This week I read a post about the death of the Boeing whistleblower, and how Boeing might have suicided him.
I don’t care about if the rumors are true or not, however someone mentioned in the comments that in such situations one should always have a Dead Man Switch.
For those who don’t know a Dead Man Switch is basically an action TBD in case you die, like leaking documents, send messages/emails, kill a server etc . . .
The concept tickled me a bit, and I decided I want to build a similar system for myself. No, I am not in danger but I would like to send last goodbyes to friends and family. I think it would be cool concept.
How would you go and build such service?
I thinking of using a VPS to do the actions because it would be running for a while before my debit card gets cancelled.
The thing that is bugging me out is the trigger, I will not put that responsibility onto someone that’s cheating, so it would have to be something which can reliably tell I am dead and has to run regularly.
Where is what I come up with :
-
Ask a country association through email if am I am dead.
-
Check if I haven’t logged out on my password manager in a week. If it’s even possible.
TLDR; Give me ideas on how to build a DEAD MAN SWITCH and what triggers should I use.
Leave instructions in your will for your executor to carry out after you are gone. The high tech stuff is not needed. Several times on forums or in other places, someone passes away and word gets around. In some cases the member’s widow will log in to relay the news and maybe share some memories of the deceased. That means they must have been given the account password for such purposes.
This one makes the most sense, and has the fewest failure modes.
deleted by creator
The phone one is a great idea, no?
On iOS you can use shortcuts to hit a web hook and on Android I’m sure the options are endless.
I have thought about this problem before and I like the phone idea.
Tech people are overthinking this. You pay a lawyer to do something when certain conditions are met.
Deviant has a talk about setting up a similar protocol for their group of friends to access passwords - https://m.youtube.com/watch?v=6ihrGNGesfI
In that case the protocol involved the lawyer contacting certain people to ensure consensus that the person is really in need of help, but the protocol can be whatever you want.
The human in this protocol fixes the “false-positive” problem:
Consider the case where the technical system has just sent an alarm that “ransomwarelettuce hasn’t been following their usual internet routine for the last week, and therefore they must be dead”
ransomwarelettuce meanwhile is unconscious in a hospital after an accident that destroyed their phone and all of its 2FA methods, but will eventually wake up and be super-embarassed if their documents were published!
If the technical system is primary, it immediately publishes your “don’t publish this while I’m alive” documents.
If the technical system is filtered through some human system such as the remote lawyer, they try to phone you, contact your family, contact the hospitals, search for news stories about you, before publishing the “don’t publish this while I’m alive” documents.
Also not a fan of that “pay a lawyer” part.
Is it the word “lawyer” or spending some small amount of money?
Lawyers are bound by law and an ethical code to conduct business in a particular way. They also tend to have support infrastructure and continuity plans that private individuals do not.
If making sure something actually happens is important to you, this is the best option.
It’s the word lawyer. Please forgive me for having a tarnished view of the practice after a lifetime of reading about all the silly, frivolous litigation that constantly occurs in the US.
I get what you’re saying though. I know there are good lawyers and a need for them.
Many of the “frivolous” lawsuits you’ve actually heard about are effectively smear campaigns against the plaintiffs.
The lawsuit against MacDonald’s for the hot coffee one is a great example.
Yes, people do dumb stuff, or fantasize that a situation could be their golden ticket, but that is the cost of having a civil judicial system. You either have to allow some crazy in, or prejudge and filter out what you’d consider legitimate cases. I just don’t have the energy, or care enough to be annoyed by inefficiency in the a system that I rarely interact with.
The criminal system is a different story, because the way we currently prosecute different kinds of crimes offends my basic sense of fairness.
Every method has vulnerabilities. If you are concerned enough, you can take the legal route and the technical route to make attacking the system require different areas of expertise.
I always thought it was just like an email set to future send in say a week or 2, then every few days or every week you go in and bump forward the date.
I always heard a Dead Man’s Switch defined as a switch which goes off once you stop pressing it. So you just set up something to go off in the future, then for as long as you’re alive you keep preventing it from going off.
As long as you’re okay with the edge cases on that: jailed, hospitalized, or other event lasting two weeks and your switch goes off.
Yep, false positives are a problem for a dead man’s switch.
Two weeks without being able to get internet access or word to a friend is definitely possible but seems pretty unlikely.
You could make it more than 2 weeks out but I think that’s a good middle ground between avoiding false positives and striking while the iron is hot, you know? Imagine sending an email beginning “if you’re reading this I’m dead…” and having recipients think “Yeah, that was ages ago.”
Yeah that’s my problem, a false positive in this situation is not something that atrocious, but I would catch slack by my friends for the rest of my life hehehe.
Just make it ridiculous. Like instructions to get an artifact that will resurrect you from a museum in France… Then if it goes off by accident, it is comedy.
Damn I might actually make something like that to soften the blow if it is released by accident or of my death.
This is the core issue with the traditional dead man’s “switch” – it doesn’t require death to go off, just letting go of it, and there are other reasons why that might happen. By extension, a switch that requires you to log into something periodically might be problematic if you’re predisposed. Personally I’d just set a longer timer, a month is probably fine and, unless your “exposure” is extremely time sensitive, a month won’t matter once you’re dead.
Thor from Pirate Software (a game studio) does this. He has his set up so that if he doesn’t log into a specific server for a year, the source code to his game will be automatically published.
You could do the same thing. Just grab a super cheap server that checks the last login date and sends out emails.
I think the classic choice is a ping with a wide enough margin of error to allow for temporary incapacitation. There are a plethora of ways to do this and the main concern would probably be obfuscation of the trigger and a proof of identity. In the modern world the cheap solution I’d suggest is connecting a server with a 2FA app on your phone and having a request string/web page where you can input a token. If the server goes a few days without a correct token it triggers the death script.
I’d avoid anything that actively pings you since that traffic would be predictable and easier to snoop - potentially alerting a bad actor to the fact you have such a system setup… you also, obviously, don’t want to tell anyone you have such a system. And you definitely want some kind of rotating identity proof so that replay attacks can’t indefinitely delay the script trigger - random ass 2FA apps might be too easy to identify in this regard but it’s so trivial and accessible to implement that I think it’s a reasonable choice.
Some form of compute with a recurring job that checks for a DNS address or domain.
Choose a domain that needs to be regularly paid for as a target.
Reason I would choose something you pay for as the trigger is because not paying a bill after your death is one thing that will be actioned on no matter what.
except your family can continue to pay for your hosting and domains
That’s if they know about it and have access to any of the accounts.
For example you can setup a domain.com account that’s almost completely anonymous.
#!/bin/bash SERVICE="irl_heartbeat" LOGFILE="/var/log/heartbeat_monitor.log" EMAIL="[email protected]" SUBJECT="Alert: irl_heartbeat service stopped" BODY="See y'all in hell" if systemctl is-active --quiet $SERVICE; then echo "$(date "+%Y-%m-%d %H:%M:%S") - $SERVICE is running" >> $LOGFILE else LAST_ACTIVE=$(systemctl show $SERVICE --property=InactiveExitTimestamp | cut -d'=' -f2) CURRENT_TIME=$(date +%s) LAST_ACTIVE_TIME=$(date -d "$LAST_ACTIVE" +%s) DIFF=$(( (CURRENT_TIME - LAST_ACTIVE_TIME) / 60 )) if [ "$DIFF" -gt 20 ]; then echo "$BODY" | mail -s "$SUBJECT" $EMAIL echo "$(date "+%Y-%m-%d %H:%M:%S") - Email alert sent: $SERVICE has been inactive for more than $DIFF minutes" >> $LOGFILE else echo "$(date "+%Y-%m-%d %H:%M:%S") - No alert sent. $SERVICE has been inactive for $DIFF minutes, which is less than the threshold of 20 minutes." >> $LOGFILE fi fi
pls test it accordingly before use
Man, if I ever become suicidal I’m gonna become a whistleblower first so I can leave chaos and confusion in my wake
Yeah but before anything say to everyone that if you are found dead you didn’t kill yourself and let the chaos begin.
Honestly a good way to put a mistery into any suicide would be do that.
I’ve actually given this a lot of thought over the years. The biggest issue for me is all my AWS services that no one in my family knows about.
So the idea would be to, at minimum, let my family know what services are being used.
Unfortunately there isn’t a turn-key solution. I’ve seen a number of well-meaning solutions and some that are quite novel but they all suffer from the same problems: how do you deal with false positives and how do you verify your deadness.
I imagine that the problem is similar to the Yellowstone trash can problem, in that any solution to mitigate one will make it harder on the other.
The best solution I’ve found is to have a two-person solution, similar to launching a nuke. You have automation that tests if you are active that emails a close friend or relative to verify you are indeed dead.
Ideally there would be more than one person on this list a confirmation from two people would kick off all of the automations you code.
mmm I didn’t want to bring anyone into this, but I if I manage someone techy I know to be Dead Man Switch buddies, honestly it would be a good measure.
They don’t need to be a techie. Just someone who can click a button.
I am remembering Julian Assuage has/had a payload that was distributed via BitTorrent. The file was encrypted with a private key and his public key was posted either as a file in the package or on the site where the magnet file was downloaded.
Before he was arrested, he encouraged everyone to download the file and sit on it and to keep seeding it. He said in the event of his untimely death, the password would be released for everyone to decrypt.
That would be another option but you sort of need the notoriety to make this work.
Well, if you can tolerate Google, they actually offer this. If I don’t interact with my accounts for 3 months, it will send the email I’ve composed to designated recipients.
They’ll probably cancel that feature well ahead of your death.
Oh, probably. I just hope it 30 years before my death. I’m 67. :)
One concept I would add is that the machine hosting the dead man’s switch should have a booby trap.
Suppose your enemies know about the dead man’s switch. (And they probably should know as it would encourage them not to murder you.) They want to disable it, so they abduct and torture you for the details. You must be able to give them details that will plausibly allow them to disable the DMS - so that they stop torturing you, while secretly triggering your backup.
I imagine this as the VM running the DMS has a process that runs on login. The process silently runs, sleeps for an hour, and then sends a message to a second VM, configured from a totally different account. That second VM will wait a month (long enough for your enemies to stop torturing you and assume they’ve won - or for you to disable in the case of an accidental trigger) and then post your information on various socials. When you login to the DMS machine you have an hour to kill the process or a month to kill the second machine if you forgot to do so.
I would also say that you can pay for your VMs in advance using bitcoin or monero (njalla accepts both!). Pay in advance for 10 years from separate wallets, configure your DMS and backup, and let them go!
Ooh nice got me a cold wallet a while ago for monero, might it put to use.
Thx for the tip.
Just have a requirement that you sign into the system every N hours and respond to a simple challenge. Once you stop doing that, it auto-fires when the time has run out.
There could be reasons other than death preventing you from accessing the system to update this though. Stranded somewhere, power outage, unexpectedly arrested and incarcerated, medical emergency, etc.
Yeah, so you set the number of hours with that in mind. Not every 12h, something like every 240h so that there’s time to adjust or make a phone call.
These are all situations that you would want to alert your loved ones though. And the power outage one will probably be solved faster than your switch hopefully.
Then the switch only serves to notify your loved ones that you’re having an emergency. What if the switch is to, say, leak some documents to the public? You can’t take that back so presumably you only want to do it after you die.
Yes, this is what I think of when I think of a “dead man’s switch”. It relates to the concept of a physical device that deactivates or activates if you let go of a switch, like a light saber for example.
I think an interval of weeks would be more convenient than hours to avoid false positives. But I think Patrick Stewart’s character did daily check-ins in the movie Safe House. The dead man’s switch was actually the central plot point in that movie.
Make it check a lemmy or x account. If you don’t post for 24 hours it should run.
Network interruption would cause it to run then. Or an API change. Dangerously causing it to actually run.
Depends entirely on how you handle errors.
Write a web server with a countdown that sends you regularly a link via email to reset the countdown.
One of the less mentioned aspects is that a dead man switch should be difficult, if not impossible to detect and neutralise. If you are to the level of being unalived, you’re likely also a target for significant directed hacking. Such a dead man switch should be as resistant as possible to this. A simple email could let them detect and disable your dead man switch.
Maybe make it look like a spam email? :-)
This is a good point – it didn’t have to look like spam tho, it could look like anything. Or it could look like many things. Write up a 10-20 line text file of bullshit emails from one person, or even a few people – or even have Chat Gippity write them, tho that might have a paper trail, depending on your attacker.
All you have to do is put some “flag” word in the first few words so you recognize it. Then, any reply to that inbox (which could have many aliases) resets the timer.
The big problem is, imo, if you’re “dangerous” enough to de-alive, then you’ve already exposed something big. Would you have something left to expose after that?
Hiding it would work. You just have to make sure you don’t miss any.
As for the danger. There are levels of exposure. You could leak something damning, but that could be played off as a 1 off. You might also be sitting on a huge amount of paperwork that proves it’s endemic. That paperwork might also expose others who wanted things changed, but don’t want to be outed. In this case, an initial leak can test the waters. The additional info can be rolled out, if it’s needed, or the results justified.
E.g. Initial leak proves they did something nasty. The additional info massively backs it up, but also implicates a VP in its gathering. You might not want to show that hand until later, either to protect them, or to gather more info on their reaction.