all kinds of information about the package attached to it. Origin, destination, where it has been processed and presumably where the tracking was PURCHASED. If a barcode not put into the system legitimately is scanned its just going to say 'not recognised' or something. Also I'm not sure how you propose finding out which numbers aren't in use already.
Having said that it might be worth a try. Although I think there would be a danger of it causing a red flag to be attached to the package without you realising
-
.
Perhaps somebody could make a simple website that generates random tracking numbers and printable labels and simultaneously checks them to see if they have been used yet. It could also keep track of which ones are distributed to avoid redistributing out old ones that just haven't been activated yet
But who will bell the cat?
"Perhaps someone could make a website that gives me free tracking numbers"
-
Sorry had to post once more to hit 500.... I take your point about international numbers, but surely when an international package passes through customs, its number is introduced to the domestic system. I'm pretty sure that the domestic system will only accept numbers that have been introduced to it legitimately. Otherwise people could get free postage really easily. I'm sure they would have included failsafes to prevent fraudulent reduction of their income stream.
Shit you could be right, I guess its worth a try....
-
That thing you mentioned about not being able to slap a new barcode on an item and get a discount.... you are wrong. You CAN do that. That is the wonder of the industry of counterfeit coupons. The registery system for UPC bar codes in the United States is incredibly simple and very easy to manipulate. I would assume that even that industry is more highly funded and more concerned about security than the USPS.
You must understand how barcodes work. If you have a barcode scanner, or an app on your iphone for instance, you can scan a tracking label... and you know what data is received by the scanner? The number. Nothing more.
USPS tracking scanners work by the method of each scanner having it's own data. Data such as a clock to keep time, the origin of the device(whatever city for instance), and other related info. When one of these devices scans a package, the device that scanned it basically takes that number, assigns it some data in the scanning device(such as delivered, delivery attempt, etc). After which at the end of the day that data is uploaded into the USPS computer: The Tracking number, and whatever the shipping update is.
That's it. It's that simple. Or so I would assume. All in all, all this theorizing is useless unless we put this into action, and try it.
The USPS does not store destination, origin, and that sort of stuff in the tracking label. They simply don't. Nothing about the package contents, nada. UPS on the other hand, when they generate their tracking labels, they manually input all of that stuff into the computer. All in all, all a tracking label is, is a number in the form of a barcode. The barcode system that is in use is very simple and not as complex as people would like to believe.
-
I have been thinking about this a bit. The way I see it there are two points at which a bar code number could enter the system.
1) the sticker is put on package and then when the package is first processed a USPS employee scans it and it enters the system as a valid number. This is how it would have to be for your idea to work.
2) when the tracking is purchased it is introduced to the system as a valid tracking number (alternatively it is purchased in another country and introduced to their system, then when it passes through customs it is introduced to domestic system as a valid number.) This is the way it works if the designers have any kind of sense.
The thing you say about counterfeit discount coupons is interesting though. I don't know enough about these to know how relevant they are to our situation.
What i'm thinking is that if it worked, the designers of USPSs barcode system would have left a huge back door in their system that should have been spotted in the first round of testing. The first thing a tester would ask is 'What happens if I insert a fraudulent number into the system?'
Still, stranger things have happened. My worry would be that it would work the first 100, 500, or 1000 times and then something would process differently and get noticed and shortly after that all packages would be flagged.
-
The thing with discount coupons is that they are a way of persuading you to purchase a particular brand. The mark up is such that the manufacturer still makes a profit on the discounted item even after reimbursing the store. So there is no great incentive for them to spot counterfeit ones, as they are still making profit when someone uses one.
A false tracking number requires them to go to the trouble of tracking a parcel that hasn't been paid for.
-
A few thoughts: Monitoring tracking to make sure people aren't using it for free is not a huge concern for the USPS because most tracking is free to begin with. Anyone doing any amount of serious shipping with the postal service is using one or another online postage system where tracking for First Class, Priority, and Express is absolutely free and tracking for other mail classes only costs twenty cents.
I'm remembering a news story a while back about a guy who was producing his own barcode labels and affixing them to expensive Lego sets and other things at ToysRUs stores all over the U.S. He would then take the item up to the checkout and pay for it, but it would ring up for far less than it was supposed to. He would then sell the stuff on eBay. He did this hundreds of times without raising a flag in the store's systems.
Not sure how germane any of this is to the topic at hand, but thanks for letting me share.
What I think about is someone with a Stamps.com account who would accept bitcoin and then produce shipping labels. The labels before printing are in .pdf format, so easily transmitted to the purchaser, who then prints out the label and affixes it to his outgoing mail. The sender of the mail has no connection to the Stamps.com account, but of course the person actually associated with the account would have to protect his identity.
-
I would be too scared to make a fake tracking label. Just the chance that the printed ones might all be in the system...
-
A few thoughts: Monitoring tracking to make sure people aren't using it for free is not a huge concern for the USPS because most tracking is free to begin with. Anyone doing any amount of serious shipping with the postal service is using one or another online postage system where tracking for First Class, Priority, and Express is absolutely free and tracking for other mail classes only costs twenty cents.
I'm remembering a news story a while back about a guy who was producing his own barcode labels and affixing them to expensive Lego sets and other things at ToysRUs stores all over the U.S. He would then take the item up to the checkout and pay for it, but it would ring up for far less than it was supposed to. He would then sell the stuff on eBay. He did this hundreds of times without raising a flag in the store's systems.
Not sure how germane any of this is to the topic at hand, but thanks for letting me share.
What I think about is someone with a Stamps.com account who would accept bitcoin and then produce shipping labels. The labels before printing are in .pdf format, so easily transmitted to the purchaser, who then prints out the label and affixes it to his outgoing mail. The sender of the mail has no connection to the Stamps.com account, but of course the person actually associated with the account would have to protect his identity.
Ahhhh well if tracking is free then I guess it could be possible. But then as kikiwiikiii says I'd be worried that it would become a way to identify people trying to track anonymously.
The thing is, as I described above, even if they have no financial incentive to not track fraudulent numbers, if they have designed their system correctly it shouldn't be possible. It wouldn't cost them any more to make it so a number can only enter the system at legitimate points, rather than just the first it gets scanned. You know what I mean? They wouldn't have to actively monitor for fake numbers, just design the system so it only works with their numbers. But that's not to discount poor design, as the Lego example shows.
-
Wow just wow...let's make a software program to spew out fake tracking codes that haven't been used yet. Is it just me or does anyone else notice the tendecy of SR peeps making things more complicated then they should be. Make a stamps accont with an address thats not tied to you. Use a VPN, use a prepaid card and rotate. It's not brain surgery.
-
Static Tension,
Stamps accounts are easly traceable. All of the addresses are stored in the system. Prepaid cards also cannot be activated without a SSN. DEA places order, vendor uses stamps.com, processes that address, and the tracking number. DEA receives package, tracks tracking number or address back to stamps.com with simple warrant. Gets Vendors real Identity. Shows up at vendors house and arrests them same day. Yeah, no thanks.
I don't think the USPS is worried at all about people using their own tracking numbers. Why would they be? Tracking is free. I mean there is ALWAYS that possibility that they could make a program that checks the validity of each tracking number... but this would require somewhat of a system redo. At the current state of the system, there is absolutely no need for it.
Second of all, I really doubt the DEA is going to force the USPS to rehaul their tracking system to flag numbers that haven't been activated. Plus, think about the free label 400 rolls that people can order online. Are all of those activated? If not, then not only would the USPS have to change their tracking system, they would also have to change the production system of the label 400 rolls and get each label registered in the system.
Ultimately, the only we can know if this works, is to try it. If it does work, I don't think it is very likely that the USPS will redo their system to check for fake tracking numbers. So long as the printed label 400 looks legitimate, nobody is going to notice it is any different, it will be scanned, and go straight into the sysetm.
I am going to try this very soon... I see it as a very viable option.
-
"I really doubt the DEA is going to force the USPS to rehaul their tracking system to flag numbers".
I guess you haven't been paying attention. Over the past year the USPS has not only overhauled their entire tracking system, they have been overhauling all aspects of the USPS. As well as all aspects of life. Just look at the new CDL laws. You cannot keep CDL anymore unless its tied to a carrier. AKA no more freelance truck driving, every shipment is not cargo tracked as-well as driver specific.
Ask any programmer. The constraints of even a 'relaxed security' system would never allow any number to work. I know you got this idea that the tracking number is just some unique hash tag that has no information before its used - but you are wrong.
I really don't think you have thought this through.
-
"I really doubt the DEA is going to force the USPS to rehaul their tracking system to flag numbers".
I guess you haven't been paying attention. Over the past year the USPS has not only overhauled their entire tracking system, they have been overhauling all aspects of the USPS. As well as all aspects of life. Just look at the new CDL laws. You cannot keep CDL anymore unless its tied to a carrier. AKA no more freelance truck driving, every shipment is not cargo tracked as-well as driver specific.
Ask any programmer. The constraints of even a 'relaxed security' system would never allow any number to work. I know you got this idea that the tracking number is just some unique hash tag that has no information before its used - but you are wrong.
I really don't think you have thought this through.
I have made and successfully tested tracking labels many times on none sr shipments. you guys are approaching this from the wrong side.
-
"I really doubt the DEA is going to force the USPS to rehaul their tracking system to flag numbers".
I guess you haven't been paying attention. Over the past year the USPS has not only overhauled their entire tracking system, they have been overhauling all aspects of the USPS. As well as all aspects of life. Just look at the new CDL laws. You cannot keep CDL anymore unless its tied to a carrier. AKA no more freelance truck driving, every shipment is not cargo tracked as-well as driver specific.
Ask any programmer. The constraints of even a 'relaxed security' system would never allow any number to work. I know you got this idea that the tracking number is just some unique hash tag that has no information before its used - but you are wrong.
I really don't think you have thought this through.
I have made and successfully tested tracking labels many times on none sr shipments. you guys are approaching this from the wrong side.
Ive created a system where your package can be instantaneously transported to wherever you want, you guys are approaching this from the wrong side.
-
...For the same reason I can't just slap a new barcode on a item in a shop and get it for a huge discount...
This totally works. Put the barcode for a $45 keyboard on a $250 keyboard and you will get a good discount. Just don't put the barcode for a stick of gum on a hard drive, they will not fall for it if it is not a similar item.
-
Is that due to the weight maybe ?
I think at my local supermarket they have the weight of items loaded in to stop people cheating them at the self check-out
its funny these days, when someone walks out and you hear the alarm usually the attendant will be like 'yeah thats fine' and not even check.. where as ~10 yrs ago you'd definitely be asked to go back in and check each item.
-
..to the Lego story
also, sometimes a case of single sale items has the same barcode on the case as the single as far as price goes..if you go to those in store scanners and check you may get lucky and then just find a dumb cashier that doesn't realize you just got 24 for the price of one, etc
I have done that with certain small things before
-
Static Tension,
Stamps accounts are easly traceable. All of the addresses are stored in the system. Prepaid cards also cannot be activated without a SSN. DEA places order, vendor uses stamps.com, processes that address, and the tracking number. DEA receives package, tracks tracking number or address back to stamps.com with simple warrant. Gets Vendors real Identity. Shows up at vendors house and arrests them same day. Yeah, no thanks.
I don't think the USPS is worried at all about people using their own tracking numbers. Why would they be? Tracking is free. I mean there is ALWAYS that possibility that they could make a program that checks the validity of each tracking number... but this would require somewhat of a system redo. At the current state of the system, there is absolutely no need for it.
Second of all, I really doubt the DEA is going to force the USPS to rehaul their tracking system to flag numbers that haven't been activated. Plus, think about the free label 400 rolls that people can order online. Are all of those activated? If not, then not only would the USPS have to change their tracking system, they would also have to change the production system of the label 400 rolls and get each label registered in the system.
Ultimately, the only we can know if this works, is to try it. If it does work, I don't think it is very likely that the USPS will redo their system to check for fake tracking numbers. So long as the printed label 400 looks legitimate, nobody is going to notice it is any different, it will be scanned, and go straight into the sysetm.
I am going to try this very soon... I see it as a very viable option.
You do realize that the only prepaid cards that need you to supply your SSN are the reloadable ones right? So your telling me that buying a non-reloadable prepaid card with cash to use for shipping is more bait than basically hacking the USPS system for tracking and somehow you think the DEA will be coming for the former? What are you smoking? Can i have some please? lol