As for the trust issues, you can easily just say "look under the porch in my house", you don't have to reveal all the information there. Or, just encrypt things.
Nice. Do you actually make a reasonable amount of money the on service? The reason I ask is because these dollar/lifetime web services are popping up more, and I find it to be an interesting pricing model
Not overly, but it's just a side project for me. I should start marketing it more, I chose the lifetime pricing model because downgrading someone's account if they died didn't really make sense for the project...
I'd definitely be up for it if IFTTT were. Do you mean as a "switch triggered" thing, for Twitter, Facebook, etc?
A problem with that is that people can have custom intervals per-message, so they can have one for "I'm missing for a day", one for a month, etc, so there's no "one" switch. I could make one, though, I guess.
Yes, I'd gladly share my super-secret - so secret I only want it revealed when I die - stuff with some random website. No bueno. I'm sorry, but this is basically one of those services you can't really run on a hosted environment.
I think the ultimate solution is a dead man's switch that is tied to something physical, aka a password in a bank vault that unencrypts a file somewhere. Yes, you have to trust the bank, but it's unlikely the bank knows what to do with this random password.
This is what I do - all my passwords and super-secret stuff is in an encrypted file with the passphrase something I have memorized. It's also written down and stored in a secure location that my wife has access to, should something bad happen to me. I don't care if she accesses this password when I'm not dead - it's only in a secure location to prevent accidental disclosure (theft) of it.
Perhaps a better method for less trustworthy heirs is to give them half of a worded password. Say the password is "pond elephant evergreen tennis skyscraper electric". You give them "pond elephant evergreen" now (in searchable e-mail), and let the dead man's switch give them "tennis skyscraper electric".
Alternatively, let the dead man's switch alert heirs to swap their half of the password, so that all heirs now have the full password. Then you don't overly depend on the dead man's switch.
That's one of one of the main use cases I had in mind when I wrote this: https://github.com/ryancdotorg/threshcrypt - you encrypt a file using N passwords and require that at least M passwords be presented in order to decrypt. At the moment it's not suitable for non-technical users, though you could make a bootable thumb drive that autoruns it and saves the decrypted file. I was also able to embed it in an initramfs on Debian for use with full disk encryption.
A use case that might make more sense (though would still require trust) could be things like posting messages to Twitter, Blogs, etc. about your death.
Once it earns some trust, it could offer to sell your startup/website/app to someone that would do a good job of maintaining it (or release it as open source).
Agreed, trust is key for a service like this. Ideally the contents need to be secure, but not so secure that you are the only one who can read them--otherwise what's the point since you're probably abducted or dead?
The point is that I don't want YOU to read this info BEFORE I'm dead. And basically there's no way to prevent that if your website contains everything needed to disclose the information.
Shurely you could just store the decruption key in deadman.io. The actual encrypted files stored elsewhere.
Like you note with your current setup, the passphrase is useless on its own.
Or store encypted file in one deadman.io switch, and the passphrase in another switch (in another account). The evil owner of said website, shouldnt be able to connect the two. (whats the chances they going to arbitarly try decoding every file they have with every passphrase they have)
Users need a huge amount of trust to use a service like this. The notification about running on free quota and submitting bug reports does not engender this trust.
I totally agree. This isn't a "hey this is a service you should pay for" post, this is more of a "hey I built this in 17 hours at a hackathon, check it out".
If it ever does become a service for real I'll need to do some work to secure it, add features, etc.
"100% Secure/Durable." Okay, if you say so. Why should I trust this? Now I have to decide whether it's more likely that I get struck by lightning or you do. Well, you spent 17 whole hours on it...
Sorry, I don't mean to diss your thing, it's a nice idea. I'm just sick of all the exaggerated reliability claims of these startup projects. Maybe I'm crazy, but if you claim "100% durability" on something fairly important, you're taking on serious responsibility. What are the odds of this site working in three years? Three months?
Yeah that's kind of tongue-in-cheek. It's most likely not either of those at this point. I just threw some stuff up there that a service "might" say if it was for realz.
"..Service providers have different rules—and few state them clearly in their terms and conditions. Many give users a personal right to use an account, but nobody else, even after death. Facebook allows relatives to close an account or turn it into a memorial page. Gmail (run by Google) will provide copies of e-mails to an executor. Music downloaded via iTunes is held under a licence which can be revoked on death. Apple declined to comment on the record on this or other policies. All e-mail and data on its iCloud service are deleted on the death of the owner.."
Personally I would never use a service like this for anything that needs to be secure. That's nothing against you more my own paranoia and honestly if it was some password to decrypt my files I'd just give it in a letter to the person I trust not surprise her with an email after I die which she'd probably cry over for days.
I'd probably consider using it to just tell the people I love that I'd miss them and what impact they had on my life.
I really don't get the draw about sending passwords, life insurance policies, and other secure data when you're dead. Would my family and loved ones care about any of that if I was gone? Probably not and if the information I stored was useful to them I'd have given them a way to access it offline in the event something happened.
Not against the service I think it's a great idea just think for the non-developers out there they'd probably prefer something closer to the heart to be sent.
Note: I know you didn't really suggest people send super secret things on the site just saying it in response to what everyone else is posting.
Well. If you happen to be going into a high-profile meeting with a mob boss and you happen to have incriminating documents about him, upload them to Deadman and hopefully you will get out alive. :)
More seriously, I think the core technology would be useful for elderly, people going on hikes into remote areas, etc.
Better yet, retain a lawyer for this purpose. The difference being that the lawyer can make determinations this site cannot. For example, you might think that a one week period is sufficient however you'd be better off with a one month period just for safety reasons as you might be stuck on some mountain or locked up with some mob boss for a week and you don't want the dead man's switch to trigger. But what if you're coming home from the mountain climbing trip or the meeting with the mob boss and you get in a car accident and in order to relieve brain swelling, doctors have you in a medically-induced coma for six weeks? Oops...
A lawyer can make such a judgment call without falling back to the binary decision of "has the time elapsed with no check-in?".
But for that use case, I have to tell the mob boss that I uploaded a secret to deadman.io. At which point he takes out his rubber hose collection, and gently persuades me to log in and delete the secret.
A) The idea is that the "rubber hose collection" leads to you revealing where it is, and B) if it's a generated password, how will you stop the deadman's switch in the event of getting away?
You ping the service by email/phone/SMS, not by logging in. But you have a point, you'd have to keep pinging it for the rest of your life and it would fire anyway when you die :)
Maybe, but this is the case for any dead man's switch (even a bank/lawyer). It's always a balance between what the mob boss thinks he can get you to do vs the power of the dirt you have on him. Literature/TV have beaten to death the permutations/twists on this theme.
I set it up to check an old email account I tend to forget about for months at a time (which can't auto-forward mail). I could set a calendar event, but I don't want to force myself to check it at exact intervals.
There's a web-hook switch which is intriguing, though I haven't come up with a good use case yet.
I'm sure Jesse Lovelace (of the WhoIs record) will be happy to be on a receiving end of all inquires pertaining to enforcements of "your insurance policy."
http://www.deadmansswitch.net
As for the trust issues, you can easily just say "look under the porch in my house", you don't have to reveal all the information there. Or, just encrypt things.