The Unconventional Log: DENIED!
Some of you may have noticed the quick approval and archival of a cache of mine in the last 2 days. The cache (GC37V1K) was entitled “Universal Serial Bus” and it had a unique logbook. It was active for a little over 15 hours before Cache-tech changed his/her mind and archived it. I’d like your opinions on the hide.
There is currently a Groundspeak Forum discussion about this cache. For those who did not get to attempt it before its archival, the cache was normal in most respects except for one: the logbook was a USB key. It was pretty clear from the cache description that the only way to sign the logbook was to use a laptop to access the .TXT file on the key.
I have written to Cache-tech asking for the cache to be re-enabled (it is still out there, with a new USB key) and sent the following message:
Hello Cache-tech,
I have been very surprised today by all the commotion around my cache GC37V1K “Universal Serial Bus.” I would like some clarification on the reason you decided to archive it, as I do not see how this poses any security concerns. Please allow me to elaborate.
I thought I’d try something different with this cache, as I find many of the new caches around here are film canisters or lock ‘n lock containers. I had an old USB key sitting on my desk (it was only 256 MB) and I wasn’t using it anymore, so I took the idea and ran with it. The key was re-formatted and scanned for viruses (not that I was worried about that, as I am a Mac user and it had never been in a Windows computer). The log was a .TXT file. I decided to hide it in a residential neighbourhood in a tree beside a parking lot, less than a 2 minute drive from my house. I figured it would be easy for cachers to bring the cache to their car with them, sign the log with their laptops in their dry car interiors, and return the cache afterwards.
When I submitted the cache for publication, I purposefully made it a Premium Members cache as I figured it would stand a better chance of not getting muggled. I put the geocache inside of a small Nalgene bottle which was put inside of another container, and it was definitely waterproof. The cache description makes it very clear that you can’t sign the log with a pen and it should be evident that the logbook is a USB key. In my reviewer notes for the cache, I put the following:
“The cache is hidden in a tree. The logbook is a text file on a USB flash drive. The cacher will need to bring their laptop with them in order to sign the logbook. The USB key has been scanned for viruses and is in a waterproof container inside of another waterproof container.”
With this information, the cache was published without issue.
There are lots of caches out there that I can’t get. There is one in this area that is on top of a 40′ telephone pole and you need special safety equipment to access it. There is another one that requires a swim or canoe trip to an island. And yet another in a pipe underneath a road that my body would not fit in. If you don’t have the special equipment, you can’t log the cache. How is this any different with a USB key? You either have the special equipment and get to log it, or you don’t. Not everyone can get every cache.
The cache seems to fit within the logbook guidelines in section 2.1 in part 3.1:
Cache containers include a logsheet. For all physical caches, there must be a logbook, scroll or other type of log for geocachers to record their visit.
The USB key .TXT file seems like an acceptable “other type of log” to me.
I am not certain what security concerns this cache poses. The guidelines state in section 2.1 in part 1.2:
Certain files (specifically .TXT files, .PDFs and all audio files) may be acceptable in the interest of allowing greater cache creativity. These downloads must adhere to all geocaching guidelines and include the following text above the link: “Alert: You are about to download a file that contains further details needed to find this geocache. As the cache owner, I represent that this file is safe to download although it has not been checked by Groundspeak or by the reviewer for possible malicious content. Download this file at your own risk. [insert link here]”
If including this messaging on the cache listing and on the USB key itself is all that is required to make this cache permissible, then I am happy to do so.
I would like to see this cache re-enabled. Is posting the above message all that is required to do so?
Thanks,
heathtree
I’d welcome the input of my fellow New Brunswick cachers. Should this cache be permitted?
I actually have a couple of things to mention about this. When I had first started caching, I wanted to hide a cache where the “log” book was a 4x4x2 board strapped to a tree with an ammo can filled with markers and you would sign the “board” as a log. CT denied it and I appealed it with GSP and they also denied it. They said it was creative but that it was not an appropriate log. They really do seem tied to the paper log idea.
I love the idea that the USB key contains the TXT log. I think it’s a fantastic, out-of-the-box idea and I wish more cachers were doing creative things like this. However, in this specific case, I actually agree with CT’s archiving.
I hate being the “paranoid” type and I normally am not, and I suspect most folks from our area would not do this, but the possibility exists that someone could take your stick, put it in their laptop, transfer a virus or other malware to it, configure it in such a way that the moment the stick is placed into another laptop, the malware auto-runs, and presto, you have a log book now that is spreading viruses and malware.
The likelihood of this happening in our region is low, but from a reviewer standpoint, it’s a security concern that needs to be addressed, and thusly I can understand why he pulled the plug on it.
If it were a puzzle cache and ths stick contained a clue, they MIGHT allow it but because it does contain the possibility of a virus being spread, I suspect that too would be denied.
I had even wanted to publish a Wherigo cache where you had to use the Wherigo emulator to play it. It required that you download the Wherigo player from GSP and even though the software is FROM them, they still denied the listing because of downloading of a piece of software.
I agree that your idea is indeed different, the issue of a possible virus infection is a concern for me. Even though you formatted the USB drive and checked for viruses, it is still possible that someone logging the cache could have a virus on their laptop and thus infecting the USB drive without realising it.
I was about to post the same reply as Zor, I probably wouldn’t put it in my machine plus someone could delete the whole text file. Cool idea but probably would work as good as you think.
It’s a really neat idea you came up with bud sadly there is always a risk of virus with USB keys. I encountered one at work, someone brought in an infected USB key and infected one computer, that computer infected every key that was plugged in, and those newly infected keys infected the other computers that were plugged in. Let me tell you it spreads up pretty fast. All the computers were shielded up but it’s a shame the product we use didn’t detect it (even tho we had the latests definitions and that the virus was a few months old).
In my case the threat was more an annoyance than anything but like Zor mentionned this could get really serious. Install keyloggers and other crap like that to snatch bank accounts passwords and such. We always hear about those stories in the media from far away but it only takes one person with a sick mind.
Sorry for beeing paranoid as well, I guess that’s what you get for working in the IT industry ;).
Now mind you, there is another high tech alternative depending on how fancy you wanted to get. This is of course highly unlikely given the requirements, but hey, I’m just putting it out there.
Say you had a touch screen which was powered somehow and that was the “log”. But the only way to enable the touch screen is to “plug” in a USB device. When the touchscreen (which would be an LCD touchscreen hooked to a computer somehow) detects the insertion of the USB key, it brings up a screen where you can “sign the log” using your hands on the screen.
It could store all of the logs electronically but have the available for reading right there.
Would be a neat idea for a cache located within a business perhaps.
Well I feel like a bit of a tool here. Notwithstanding the comments above, I completely missed part of the guidelines that state:
“In the interest of file security, caches that require the installing or running of data and/or executables will likely not be published. The use of memory sticks and similar devices is not permitted either.”
I don’t know how I missed that despite reading the guidelines more than once. I can admit when I’m in the wrong, hat humbly in hand. Appeal retracted.
Despite that, I feel some satisfaction that of the 7 cachers who found my hide, 3 of them gave it a favourite point. At least somebody liked it.
Make that 4 favorite points out of 7 now.
I also thought it was a great idea, was disappointed that the flash drive was gone, and was unimpressed at the reviewer’s archiving it.
Having said that, after reading everyone’s comments here, and remembering a few stories of caches being vandalized or stolen, it’s not hard to imagine how someone might stick a virus on there.
I started thinking about using other means of storing data where an executable wouldn’t auto-run (ie SD card) or even read-only (ie a burned CD Rom containing just the coordinates for the next stage in a multi) but a hacker could still put a virus executable on the SD card (disguised as the log sheet perhaps) or could swap a CD for one containing a virus. Guess we’re back to square one!
I’m also a Mac guy (been about a year now) and I don’t automatically think about security and malicious software anymore…
Great job on the cache and if you use the same level of creativity on future ones, they will be good I’m sure!
No worries, I would had loved your cache I’m sure and the favorite would had came with it :). It’s nice to see new caches that you’ve never seen before and you made a great attempt at that one. It’s just sad that so many people scam thru computers that we get over precautious with stuff like that. For sure, don’t let it get to you :).
Heathtree, It is too bad that one missed that guideline (as I am sure others may have done as well). Nevertheless,I think this was clearly an ‘outside of the box’ thinking -congrats on that mark. Personally, I would not have attempted this cache to LOG (to find yes) for security reasons. Security protocol and all in the IT world.
Keep them coming for sure! Keeping thinking ‘outside the box’. 🙂
Aside from the no memory stick rule, I though GC also said a CO cannot impose extra requirements to log a cache, ie., pictures of cacher with cache in hand, etc. Basically making it a case of, if you have the logbook in hand you sign it and that’s the end of it.