Recently I’ve been going to a rock climbing trip with a friend. Although this is a relatively safe sport. It’s far from being the safest. So it got me thinking. “What if I make a mistake and fall to my death ?”
I thought about the obvious facts like the sadness from my loved ones etc. But I also thought about more pragmatic things. I’m sure my bank account’s content can be transferred to them somehow. But I also hold some cryptocurrency. Which, by design, would be lost forever if I were to die with my private keys. Same goes for the various services that I run like steempress. If I were to die those would shut down and the vast amount of code locked away in private github repos might very well never be recovered (assuming github doesn’t help). Or even this blog, I plan on adding a ton of tutorials on it, what if it goes down because I no longer pay the bills ?
I was thinking, “I’m a programmer, I can probably plan for my death with code”. But here’s the problem. Let’s say I give an USB key to my loved ones with basically all of my passwords, private keys etc. It puts a huge risk on me because if that key were to be stolen, if one of my loved ones becomes rogue because of whatever reason. (we are talking about planning for death here so this is measures that should last several decades) I could lose so much.
The obvious answer is “fuck it, it’s a problem for the living and I’ll be dead” but it’s pretty egoistical so I wanted to find a solution. Another obvious solution would be to go to a lawyer and give the usb key to be handed out with my will. But that would be quite costly.
The idea is relatively simple. Create an encrypted usb drive using truecrypt and/or veracrypt. Ideally nest them. With all of the important information. And give those to your loved ones without the password. Therefore there is no risk if the usb key gets stolen. And if they manage to break the encryption they can go directly to their local intelligence agency and sell that 0day for a few millions, much more than the content of that drive because it’s that hard. So I’m not too worried about that happening.
Then write a small server that sends you “are you alive” emails every months. If you miss too many then the server will then send to your loved ones an email which will contain the password for the usb key. (And perhaps a few words like “don’t be sad I love you”)
This means that if your web server handling the are you alive checks gets compromised. The attacker will just get a random password that is useless without the file.
If you miss a test then you get more mails. This is done to prevent you from missing one email and being declared dead by the code. I setup a “failed test counter” send emails like so :
0-2 : every month 3-5 : every 3 weeks 5-7 : every 2 weeks 8-16 : every week after 16 checks death is declared.
In total you need to be offline for about a little less than 6 months (26 weeks) for it to trigger.
There is still a ton of little things that you can add to that setup, like only sending parts of the key to each of your loved ones. So they have to get together to open the file and it’s not like the first one who opens the files can run with everything.
There are a few services that already offer death email counters but I would encourage you to code your own and even self host it. The less people you trust, the more secure this setup becomes.
I am definitely open to suggestions to make this more secure. Right now my biggest concern is an unforeseen bug or something that makes the code trigger the email while I’m still alive. Or something like me getting kidnapped/imprisoned for 6 months. But if I set the timer to longer than that. The info inside of it might no longer be relevant.