The "How does Passbox work?" isn't clear to me. Is it encrypted at rest? Who has the password (or passwords), and is it just one secret key to unlock everything? Do my Trusted friends have to remember how to access Passbox, and a Passbox password? Am I notified if they do? How many of them do I need to select, and what if they die before I do, or move out of my life, or otherwise cease to be Trusted?
This all feels like it's trying to apply the web-SAAS model to a domain where it really doesn't fit.
I'd rather have a simple system where I could take any data, easily encrypt it on the client-side, and put it somewhere that's going to stay around for a long time (S3? thumb drive?). Then I give my lawyer the password and instructions on how to use it, on a sheet of paper. At any point, I can upload new data, replacing the old data. Digital security isn't as important because it's always encrypted before it leaves my desk. I don't need to maintain Trusted Friends because the only person with the password is my lawyer, who keeps it with my will.
Dealing with my possessions after my death is a solved problem. It's possible to simplify parts of it, but we shouldn't try to replace it entirely with another model that discards the good parts of what we have.
Here's a similar service with a straightforward description (I have no connection, I think I saw this on HN): https://www.deadmansswitch.net/
Personally, I know a handful of people I would trust to execute a non-legally-binding will who are also competent enough to combine a key and some encrypted data if they have both.
That's mine, by the way, so I'm available to answer questions if anyone wants.
I'm actually planning to rewrite it and move it to a new stack soon. It also accepts cryptocurrencies if you are so inclined (you have to email me to arrange that, but I'll add a payment processor with the rewrite).
I plan to add some more features with the rewrite, mainly file hosting for a monthly fee (many people have requested it).
If you don't already have it the ability to specify multiple check-in email addresses would probably be good. Too many ways to lose access to email accounts for that to cause distribution of "if you're reading this then I'm probably dead" messages.
I'm not a native speaker, so maybe there is some nuance I am missing... Why not a "dead person's switch'? Is legacy control a male only thing? Nevertheless, great service indeed!
At one point I was considering a Shamir's Secret Sharing based idea with the thought of especially targeting lawyers as a key part of "digital estate planning". The trouble happened that the more I talked off hand with various lawyers about the idea, the more it sounded what I really needed to make was a political lobby first (and that's not something I'd enjoy).
We have a lot of estate laws for arranging physical goods. We have almost no digital asset rights that survive our passing. Most of our accounts are explicitly locked to our lifetimes in Terms of Services agreements (generally, they are between me and only me and the service).
There's likely going to be some big political battles over the next decade or two as folks with big Steam collections or Movies Anywhere accounts or Dropbox file stores pass on and try to pass those digital "assets" to surviving family members.
So my "simple" idea of "I want to build a tool for lawyers to securely write down and file people's passwords in their wills/trusts" became a giant rabbit hole of "securing the will/trust may not be the hard part, making sure those passwords are useful to survivors is a very hard problem that currently everyone is kicking the can on".
In most cases, like Steam and Dropbox, those services don't seem to check or particularly care that you are the original account owner. They do two factor authentication, security questions, etc, but that's just trying to make sure you haven't been hacked, and preparing for it would be part of giving someone secure passwords in your will.
The point is that lax enforcement doesn't matter to lawyers when questioning the legal basis for something. If you are going to start encouraging every lawyer to start contemplating adding passwords to wills and trusts, they start to ask a lot of questions if that is something that can even legally be put in a will or entrusted to an estate.
We don't have good legal protections for that at all. Consider that some Terms of Service agreements, sharing a password at all, no matter the reason, is itself a breach of Terms of Service. That most services may not enforce such ToS clauses today doesn't imply that they won't start enforcing them tomorrow.
(Multi-factor is another land mine mess in digital asset rights. We barely understand how biometric locks should affect things like privacy laws, let alone has anyone really started talking about how you deal with a dead relative's thumbprint or "face ID" in their absence. Passwords are at least physically transferable, a lot of MFA, especially biometrics, is not.)
They told me that they wouldn't pay for a service to securely provide passwords to heirs without the legal issues addressed first. There's a difference between "my client intended to include this bit of secret information to their heir and what the heir chooses to do with it is their responsibility" and "I'm going to encourage my client to work with me to sign up and pay for this service in order to entrust their passwords to future heirs" in terms of good old fashioned CYA [Cover Your Rear].
Which is a big part of why it needs to be a political lobby or working group: lawyers don't think anything about the ad hoc cases ("give this password to my heirs") because it is isn't their responsibility at that point other than storage and it isn't distinct from the rest of wills/trust documents. Then there is the problem that it isn't yet common enough for them to abstract it into a "class" and/or yet think to ask every client of theirs for passwords for continuity of digital estates/digital asset planning. As soon as they do start to consider the repercussions of the latter is when they do start to get antsy about their responsibilities (is it legal for every service, the answer to which is currently "no" [the discussion above], and then increasingly complicated follow ups such as can you "split an account among multiple heirs" and "what's the retail value if it needs to be auctioned" and so on and so forth). Lawyers at that point want the comfort of laws to back them up in any such responsibilities, at which time it looks necessary to start a political lobby to build digital assets rights into laws.
Thanks for checking it out! Apologies for not striking the right balance of brevity while also being informative for you. I'm trying to improve there.
All the sensitive data is encrypted at rest using a key/passphrase determined by the user. Passbox doesn't store it and can't assist if it's lost/forgot.
That key would need to be shared with your trusted users and they would need to create their own Passbox accounts. Only folks you assign to your account (via email) can request access to view your data. No one else.
On the standard plan you can assign as many trusted contacts as you'd like. This is potentially useful for segmenting who gets what collections of data.
Both you and the requested user are notified of access requests to your account and also of any approved requests. A group without assignees is shared with all the trusted users you've linked to your account if they're approved access.
Any trusted user you assign can be easily removed or replaced.
---
Again thanks for your perspective! This is one way I'm thinking about tackling it and appreciate other ideas.
Have you thought about secret sharing cryptographic schemes? Nobody gets access to your data until most everyone that has a share of the key agrees that something bad has happened to you.
This all feels like it's trying to apply the web-SAAS model to a domain where it really doesn't fit.
I'd rather have a simple system where I could take any data, easily encrypt it on the client-side, and put it somewhere that's going to stay around for a long time (S3? thumb drive?). Then I give my lawyer the password and instructions on how to use it, on a sheet of paper. At any point, I can upload new data, replacing the old data. Digital security isn't as important because it's always encrypted before it leaves my desk. I don't need to maintain Trusted Friends because the only person with the password is my lawyer, who keeps it with my will.
Dealing with my possessions after my death is a solved problem. It's possible to simplify parts of it, but we shouldn't try to replace it entirely with another model that discards the good parts of what we have.