>>For my credentials, I use keepassXC with a keyfile + a master password, the keyfile and the password db is synced using syncthingd with a server that I rent. My legal documents are all tied in one folder on my laptop which is also synced on the same server. So basically we have all the needed documents which are synced in real time on the same server.
Sooo many eggs in one basket. Unless you are the son of an oil or shipping magnate, I suggest that your risk of being kidnapped pales in comparison to your risk of being hacked.
>> Currently after 24h without changing activity a first notification is sent to my own email so that if this is a mistake I can stop the system before it is too late. And if 6 hours later I've still haven't changed of activity then a mail is sent to my parents.
30 hours? I take it that the author has not done much international traveling, or traveling generally. And they haven't worked a job involving long hours, or a back-to-back shift after someone calls in sick. For any adult, 30 hours without connectivity is not enough to trigger a kidnapping alarm.
for example if my last activity is eating, then I won't eat for 24 hours, so I can trigger the alert after for example 4 hours
The author appears to be an individual who digitally documents events as mundane as eating. I don't think going days without an internet connection is a big risk for him.
Personally I just keep an encrypted flash drive with all my passwords and documents in a safe. My whole family knows the password but they don't know the combination. If I go missing they can cut the hinges off in minutes with my angle grinder. They can't access it without me finding out and hypothetical burglars wouldn't be able to decrypt it. Simple and doesn't rely on any external services.
This is a pretty good approach. I hope you're periodically testing/replacing that flash drive though. I lost a few thousand dollars worth of Bitcoin because I assumed a flash drive would be fine after years of laying untouched in a desk drawer.
>For any adult, 30 hours without connectivity is not enough to trigger a kidnapping alarm.
I guess the question is what the OP considers the cost of a false alarm to be.
Because you're right of course. Lots of things can happen that put you out of communication for an extended period. Communications is more and more ubiquitous but phones and laptops break. The US still has rather large areas with no cell phone coverage. And so forth. In the past 10 years, I'm sure there have been multiple times when I've gone more than 30 hours with cellular service or WiFi.
I think it's mostly an age-related thing but a lot of people just can't imagine not being in touch almost constantly. There was a discussion just the other day where someone was worried about being tracked at protests. But "Just leave your phone at home?" basically did not compute.
In general, for a rare event, it can be a difficult problem to activate on the absence of a signal fast enough and reliably enough to be useful, without having false positives.
> In the past 10 years, I'm sure there have been multiple times when I've gone more than 30 hours with cellular service or WiFi.
In the last 10 years the longest I went without Internet was during trans pacific flights, so never longer than 15 hours. I think this level of connection —- basically intermittent connection during the entire waking hours —- is super common in today’s society.
If I was disconnected for longer than 30 hours w/o prior knowledge of being disconnected it would mean something seriously bad has happened to me, and it would be nice if my next of kin had access to all the documents they would need to settle my affairs.
> But "Just leave your phone at home?" basically did not compute.
Your wallet contains a lot of pretty damn good ways for someone to impersonate you and rob you blind, yet "just leave your wallet at home" will stubbornly fail to compute for a lot of adults.
> "Just leave your phone at home?" basically did not compute.
I wouldn't leave my phone at home either; a smartphone is the single most useful thing to have on your person when facing unexpected problems of almost any kind. And no idea about those particular protests, but protesters over here have started heavily coordinating and sharing information via phones, so you might have an actual information deficit without one.
That said, switching off cellular (or the device itself), disabling biometric auth, that might be a good idea.
Another way you can lose connectivity is going into an area that has too many people. I went to Madras, Oregon to view the 2017 total solar eclipse.
Madras is a small town of about 7 000 people, in a county of about 25 000 people. Estimates are that around 100 000 people came there for the eclipse. The cellular infrastructure there was not able to handle the volume.
For the ~28 hours I was there, I was never once able to view a web page via cellular internet. I and a friend who also picked Madras to watch from tried to call each other a few times, and never got through. Most text messages we tried to exchange were lost, although we did each manage to get a couple through, although those came through hours after they were sent.
We both had T-Mobile. I don't know how AT&T, Sprint, and Verizon were doing.
> 30 hours? I take it that the author has not done much international traveling, or traveling generally. And they haven't worked a job involving long hours, or a back-to-back shift after someone calls in sick. For any adult, 30 hours without connectivity is not enough to trigger a kidnapping alarm.
(OP here) Well I'm kind of digital nomad so traveling very often and I also maintain a Saas platform, so I basically need to be with internet access all the time, I know this may not be the case for everyone, but in my case if I'm going to be without internet for more than 12 hours I know it ahead of time
> Well I'm kind of digital nomad so traveling very often and I also maintain a Saas platform
Sounds like a dream job really. The ubiquity of internet-everywhere these days - even in third-world countries - is quite astonishing really. When I was traveling in Kenya a decade ago I was able to blog (via 2G) in the middle of the Maasai Mara!
I have to agree with this comment, I've traveled to Thailand 3 times and I've never been attacked or kidnapped. 1, or even 2 datapoints aren't enough to say something like this. Being kidnapped will always be a risk, but not something you should worry about.
Unrelated to this, I'm curious why everyone is picking so much on Thailand. I'm not sure if this is my own bias because I've went there multiple times, but people use Thailand for a lot of (mostly) bad examples. Even though Thailand is probably as safe as it gets in South East Asia (with the exception of Singapore). I know multiple people from Thailand and the Philippines, and everyone is saying that the Philippines is more corrupt and more dangerous.
I’ve been to Thailand, cumulatively, for about 2 years probably. I’m well aware of it’s ups and downs.
I’m not picking on it. But I’m just telling and anecdote, where someone not from hiso was attacked and kidnapped, but they escaped.
OP was saying that only hiso individuals should worry. My point is that anyone can be kidnapped. Don’t need to be rich or famous.
Otherwise I agree with your sentiment about Thailand being more safe than most. In some respects it’s safer than many western countries. Probably for everything except traffic deaths, which they are almost leading the world in.
I guess the question is whether they are encrypted or not, or how they are otherwise protected.
I keep personal info in my password store. I figure if that file gets compromised I'm pretty screwed anyway. But compromising that also requires the attacker to have my private key and the password for that key.
Depends on the upside and downside of delay, but yes, definitely expect a false trigger on a 30 hour clock. Heck you can easily just pass out and not be online for 30 hours. Trip and fall and get a traumatic brain injury and your doctor may medically induce a coma while you're being treated.
But if that happens, I expect they'd notify my emergency contacts in my phone, or at least my partner would get notified, and she'd tell everyone else who'd need to know.
I mean that's counting on a lot of stuff to happen. Emergency contacts often don't get notified. A car crash that gives you the TBI breaks your phone, or they extract you from the car and your wallet/phone are left in the car and they don't even know your identity on admission until they get the license plate lookup. But if your kidnap risk is high and your risk of exposing the data is low, it's fine I guess. For example I don't have anything to lose from the publication of my hard drive (my main computer security threat would be keylogging my banking passwords etc.) and many others are in that position.
The author of the blogpost didn't mention publishing anything, just sending their parents a link to download credentials and instructions in case they're needed, and how to get to their documents. FWIW, their setup reads like it may well just randomly get hacked, anyway.
Apart from that, emergency contacts usually do get notified where I live, police take care of that, and they have to be involved with any major accident. Phones are sturdy things in
practice, and if not there's my identity card and a card with important phone numbers in my wallet.
And if they didn't, my partner would hardly sit around doing nothing if I randomly disappeared.
Yeah but in all that -- you get in a car crash, police look up your info, go to your partner's house, tell them that you're in a coma in the hospital, he or she freaks out and drives down to the hospital and is sitting next to you in the ICU while that machine beeps every 2 seconds... is everybody going to be on top of their email?
Why would she or anyone else need to be on top of their email in such a case? Wouldn't that be the exact type of emergency where that anti-kidnapping system can safely be ignored?
If you're unlucky enough to be in a natural disaster at the level of Katrina, the flooding a couple years back in Houston or a large scale earthquake 30hrs without connectivity is probable.
If you expect to be kidnapped, quick response would be helpful. But if you're planning for unexpected death, there's no real need to get that out in less than 48 hours; it can easily be 15 days of inactivity followed by 15 days of failing to respond to probes.
Where I live (less than an hour from Seattle), I have had power outages longer than the proposed death countdown, my DSL goes down immedidately without utility power, and the cell towers only stay online for 4-6 hours. If it starts while I'm awake, I'll let people know, but if it starts at midnight, I might be out of communication until it's over.
Or just keep that stuff on an external hard drive or USB drive in your apartment, (perhaps with paper printouts if you're not worried about burglars reading them). You can even encrypt this and give your parents a printout of the master password. If they notice you are gone, they can presumably enter your flat and find your stuff if it's neatly organized.
All this software setup with various servers etc is way too fragile and hard to maintain and the lack of regular real life testing means it will probably not work the way you imagined in an actual emergency for any sort of edge case or other reason you haven't considered or you get false alarms and scare your parents with no reason etc.
Storing stuff online with a strong but memorable password makes a fine backup. But, for most people at least those with houses, protected (e.g. firebox) storage in their homes is probably the best primary. (And even if a bunch of stuff were on a USB I'd also have printouts.)
Also the online setup may be confusing to the parents, depending on their experience level. And something may break in the online setup, some update becomes necessary, some library breaks, the server is down etc. etc. Too many things can go wrong. That's fine for a low stakes hobby thing, but not really for the "I became incapacitated" alert system. Having friends check up on you, giving copies of apartment keys to trusted friends and parents, providing some form of access to your bank account to your parents if you trust them, keeping an up to date physical list of banks and other places where you store money and so on is more important.
It's already difficult to keep all this info up to date. Keeping a technical solution maintained is just extra distraction from the main points. The key difficulty is anticipating all the issues that will pop up when you actually die, practical stuff like interactions with banks etc. What will your parents need to know? What untied loose ends do you leave behind? It's uncomfortable to think about these things so most people put it off.
I have my doubts that any human-memorizable password can be strong enough to withstand a concerted offline attack. If what you're encrypting has to stay secret for 10, 20, 30 years (probably not the case for a password database), then it's a complete non-starter.
It's fairly easy to memorize a password with >64 bits of true entropy using techniques like diceware; if you use it regularly and/or have a good memory, 128 bits is completely feasible.
I have memorized a long sentence with randomly chose words out of large pools like geographic names, animal species and names of barely famous people, a random verb etc. Like "Bill Guthridge supplements in Bhadarwa with an Actias Luna" and a bunch of other words. Then translate this to a foreign language. Add more words if you feel more safe. After such random picks, you just get familiar with each actor in the sentence (read wiki pages then delete history) and refresh the whole sentence every 2-4 weeks using a reminder.
If you are missing, then authorities usually like to have a recent photo of you to aid in the search.
I don't see an explicit reference to "recent image of me" in your "First step" list of data - photos in legal docs/credentials may not accurately represent your current physical appearance.
This is great! As a shameless plug, check out Fidelius Vaults (https://www.fideliusvaults.com): you can create an 'If I Go Missing' Folder, which can be accessed by people you trust in emergencies.
The idea is that you choose people who act as proxies in an emergency event; if something happens, a configured number of them have to approve access to your vault of documents/information before it can be viewed
Interesting company, do you happen to know of any others in that area as well (for comparisons sake).
I've been thinking it would be neat to have something like a very long term will execution/time capsule, for example to release biographies or other such information a long time in the future (say the 100+ year range).
Something like that would require a lot of things to go right, one of which is the a good expectation that the company would be around by then, for example the old banks such as Lloyds (I doubt they offer this kind of service to individuals if at all however).
Curious to know if you had any thoughts for how a service similar to that would work (or if they exist already), if its even feasible.
While there are other document storage services, I'm not aware of any that make commitments for storing data 100+ years. For Fidelius I'm offering a 10 year notice / storage if the service ever sunsets, and I've seen similar from other companies.
The obvious concerns here are the storage media used, the DR plans for the service, and more importantly, trusting that the company will do right by you after you're gone – even if it goes under new management or bankrupts. While I always struggle to find applications for blockchain, perhaps this is a scenario where it could be useful... perhaps you could upload the encrypted data to the chain, and form a contract where the key to decrypt it is released after X years?
From the FAQ on the site it seems you can nominate 5 but make a rule that only 3 (or 2 or 4 or whatever) need to agree. It's a balance between security and speed of access.
I would absolutely not trust my life in an emergency situation based on my parents seeing an e-mail within 6 hours of receiving it, let alone filling out a rate-limited survey correctly and then figuring out how to SSH into a remote server and download some documents.
Yeah, that seems nuts. I'm a guy in my 30s and I regularly go longer than that without checking my email. In fact everybody does, when they sleep! If the email is sent even a few hours into your parents sleeping, the whole exercise will be entirely pointless even when everyone does the right thing.
>The link is random generated link available only 6 hours, this is important to be safe as you don't want anyone to be able to access all your passwords ...
This seems like too short of a duration. What happens if the email is sent between 23:00-01:00 (your parents timezone? They are probably asleep and the email will expire at 5-7AM. Will they see the email in time?
If the kidnapper rubber hoses you* then keeps your activities active and gradually corrupts your syncthing backup, you have a problem. Time for version 2!
* https://xkcd.com/538/ (or a health emergency quarantines you without a data connection)
What do people have set up in case of more an "unexpected death" situation?
I have basically all information someone would need to access any of my accounts in a password repository, but I don't have the key or password shared with anyone.
Obviously that would be an issue if I was incapacitated.
What is the recommended way to handle these things?
I maintain an encrypted vault-file containing some instructions and passwords accessible at a url that is printed on a piece of paper. Along with it is a "share" of a password which I split up using SSS[0]. I laminate those along with a piece of dark cardboard (to make it more difficult to peek) and instructions.
They are distributed among friends and family to be cut open in the event of my death.
It's based on the trust that not more than 5 of those 10 people will conspire against me while I am still alive, but also at least 5 of them will be able to find one another, and unlock the password should I pass.
I have heard of Shamir's Secret Sharing algorithm a few times in the past six months or so.
Today I finally decided to read the Wikipedia page and figure out how it works.
Really neat. Uses the fact that you need `k` points to uniquely define a `k-1` degree polynomial.
So if you want the secret to be recoverable by any `k` pieces, you just need to define a `k-1` degree polynomial and generate a series of points along that curve, with the secret at a known location on the curve
Basically it sets your secret to the polynomial constant term (i.e. the y value for x=0), generates random coefficients for the rest of the polynomial factors, and then computes however many points you requested. The shares are just encoded (x,y) pairs.
There is slightly more complicated math it to better obscure the secret, but in essence that's all it is. I thought that was really neat.
This is exactly something I intend to add to my document storage platform... I have some notes about it here: https://www.fideliusvaults.com/roadmap/. There's a balance of security and convenience that I've been calling the 'paranoia scale', and this sits on the far end towards 'least convenient, most secure'.
Out of curiosity, what kinds of accounts do you have that are so important that they are worth preserving in the event of your death? I can only think of financial stuff and those already have beneficiaries and whatnot specified when I set them up.
Social media presences come to mind, especially anonymous ones. I'd like my online friends to know I won't be back. If you have a blog, or otherwise publish, at least a brief announcement there might also be something you'd want to happen.
It would make cancelling subscriptions not needed anymore or transferring them to another person much easier I guess.
At a minimum, all your important information--including how to access any important online accounts--should probably be stored in a somewhat concealed fireproof box. This would also protect in the event of most fires and other natural disasters.
Make sure they are actually able to do this, too, and will be able to do this years from now, when everything you may have told them will be long forgotten. Most people have no idea what gpg is, have never used a command line, and have only a really basic idea of how encryption in general works.
If I told one of my coworkers that I use `pass` [0] to keep my passwords encrypted and synced into an online git repository, they would know what that means. My wife would have no idea.
So then it's not just a matter of "here are the relevant credentials", it's also "Here are the relevant technologies and X would know how to piece it all together"
But then at the same time, maybe it just doesn't really matter and I should just get a safe deposit box at the bank and put everything relevant in there in paper form.
I've been thinking about this a bit. Safety deposit box at a bank for sensitive info, draft a will with a lawyer with instructions of who to give the box's keys to and leave the keys with the lawyer and copy of the will. Then give the contact information of the lawyer to any party you believe should contact the lawyer for said will if you die and keep a "in the case this person is dead or severely incapacitated call this number" card in your wallet in a prominent space. That's what I've worked up so far.
Either a safe deposit box or a fireproof box. The former is a bit safer. The latter has more space than most safety deposit boxes and makes it easy to add/replace documents. Arguably at least documents that aren't especially sensitive but are important (e.g. insurance information) can be in the cloud somewhere and you can give a lawyer (and/or people you trust) the password.
1Password family accounts can have multiple admins; my partner and I are both admins and can reset each others passwords and disable MFA in the event that such a thing should become necessary; that's handy in another way as well, as we also have our parents as non-admin users in there, and we're able to reset their passwords if they forget them etc.
Both our accounts have strong passphrases and are secured with MFA of course.
Time-locked safe with an encrypted hardware dongle whose key is hidden in volumes of relevant literature classics and personal notes, buried at the end of a cave, at the end of an elaborate treasure hunt, of course.
Buried in Google's settings you can set up a system that will hand over your account (or even delete it) to someone you specify if some events play out like not logging in and etc.
I will admit that I am way more interested as to why someone is planning that ( I had a boss who had a reputation for being a major pain in the ass and once gave me a speech how she is prepared for being kidnapped and few other uncommon eventualities ).
Then again, I may be looking at it this through US lens. It may be a more common issue in other places ( like Africa maybe )?
I was going to say a simialr thing, but I would definitely not discount US from the discussions.
If I was veryvery rich and working in an industry that is suspicous at all, and I was located in USA or a South American or African country, I dont think preparing for kidnapping would be so out of the question.
Only the problem is the the opportunity cost of the life insurance. What information can you possibly keep that's worth more than a few million dollars? For most people it's probably better to keep the insurance payout than it is to spend it on aws cracking.
> Only the problem is the the opportunity cost of the life insurance. What information can you possibly keep that's worth more than a few million dollars? For most people it's probably better to keep the insurance payout than it is to spend it on aws cracking.
Also, you have to keep the encrypted treasure a secret, or someone else with money could snatch it out from under the heirs.
A DBA I had worked with years ago disappeared from work. Nobody on the contract knew where he was. After a week or so, his parents, who lived maybe 100 miles away, called the contract manager. He discovered that the man was in the county morgue as John Doe, having been found dead on the sidewalk outside his apartment, without ID on him.
I assume most HN readers are
- younger than the DBA, who was probably in his mid-fifties
- in better condition, for he was obese
- in a wider social circle, for he was pretty anti-social
Still, it isn't bad to have people who will know that you have disappeared.
I wonder if the time bound can be reduced on something like this with things we do every day. Open Gmail/Twitter on our phone, move outside of a geo fence. For people who are actually concerned about this but can not afford a body guard, there might be an interesting service that couples with travel insurance that handles this.
Why this doesn't exist a service? I would pay for this. I guess the complexity is giving a third party all the credentials your digital life + sensitive documents, but I would definitely pay for something that allows my family to be notified and handle all my matters in case I'm gone.
It seems like it should be possible to allow a second password for something like an email account. The first password works always, but the second one only works if last login was more than n days ago. So you could give the second password to your partner or family and know they can't use it unless you're incapacitated.
i want to point out that the way the addresses in the image of the mail is hidden appears to be easily recoverable even with plain eyes. Also, if you really think the likelihood of someone kidnapping you is somewhat high and you are preparing for that i would imagine posting about how it works is pretty counterproductive....
i am not sure you got that right from me. i probably should have made clear these are meant to be separate statements.
what i actually meant is the stuff he describes on how he expects this to work for him. for example a kidnapper would already know the best time to kidnap him is after he had lunch because that's a recorded activity which resets the timer. they also know he will send location data so they might take his phone on a different tour directly after kidnapping and there is probably more usable information in this post...
however, i assume here this is a kidnapping specifically targeting someone with proper due diligence. but that might not be very realistic at all and you actually are telling me about it. referring to them as fb/whatsapp users just made me think you might talk about technical aspects they would not get but i think there is more to it that might be easier to comprehend.
Around here, when someone is kidnapped, it's usually because a person from the victim entourage leaked some financial information. The kidnappers would just remove the phones from the victim and drive the victim around in a car for hours. After it the victim is moved into a safe house.
It's a pretty low tech business (from what I've heard from surviving victims or the family members of those that did not survive), no one will bother with investigating the online aspects of victim's life.
Tangent: I was thinking of a "deadman's switch wipe protocol" and other services as a result of your death eg. donating your assets or something. Would have to be pre-setup. Would be interesting to address false alarms.
I’m not a lawyer, but I don’t think “Donating your assets” would work (in any jurisdiction, but as I said, I’m not a lawyer, certainly not one versed in law in all countries of the world). Lawyers will argue that the fact that you set this up x months before death doesn’t mean that you still wanted it to happen when you died and/or that, at the time the assets were transferred you weren’t alive, so you couldn’t own the assets.
There's a chain of problems here. You'd need an open source GPS tracking app on your phone that has the rights to record and upload your location to a server whilst running in the background, then you need a personal server to store that stuff on, and then you need to find someone who knows what to do with that lot if and when you disappear.
> You'd need an open source GPS tracking app on your phone that has the rights to record and upload your location to a server whilst running in the background, then you need a personal server to store that stuff on,
Multiple solutions for this currently available on f-droid. simple and easy.
Sooo many eggs in one basket. Unless you are the son of an oil or shipping magnate, I suggest that your risk of being kidnapped pales in comparison to your risk of being hacked.
>> Currently after 24h without changing activity a first notification is sent to my own email so that if this is a mistake I can stop the system before it is too late. And if 6 hours later I've still haven't changed of activity then a mail is sent to my parents.
30 hours? I take it that the author has not done much international traveling, or traveling generally. And they haven't worked a job involving long hours, or a back-to-back shift after someone calls in sick. For any adult, 30 hours without connectivity is not enough to trigger a kidnapping alarm.