Ask HN: How will you manage your digital assets when you die?
As I get older I have needed to perform digital forensics on friends and family members online accounts and assets. This has me thinking how can I automate this for my own things?
For example I've built a password protected web-site that I try to keep updated with important information for family and a paper in my desk that reads "In the event of my passing visit this URL ...". This is a place to give survivors the keys to my password vaults and allow them to memorialize my social media profiles.
However no amount of documentation will cover cases of GitHub repositories and NPM modules. Are there ways of transferring repo ownership to others or bots to auto-reply to pull requests long after the authors passing? How do others plan to handle the case were their code and digital assets will live on past their own life?
178 comments
[ 3.0 ms ] story [ 134 ms ] thread"...we're all stories, in the end. Just make it a good one, eh?"
This revenue could be going to a family member for many months or even years after you have expired rather than just coming to an abrupt halt because you were paying for hosting month to month.
If I had my own small business, I would set up a legal trust and specify who and what is required to access a bank safe deposit box and what information was required to decrypt things.
https://support.google.com/accounts/answer/3036546?hl=en
I have several storage arrays of data (about 100TB currently). I've amassed every family photo I can get my hands on. Important TV, Movies, Books, Audiobooks.
I'm working on software to annotate the data and provide a "guide" of a sort of a "Young Lady's Illustrated Primer".
I'd like to be able to hand my daughter a hard disk or whatever the equivalent is-- of everything that was important to our family and to her intellectual development. In the case of my untimely death-- I'd like her to have a chance at avoiding some of the lessons I have paid entirely too much to learn.
That would also be a good opportunity to share thoughts with her that she may appreciate more when she has matured. Life seems to get in the way of saying some of the most important things. I have so many regrets about the conversations I was never able to have with my mom. She was a single parent and died at a young age. Our last conversation was an argument.
He ended up surviving it, and actually being declared cured--chemotherapy+radiation worked really well for him. It was a terrifying time, though, and I was really glad that they took the time to write down these things for us in case we lost him. They ended up publishing the book and it's sold tens of thousands of copies, but for me it's still the book my father wanted me and my brothers to have if he wasn't there to talk about it.
My mother wrote a children's book called The Magic, about my brother & me. It wasn't pressured by death, but having something written for / about us by our parents is a very special treasure.
He wrote 'Live Each Day - Make Your Life Extraordinary - To[sic] Soon It All Ends' in the header of those family pictures, and sadly it ended too soon for him; he died in 2016[2]; his obituary notes the he 'aspired to publish his self-written bartending book "Drinks for the 21st century."'
But his family photos were indexed by the Internet archive, and maybe now a few HN readers have seen them, and seen his own picture, and his memory lives on just a little bit longer.
[0] https://web.archive.org/web/19991012192746/http://mixdrinks....
[1] https://web.archive.org/web/20070403211755/http://www.bright...
[2] http://www.wacotrib.com/obituaries/foster-steven-edward/arti...
I never believe the projected lives of the things-- but consider it like everything else to be part of a safety net. I burn the irreplaceable things to those in addition to a normal backup strategy.
Off the top of my head, based on acting as (co)executor for my father:
-All executors
-Lawyer
-Bank teller (x2) who took photocopies so they know who the exeuctors are
-Car insurance person, same as above
-All potential beneficiaries, so they can challenge it if needed (this is a part of probate)
-Once it's in probate, pretty much anyone
I'd say it's safer to have in a "in case I die" envelope next to the will, but explicitly not part of the will.
E.g. it's not safe if the passphrase for your password manager or cryptocurrency wallet is only a single copy in your head; there are all kinds of plausible traumatic events/accidents resulting in things like prolonged hospitalization (e.g. what if you get hit by a car?) that may result in you misremembering some detail.
If you have a backup of the "master keys" in a safe somewhere, then they're not only a backup for you, but also for whoever inherits that safe.
E.g. a loved one getting a near-death event and suddenly needing lots and lots and lots of attention isn't really an "amnesia scenario", but might be sufficient; the same applies for the (admittedly rare) scenarios where travellers have gotten kidnapped by criminals or detained by third-world authorities, and people who have had to suddenly evacuate out of, for example, Syria. If you're out of action for some time, you may realistically be unable to recall exact details that aren't relevant to daily life in your changed environment - such as passwords. I've even seen breakups or divorces being traumatic enough so that people wouldn't care about anything at all for quite some time; and I can also imagine that a "less than perfect" childbirth and its consequences occupying all your thoughts and cares (and sleep!) for a week or two would also suffice.
There are all kinds of scenarios that trigger mental breakdowns so that, for example, people don't care about eating for days simply because what's happening right now is more important, immediate and overwhelming. In such cases they wouldn't also care about their digital suff, and when (some time after) the situation normalizes, and they get back to caring about access to their digital resources, there's no guarantee that they'd be able to recall anything that's not a basic, instinctive skill.
When my dad passed away, I looked through all his files (fortunately he had one password he used everywhere), but in the end there really wasn’t anything important.
There where a bunch of proposals, half finished projects, gigabytes of various data files, but following up on any of that stuff would just be a lot of work and require time that I don’t have.
I think that 99% of my data/code/digital footprint is only valuable because of me; when I pass away, most of my stuff will become worthless, and that’s okay.
Especially valuable is the optionality. How would you feel if you could not have reviewed your father's files? What if you couldn't access critical financial accounts or didn't know they exist?
FWIW, if I really don't know that they exist, I would probably not feel anything about them ;P.
There are already procedures for an executor or heir to assume control of a deceased's financial accounts and assets, and part of that process is determining what accounts the deceased had.. You don't need to dig through Dad's Gmail for that.
Like the first poster said, anything actually important either already has procedures in place or will be figured out in the probate process or otherwise.
Trawling through browser histories and correspondence is often the only way to get a reliable picture of what's going on.
Last year's tax return will probably identify any significant investments, at least those that are producing income.
I, along with 95% of the world's population, do not live in a place where Equifax exists.
Tax returns capture some things. They also don't get filed for several years sometimes. They don't capture assets like cryptocurrency or off market shares.
Life is messy and death more so.
But you probably do live in a place with probate laws. This isn't a new problem, and there are processes to deal with it.
This is subjective. My dad has zero assets, and oodles of debt.
People are trying to use economics as a way to avoid uncertainty, it seems.
It's like hoarders that store decades of Readers Digest. "Everything has a potential value!" fingers tips rapidly tapping against each other "Yes it's so obvious! This Beanie Baby collection is mine!"
The reality is, things only have economic value if you can sell them. And they only have personal value if the people in question give a shit.
There's no law of physics here.
TimeHop kind of does this for social media, but it would be cool to open up my email accounts and iMessage. I think my loved ones would value opening up an app and saying "What was jbob doing on this day 2 years ago..."
But when you're dead, there's no guarantee your descendants or next of kin will have any interest whatsoever in the minutia of your digital life.
Easy to fix - leave a note telling them you have huge wealth hidden away and the only way to find is it to solve the puzzles sprinkled throughout the minutia of your digital life.
Having in recent years lost more than one close relatives - no, I don't really need. I wouldn't do this even if I could.
If you want to be there for your loved ones be there today. Instead of coming up with a novel data vault scheme come up with a way to delight them tomorrow, when you are alive.
I love nerding about but if one is dealing with serious things like relationships, I would focus on pre-death interactions rather than post death mausoleums.
Listening to that while he's alive would be a waste of your irreplaceable shared time on Earth, right? It's just his job. While your Dad is alive you should go talk to him on subjects he cares about.
After he dies, though, if there happens to be an archive of your father joking around with, remonstrating, and otherwise being himself with the people who made up half of the social context for his waking life, year after year, that might be valuable to you.
It only has value in the right emotional context, of course, perhaps when you reach the age he was when the recordings were made. You can measure your daily self against the daily self your father created and inhabited.
An existential crisis might create a desire for that comparison, or perhaps you'll find yourself missing him and realize that family records don't show who he was in the world at large.
If your father is careless with that information you don't have that opportunity. If you are careless with your equivalent of that information your heirs won't have that opportunity.
When I die, I hope I am forgotten - because honestly, grief is shit, and the dead neither appreciate it, nor wanted it before they died. People can't be measured, and their lasting forms aren't them in any case - they are just text, video, photographs.
On the other hand, now, that's bleak.
I would view that human relationships are like strings that connect human beings. Grief of loss is the process of cutting those strings - one-by-one - and it hurts like hell. Because, if the relationship was an important one - I think it's supposed to. And after the grief has done it's job the living move on.
After the grief has done it's job, memories become bitter sweet. There are always complications, of course, and for example unresolved issues make it difficult to let go.
We begin to die the day we are born. It's only a matter of time, really. All of us are mortally ill of a condition called life. Every precious relationship must end in time.
There is a zen-story about this. A wise man was asked what was happiness? He answered, a man is born, a son is born, a grandson is born. Man dies, son dies, grandson dies. It sounds horrible the first time you hear it, but then you realize it nailed it completely - any other order would be worse, and having no children would be even sadder.
My mother has always said "Funerals are for the living, not the dead." I don't find the GPs attitude bleak at all. The people who grieve most heavily seem to be those with unfinished business with the deceased. If you leave behind no unfinished business, I think people can let it go fairly easily. They got what they needed while you were alive. That's a good deal.
I'd rather a decent amount of those survive me in some fashion. A few might, as they'll probably be included in console or flash game rom dump collections, but I wish more would. I also wish i completed more projects in my lifetime.
I've experienced the other side of this one - a lot of my family were amateur artists. Their work, on the whole, isn't that interesting. Their practice, on the other hand, is something they passed on, and I value it quite a lot. As a kid, I was always encouraged to make things, and to make new things rather than replicas, and to take making things seriously.
I still make a lot of stuff, and I really feel that people who don't are missing out - but I don't think I've made anything that I'd like my descendants to have - other than the practice of making things itself. I guess family, at its best, is about passing on traditions that allows you to live well in a frankly hard and troubling world. I mean, you can pass on more stuff than that - paintings, photos - but it usually ends up sitting in some attic. At least, that's what's happened to the creative output of about four generations of my family.
Truer words have never been spoken.
For my own, some are online, but most are around the room, copied onto various storage devices (redundantly, and on devices that my wife knows about, and that other family members could easily find, if we were collectively hit by a bus).
In terms of ebooks and non-CD digital music, there's maybe a couple hundred dollars worth. Almost all of my digital video is on DVD/Blu-Ray. The photos would have more value, anyhow.
For software: Meh. My projects are mostly for my own entertainment. If someone wanted to fork them, it's not like they'd be fighting for control of a community, or something.
I watched an hour long video about a youngish technologist who died in auto accident. His wife lost control of their i-devices. Some of his encrypted devices that he maintained for clients were also equally inaccessible. The only way the wife regained control of her own digital and financial life was to tap technologist friends who called in favors with Google / Apple. Even they could not decrypt the miscellaneous client owned devices. Neither could the clients. [Edit: I searched for this video and unfortunately could not locate it.]
I put my parents on 1Password. Begged them actually. I quote "how about we just try it for like a week while I am here? if you don't like it, I won't ask you again." My Dad had a crazy so-called method that was supposedly simple to follow, but every time he tried to explain it to me as executor of his & my mom's estates, it was incomprehensible.
After 1 week, Dad was a convert and Mom had her first reliable access to the joint online bank accounts.
For myself, I have a technical hand over plan for somebody to follow to break the encryption on my devices. I also give an accounting of my data, what is where, both financial and sentimental. Most data can be immediately deleted, but some thing like my photography and music collections may be wanted by somebody in the family. The executor of my estate gets the financial records.
That sounds very unlikely. This isn't a new problem, and there are procesing in place which discover any and all financial account belonging to the deceased and transfer ownership to the estate's executor. I don't believe for a second that this woman couldn't get into some financial account belonging to her husband without inside help.
The issue wasn't getting into a financial account per se, rather getting into all the devices the husband controlled. She didn't know the passwords.
In the old days, estate executors would monitor physical mail to make sure they found all bank accounts. With many tech savvy people moving away from physical mail, the only notification about which accounts are out there are arriving by email to an account an executor does not have access to. How to know which accounts need to fall under the estate if you don't know the account exists?
Anyway, I will keep up the search for the video. I tweaked my personal technology plan a bit to deal with some of the issues that video raised. In addition to a physical list of key passwords, 2FA recovery keys, and encryption keys, I also included specific recovery scenarios like:
1) me dead, all laptops / phones / 2-factor fobs destroyed
2) me dead, phone missing, but still have laptop & fobs
3) me dead, laptop missing, but have phone & fobs
4) me dead, fobs missing but have laptop & phone
As a courtesy to clients, I also noted what client assets and data I controlled, where I kept the object, how to decrypt if necessary, and who to contact to arrange hand over.
https://boingboing.net/2016/02/04/how-to-prepare-to-join-the...
Where do you store all of this?
She actually did have an accident that caused memory loss and it was a huge problem for her.
Your memory is important, make sure you have a backup of the crucial bits :)
He was lucky all his grand father's note were on paper.
Although it's hard to look through personal files like that, it's even worse if you had the opportunity to, didn't do it, and the hard drive failed.
isn't this wildly insecure? at the very least it means lastpass can read all your passwords at any time.
https://en.m.wikipedia.org/wiki/LastPass#2011_security_breac...
LastPass’s history is troubling but they’re also the biggest target out there. IMO, the entire space of “cloud” password managers is inherently untrustworthy.
When you designate someone for emergency access, it also encrypts your vault with their public key. In a way the person and Lastpass hold each other accountable because:
1. Lastpass only gives the encrypted vault data to the emergency contact after the waiting period. They cannot decrypt the vault without having the encrypted vault data.
2. The person's private key is encrypted inside their vault by their master password. As lastpass doesn't know their master password for their vault, lastpass doesn't have the key to your vault.
I would not call this "wildly insecure", but definitely has more risk factors than not doing it. For most people I think this is a reasonable tradeoff if they want people to be able to access their data without huge inconvenience.
Not if it's been done right. They'd use some kind of multi-key secret sharing scheme (like shamir), where the password database would be encrypted with the public keys of both lastpass (the custodian) and the designated person. (This would be done on the client side, by the designator.)
It will probably quickly turn out that things which currently look important are unmaintainable for the long term. Software updates are expensive and even companies frequently do not invest budget in old software.
This does not render the indiweb useless on the long term in contrast to a mainline blog provider such as medium.com, it just gives it another quality. To cover such services: Even if they guarantee you today the service will be free "forever", they do not need to comply with that in 10, 50, 100 years. Where is geocities today? I think in the digital age, decay goes much quicker then in the past.
What can be done is to make sure information go to well-preserved standards. PDF-A, static websites, https://archive.org/ , these are more likely to hold up for a longer time.
Encode your assets/keys/passwords and share just a portion of the key.
If you extrapolate computing cost/power trends, you can estimate how long until it will be practical to brute-force decrypt the portion of the key you didn't share.
Of course, this is an approximate, not precise, timing system.
"devices can differ dramatically now even in the same computers; to take the example of Bitcoin mining, my laptop’s 2GHz CPU can search for hashes at 4k/sec, or its single outdated GPU can search at 54M/second [...] it would not be very useful to have a time-lock which guarantees the file will be locked between a year and a millennium, depending on how many & what kind of people bother to attack it and whether Moore’s law continues to increase the parallel-processing power available"
A better (but still not great) way to do it is to take 100 random numbers, hash them a trillion times (in parallel), then use each hash to successively encrypt the starting seed for the next hash. The last hash in this chain is the private key you encrypt your data with. You release the first seed and each encrypted hash and the encrypted data.
To brute force your key someone would have to hash the first seed a trillion times, decrypt the seed of the next hash and hash it a trillion times and so on until they get the key. This can't be parallelized, but you can generate the hashes in parallel.
It's still not great because you're probably not using 100 of the best possible ASICs for your chosen hash, whereas an attacker might or might not.
https://www.gwern.net/Self-decrypting-files
The idea to gather the group chat was that tech-savvy people could help those in need of technical help and people could conglomerate together to reach out to people who are not active on Facebook. I imagine it to be fair that people who've helped me during my life would be offered an opportunity to receive tangible value for their positive effect in my life.
As for online accounts in general, I think those should die with me.
The bot is called a “lawyer” and the process by which someone receives your wealth is called “executing a will”.
Practically, while possible, leaving an inheritance in my current country of residence for anyone outside of my family is imposing negative tax consequences on another. And that's not a gift in my book, more like showing up on your door in a foreign country asking for help, followed by a quick notion that the government is also after me.
With all these lawyers, their leetspeak, and lengthy processes posing friction it's not a worthwhile effort to practically leave any change after me, thus why I thought to slap a "smart contract" on it.
I do not use any cloud services for storing data, and do not use any social media websites (other than perhaps HN, but all my actions are public here anyways). So that's a nop.
If there are things I think others will want when I'm gone (e.g. photos, documents), put them in a place where they can be physically accessed.
Everything else disappears when I do.
"Nobody exists on purpose, nobody belongs anywhere, everybody's going to die, come watch TV."
https://research.fb.com/publications/legacy-contact-designin...
I recently saw an edge case of how complex it is to manage online identity after death, in this WaPo article titled, "She wore the weapon in a photo with a friend -- then killed her with it": https://www.washingtonpost.com/news/true-crime/wp/2018/01/18...
This story is notable, for starters, because instead of using a screenshot of the photo, the article embeds the FB image directly, which means it is clickable and you can go to the user profile. What's even more unusual is that this photo was a selfie taken by the murderer (the selfie features both women), who then sent it to the victim, who then posted it on her own profile before getting murdered that night. And apparently, as most people her age, the victim didn't think about suddenly dying, nevermind designating an "heir" for her FB account.
Anyway, you can see the comments in that photo and guess that the victim's friends were very pissed about something. Not just about how the murderer (whose faux-woe-is-me comment can still be seen) commented, but because apparently the victim uploaded this photo (taken by her murderer) and used it as her profile pic. So the victim's friends apparently had a dispute with FB to get the photo removed -- or at least changed to not be her profile pic -- and were apparently successful after an initial rejection.
tl;dr: FB doesn't have a policy for when you choose a photo with a friend as your profile pic, but then get murdered by that friend.
As to whether you can trust your friend or not, that is a different matter all together. You have to pick someone you can trust. If no such person exists, just close your FB ahead of time.
Anything paid - it's in escrow
Anything private - it dies with me.
I personally just built an automated git push + email that will get sent if I don't stop it every week. Simple, Clean & Free. And my email has been prepaid for ~2 - 3 yrs (and I pay every year so it gets pushed ahead every year).
[0]: https://www.codekeeper.co/ - I don't personally use it. I found it on google.
I think at some point we may need to sit down as a software industry with the law industry and draft better laws protecting digital assets as inheritable assets.
Some easy examples:
1) Digital movie unlocks on platforms like Ultraviolet and/or Movies Anywhere. Are those unlocks inheritable? The service agreements are unclear, and the "family account" adds additional gray area.
2) Software Licenses and Software Subscriptions/Accounts. How many EULAs bother to mention inheritable rights other than to squash them or send them to mediation? Which of the App Stores support family sharing? How many have yet thought ahead to inheritable rights?
3) Are the GDPR Rights (Right to Erasure, Right to Rectification, Right to Access by the Data Subject, et al) inheritable? Right now the easy answer is that they don't mention the idea at all, and at least some of the GDPR implementors' heads might explode if they thought they would also need to consider survivors' access to those Rights.
There are likely to be some huge coming legal battles over some of this stuff, and its something that I feel surprised not enough legal minds are even considering today.
More directly, if we look at Movies Anywhere's T&Cs [1], here's the main description of your license:
«Within the Territory and subject to the terms and conditions in these Movies Anywhere Terms of Use, Movies Anywhere grants you a limited, personal use, non-transferable, non-assignable, revocable, non-exclusive and non-sublicensable right»
I am not a lawyer, but the keywords there seem to me to be non-transferable and non-assignable. That is meant to keep you from reselling movies unlocked in your account, but also implies that the right is not inheritable. So too, the words "personal use" may imply "you and only you". Though that is a fun gray area in the terms because the system allows family accounts that bend past "only you". That's also why there is gray area in inheritance cases. The T&C as written would seem to me to bind only to you, not your family. Disney has the right to suspend your account for any reason at all, according to the T&Cs, but if they did need a reason "your death" is pretty clear because at that point the T&Cs no longer apply to "you".
Again, I'm not a lawyer, but this seems a pretty big and ugly minefield for digital assets that I would love to see more frank conversations about. I think it is a missing EFF plank, at the very least (and I've mentioned that with past donations).
[1] https://moviesanywhere.com/terms-of-use
So it would mean that companies would not be obliged to comply with GDPR.
Dead man's switch (or euphemistically, "Google Inactive Account Manager") that emails inheritee(s) with instructions for retrieving encrypted keys from a safe deposit box or other location, along with password for decryption and distribution allocation?
Just giving private keys directly to your lawyer, sealed in your will, or encrypted with some type of challenge that only inheritees would know?
I have no friends and the only family that would care will, assuming we all die due to passage of time, have already passed years prior.
(one step of which will be to activate my dormant conciousness transference program so I can become the singularity)
Joking aside. If you don't have a will, and/or a trust established, you need to do so asap! It will save your family much trouble, drama, and probably money. For example, if you have multiple properties in other states, there is a tax imposed for transferring the title to a family member that sometimes is so steep the family must sell the property to pay it! This can largely be avoided though if you have multiple properties in a trust...
Source: I know lawyers and paralegals who talk about this kind of stuff all the time, and how sad it is when people die without having created a will and all their assets are siezed by the state, and other similar situations. (For example, it depends on the state, but a common misconception is everything you own goes to your next of kin if you don't have a will, such as a wife or child. That's often not true though.)
Unfortunately it seems to have turned into a weird site driving people to lawyers/life insurance quotes but you can still view the original one on the way back machine: http://web.archive.org/web/20130124012917/http://getyourshit...
Their checklists were pretty awesome.
Edit:
Here is their annual checklist: https://media.npr.org/assets/news/2013/checklist.pdf