Ask HN: How will you manage your digital assets when you die?

298 points by sirsuki ↗ HN
As I get older I have needed to perform digital forensics on friends and family members online accounts and assets. This has me thinking how can I automate this for my own things?

For example I've built a password protected web-site that I try to keep updated with important information for family and a paper in my desk that reads "In the event of my passing visit this URL ...". This is a place to give survivors the keys to my password vaults and allow them to memorialize my social media profiles.

However no amount of documentation will cover cases of GitHub repositories and NPM modules. Are there ways of transferring repo ownership to others or bots to auto-reply to pull requests long after the authors passing? How do others plan to handle the case were their code and digital assets will live on past their own life?

178 comments

[ 3.0 ms ] story [ 134 ms ] thread
Nothing matters in the end...
Exactly. Or to partially quote the 11th Doctor from Doctor Who:

"...we're all stories, in the end. Just make it a good one, eh?"

But what if you have digital assets that are generating revenue without needing much maintenance?

This revenue could be going to a family member for many months or even years after you have expired rather than just coming to an abrupt halt because you were paying for hosting month to month.

Just make your spouse/immediate family member aware of your finances. They should always know where the money is coming from. If your family somehow is not aware or does not understand how the food is coming on their table, then it is not the right way of leading the family. Your significant other should be aware of your income sources and debts. They should never get surprises doesn't matter whether your are alive or dead.
(comment deleted)
For my own things, my accounts will just linger until the provider either goes out of business, or until account inactivity leads to deletion. Hopefully I wrote something witty or clever prior to going on permanent vacation.

If I had my own small business, I would set up a legal trust and specify who and what is required to access a bank safe deposit box and what information was required to decrypt things.

I would not worry about it. In a decade or so when this becomes a common problem, expect the major tech companies to come up with their own automated process to handle this. Whatever system you come up with now will probably be obsolete in a few years. I would just let the service providers handle it.
(comment deleted)
If only we had guaranteed lifespans.
I suspect most people on HN are their own service providers, to at least some extent.
I've given this a LOT of thought.

I have several storage arrays of data (about 100TB currently). I've amassed every family photo I can get my hands on. Important TV, Movies, Books, Audiobooks.

I'm working on software to annotate the data and provide a "guide" of a sort of a "Young Lady's Illustrated Primer".

I'd like to be able to hand my daughter a hard disk or whatever the equivalent is-- of everything that was important to our family and to her intellectual development. In the case of my untimely death-- I'd like her to have a chance at avoiding some of the lessons I have paid entirely too much to learn.

You might also consider creating a video of yourself explaining what these things are, why they are important and how to access and use the data.

That would also be a good opportunity to share thoughts with her that she may appreciate more when she has matured. Life seems to get in the way of saying some of the most important things. I have so many regrets about the conversations I was never able to have with my mom. She was a single parent and died at a young age. Our last conversation was an argument.

Wayyyy ahead of you :) But thank you :)
Years ago, my father was diagnosed with Stage 4 cancer, and given a 55% chance of surviving six months. The immediacy pushed him and my mother into writing out the book they'd been thinking about for years, a book on manhood for their sons.

He ended up surviving it, and actually being declared cured--chemotherapy+radiation worked really well for him. It was a terrifying time, though, and I was really glad that they took the time to write down these things for us in case we lost him. They ended up publishing the book and it's sold tens of thousands of copies, but for me it's still the book my father wanted me and my brothers to have if he wasn't there to talk about it.

What is the book?

My mother wrote a children's book called The Magic, about my brother & me. It wasn't pressured by death, but having something written for / about us by our parents is a very special treasure.

I too have scanned all the photographs from my family and my wife's family. The oldest is a tintype of my father's paternal grandparents, circa 1868. The scans are on a RAID 1 NAS, backed up nightly to another RAID 1 NAS, with other periodic backups. But it seems unlikely any of these copies will last another 150 years.
What if you print it to microfiche?
Perhaps consider making multiple copies to optical media using parity data on each volume. Writing rar and par files to multiple DVD's should suffice. There is of course the risk that not many people will know what a DVD or rar/par file is in 150 years.
Steven E. Foster, a bartender whose magnum opus was at one point available at mixdrinks.com[0] and later at brightredlipstick.com[1], had a section on the latter site labelled 'Look At Old Pictures Of My Relatives, So They Are Not Forgotten.' Here's an example: http://brightredlipstick.com:80/pictures2.html

He wrote 'Live Each Day - Make Your Life Extraordinary - To[sic] Soon It All Ends' in the header of those family pictures, and sadly it ended too soon for him; he died in 2016[2]; his obituary notes the he 'aspired to publish his self-written bartending book "Drinks for the 21st century."'

But his family photos were indexed by the Internet archive, and maybe now a few HN readers have seen them, and seen his own picture, and his memory lives on just a little bit longer.

[0] https://web.archive.org/web/19991012192746/http://mixdrinks....

[1] https://web.archive.org/web/20070403211755/http://www.bright...

[2] http://www.wacotrib.com/obituaries/foster-steven-edward/arti...

There's archival Bluray format called M-Disc which claims to have a several hundred year storage life and to be "impervious to environmental conditions". You can get the writers fairly inexpensively, and the discs are $88 for 5x100GB on Amazon.

I never believe the projected lives of the things-- but consider it like everything else to be part of a safety net. I burn the irreplaceable things to those in addition to a normal backup strategy.

Can you say more about the annotation aspect?
I don't want to say a lot about it because the idea is way, way ahead of its time. I will however point you to a book called "The Diamond Age". :)
So, I'm using an open source password manager (KeePassX), and syncing the encrypted password database over several devices. Hopefully this gives me protection from loss from this data and I've thought about giving somebody the passphrase, in some way. I guess I could write it in a will and seal it up or leave it with a solicitor, but I think the best thing might be to give it to an old friend of mine who I don't actually see all that often these days though I met him at uni, 30+ years ago (but I went to both his weddings, was best man at one of them). I'm pretty sure I could trust him to know how to close the accounts and/or give the details to my next of kin.
You could also use something like Shamir's Secret Sharing algorithm to include a piece of your password in your will, another with your old friend, maybe a third in a safety box with a key in escrow with your solicitor, and make it so that it takes two of the three pieces (or n of the k) to recover your password.
Could put something like a 1password (or other password manager) key/password somewhere accessible.
You could put it in your will, right? That way only your lawyer has access, and if you die then it is released based on the instructions.
I'd strongly suggest NOT putting it in your will - more people than you may think end up taking a look at the will.

Off the top of my head, based on acting as (co)executor for my father:

-All executors

-Lawyer

-Bank teller (x2) who took photocopies so they know who the exeuctors are

-Car insurance person, same as above

-All potential beneficiaries, so they can challenge it if needed (this is a part of probate)

-Once it's in probate, pretty much anyone

I'd say it's safer to have in a "in case I die" envelope next to the will, but explicitly not part of the will.

You anyway need an offline backup for such keys/passwords in case you forget them, lose them, or they get destroyed in e.g. fire.

E.g. it's not safe if the passphrase for your password manager or cryptocurrency wallet is only a single copy in your head; there are all kinds of plausible traumatic events/accidents resulting in things like prolonged hospitalization (e.g. what if you get hit by a car?) that may result in you misremembering some detail.

If you have a backup of the "master keys" in a safe somewhere, then they're not only a backup for you, but also for whoever inherits that safe.

I'll admit I've considered the amnesia scenario before. Haven't done anything about it yet though. Might need to start thinking about that.
It's not even amnesia - any life event that's serious enough to simply force you to not use some password and require you to stressfully think about something else for some weeks can be sufficient to misremember anything that's complex/random enough to be secure.

E.g. a loved one getting a near-death event and suddenly needing lots and lots and lots of attention isn't really an "amnesia scenario", but might be sufficient; the same applies for the (admittedly rare) scenarios where travellers have gotten kidnapped by criminals or detained by third-world authorities, and people who have had to suddenly evacuate out of, for example, Syria. If you're out of action for some time, you may realistically be unable to recall exact details that aren't relevant to daily life in your changed environment - such as passwords. I've even seen breakups or divorces being traumatic enough so that people wouldn't care about anything at all for quite some time; and I can also imagine that a "less than perfect" childbirth and its consequences occupying all your thoughts and cares (and sleep!) for a week or two would also suffice.

There are all kinds of scenarios that trigger mental breakdowns so that, for example, people don't care about eating for days simply because what's happening right now is more important, immediate and overwhelming. In such cases they wouldn't also care about their digital suff, and when (some time after) the situation normalizes, and they get back to caring about access to their digital resources, there's no guarantee that they'd be able to recall anything that's not a basic, instinctive skill.

If it’s important, people will figure something out; if it’s not important, who cares?

When my dad passed away, I looked through all his files (fortunately he had one password he used everywhere), but in the end there really wasn’t anything important.

There where a bunch of proposals, half finished projects, gigabytes of various data files, but following up on any of that stuff would just be a lot of work and require time that I don’t have.

I think that 99% of my data/code/digital footprint is only valuable because of me; when I pass away, most of my stuff will become worthless, and that’s okay.

The value isn't in the items themselves, but in their perceived value.

Especially valuable is the optionality. How would you feel if you could not have reviewed your father's files? What if you couldn't access critical financial accounts or didn't know they exist?

> What if you ... didn't know they exist?

FWIW, if I really don't know that they exist, I would probably not feel anything about them ;P.

He means you would be wondering about them, causing angst.
In which case you might as well be wondering about them already: your father might very well have a bank account in another country, or a chest of gold dubloons buried in the back yard, or a bunch of stock certificates for some company he invested in fifty years ago... you really never know!
>What if you couldn't access critical financial accounts or didn't know they exist?

There are already procedures for an executor or heir to assume control of a deceased's financial accounts and assets, and part of that process is determining what accounts the deceased had.. You don't need to dig through Dad's Gmail for that.

Like the first poster said, anything actually important either already has procedures in place or will be figured out in the probate process or otherwise.

(comment deleted)
Don't you? Many people aren't great at record keeping, especially as they get older. It can often be difficult to figure out exactly what accounts and investments exist, let alone how to access them to clean them up.

Trawling through browser histories and correspondence is often the only way to get a reliable picture of what's going on.

Equifax, for as much as they are maligned, will tell you what open credit accounts the deceased person had.

Last year's tax return will probably identify any significant investments, at least those that are producing income.

https://en.m.wikipedia.org/wiki/File:World_population_percen...

I, along with 95% of the world's population, do not live in a place where Equifax exists.

Tax returns capture some things. They also don't get filed for several years sometimes. They don't capture assets like cryptocurrency or off market shares.

Life is messy and death more so.

>I, along with 95% of the world's population, do not live in a place where Equifax exists.

But you probably do live in a place with probate laws. This isn't a new problem, and there are processes to deal with it.

You are wrong about the 95% number. They entered India few years ago.
> How would you feel if you could not have reviewed your father's files?

This is subjective. My dad has zero assets, and oodles of debt.

People are trying to use economics as a way to avoid uncertainty, it seems.

It's like hoarders that store decades of Readers Digest. "Everything has a potential value!" fingers tips rapidly tapping against each other "Yes it's so obvious! This Beanie Baby collection is mine!"

The reality is, things only have economic value if you can sell them. And they only have personal value if the people in question give a shit.

There's no law of physics here.

That's a shame that you think that. Our digital footprints are the maps of our lives. I will happily give every password I own to a website that scrapes all the services and constructs a timeline of my life. You think its mundane, but our identity lives in the work we do, half finished or not. I love re-reading notebooks from elementary school not for the content, but for the little scribblings I did in the margins.

TimeHop kind of does this for social media, but it would be cool to open up my email accounts and iMessage. I think my loved ones would value opening up an app and saying "What was jbob doing on this day 2 years ago..."

"I love re-reading notebooks from elementary school not for the content, but for the little scribblings I did in the margins."

But when you're dead, there's no guarantee your descendants or next of kin will have any interest whatsoever in the minutia of your digital life.

> there's no guarantee your descendants or next of kin will have any interest whatsoever in the minutia of your digital life.

Easy to fix - leave a note telling them you have huge wealth hidden away and the only way to find is it to solve the puzzles sprinkled throughout the minutia of your digital life.

The worst kind of betrayal is the kind you inflict after your own death.
'I think my loved ones would value opening up an app and saying "What was jbob doing on this day 2 years ago..."'

Having in recent years lost more than one close relatives - no, I don't really need. I wouldn't do this even if I could.

If you want to be there for your loved ones be there today. Instead of coming up with a novel data vault scheme come up with a way to delight them tomorrow, when you are alive.

I love nerding about but if one is dealing with serious things like relationships, I would focus on pre-death interactions rather than post death mausoleums.

In life it's easy to be uninterested in your Dad's thousand-hour audio archive of him presiding over the Civic Plumbing Council of Akron, Ohio.

Listening to that while he's alive would be a waste of your irreplaceable shared time on Earth, right? It's just his job. While your Dad is alive you should go talk to him on subjects he cares about.

After he dies, though, if there happens to be an archive of your father joking around with, remonstrating, and otherwise being himself with the people who made up half of the social context for his waking life, year after year, that might be valuable to you.

It only has value in the right emotional context, of course, perhaps when you reach the age he was when the recordings were made. You can measure your daily self against the daily self your father created and inhabited.

An existential crisis might create a desire for that comparison, or perhaps you'll find yourself missing him and realize that family records don't show who he was in the world at large.

If your father is careless with that information you don't have that opportunity. If you are careless with your equivalent of that information your heirs won't have that opportunity.

As somebody who spent wholly too much time on the dead, honestly, it's not worth it. Poring through old things gives you a thin kind of happiness, but prolongs your grief. When people die, information is inevitably lost - an awful lot of it. The real loss is that what they leave behind, including your memories, are very shallow in comparison to who they were. Trying to make up for essential shallowness by just collecting more data is like trying to quench your thirst by drinking spit.

When I die, I hope I am forgotten - because honestly, grief is shit, and the dead neither appreciate it, nor wanted it before they died. People can't be measured, and their lasting forms aren't them in any case - they are just text, video, photographs.

"When I die, I hope I am forgotten"

On the other hand, now, that's bleak.

I would view that human relationships are like strings that connect human beings. Grief of loss is the process of cutting those strings - one-by-one - and it hurts like hell. Because, if the relationship was an important one - I think it's supposed to. And after the grief has done it's job the living move on.

After the grief has done it's job, memories become bitter sweet. There are always complications, of course, and for example unresolved issues make it difficult to let go.

We begin to die the day we are born. It's only a matter of time, really. All of us are mortally ill of a condition called life. Every precious relationship must end in time.

There is a zen-story about this. A wise man was asked what was happiness? He answered, a man is born, a son is born, a grandson is born. Man dies, son dies, grandson dies. It sounds horrible the first time you hear it, but then you realize it nailed it completely - any other order would be worse, and having no children would be even sadder.

"When I die, I hope I am forgotten" On the other hand, now, that's bleak.

My mother has always said "Funerals are for the living, not the dead." I don't find the GPs attitude bleak at all. The people who grieve most heavily seem to be those with unfinished business with the deceased. If you leave behind no unfinished business, I think people can let it go fairly easily. They got what they needed while you were alive. That's a good deal.

There's a huge difference between forgetting and letting go though.
(comment deleted)
We have very different viewpoints. I'm a creative person. I have worked on many things that haven't been successful (and some of which have) but people I know might find them interesting and entertaining (Stories, novel attempts, video games, board games, music, videos, etc).

I'd rather a decent amount of those survive me in some fashion. A few might, as they'll probably be included in console or flash game rom dump collections, but I wish more would. I also wish i completed more projects in my lifetime.

Realistically, if a project is unfinished, is it interesting? My feeling is that I don't finish creative projects because they have some kind of fundamental dysfunction or problem. If a creative project failed to keep my attention to the bitter end, then I don't think it would be keeping the attention of my descendants on its own merits.

I've experienced the other side of this one - a lot of my family were amateur artists. Their work, on the whole, isn't that interesting. Their practice, on the other hand, is something they passed on, and I value it quite a lot. As a kid, I was always encouraged to make things, and to make new things rather than replicas, and to take making things seriously.

I still make a lot of stuff, and I really feel that people who don't are missing out - but I don't think I've made anything that I'd like my descendants to have - other than the practice of making things itself. I guess family, at its best, is about passing on traditions that allows you to live well in a frankly hard and troubling world. I mean, you can pass on more stuff than that - paintings, photos - but it usually ends up sitting in some attic. At least, that's what's happened to the creative output of about four generations of my family.

I agree. An old friend of mine died last year, and I recently discovered a youtube video of her speaking at an academic conference. The subject doesn't interest me, and while she was alive I wouldn't have even bothered to search for videos much less watch it. But now she's dead it is the only record I have of what her voice sounded like, how she expressed herself. So I downloaded a copy to keep and although it's unlikely I'll watch it again, it is some tiny comfort. Context changes the value of these things.
>I would focus on pre-death interactions rather than post death mausoleums.

Truer words have never been spoken.

I've been wanting to create something like this for a long time. A recreation of your life using all the services from the web that have a 'takeout' option. Google emails, photos, messages, location data, Facebook messages and posts, Mint transactions, SMS, etc.
No family photos? Digital books and music?
Is that not already digitized and shared with family?
My grandfather's were on his PC and cameras (those that weren't hard-copy photos that he developed himself).

For my own, some are online, but most are around the room, copied onto various storage devices (redundantly, and on devices that my wife knows about, and that other family members could easily find, if we were collectively hit by a bus).

In terms of ebooks and non-CD digital music, there's maybe a couple hundred dollars worth. Almost all of my digital video is on DVD/Blu-Ray. The photos would have more value, anyhow.

For software: Meh. My projects are mostly for my own entertainment. If someone wanted to fork them, it's not like they'd be fighting for control of a community, or something.

That's a really, really bad idea.

I watched an hour long video about a youngish technologist who died in auto accident. His wife lost control of their i-devices. Some of his encrypted devices that he maintained for clients were also equally inaccessible. The only way the wife regained control of her own digital and financial life was to tap technologist friends who called in favors with Google / Apple. Even they could not decrypt the miscellaneous client owned devices. Neither could the clients. [Edit: I searched for this video and unfortunately could not locate it.]

I put my parents on 1Password. Begged them actually. I quote "how about we just try it for like a week while I am here? if you don't like it, I won't ask you again." My Dad had a crazy so-called method that was supposedly simple to follow, but every time he tried to explain it to me as executor of his & my mom's estates, it was incomprehensible.

After 1 week, Dad was a convert and Mom had her first reliable access to the joint online bank accounts.

For myself, I have a technical hand over plan for somebody to follow to break the encryption on my devices. I also give an accounting of my data, what is where, both financial and sentimental. Most data can be immediately deleted, but some thing like my photography and music collections may be wanted by somebody in the family. The executor of my estate gets the financial records.

>The only way the wife regained control of her own digital and financial life was to tap technologist friends

That sounds very unlikely. This isn't a new problem, and there are procesing in place which discover any and all financial account belonging to the deceased and transfer ownership to the estate's executor. I don't believe for a second that this woman couldn't get into some financial account belonging to her husband without inside help.

This was a video lecture (like a TED talk, but not) and was notable for me because I was doing my estate plan at about the same time. Ran across the video maybe in 2015... I will continue the hunt for the video.

The issue wasn't getting into a financial account per se, rather getting into all the devices the husband controlled. She didn't know the passwords.

In the old days, estate executors would monitor physical mail to make sure they found all bank accounts. With many tech savvy people moving away from physical mail, the only notification about which accounts are out there are arriving by email to an account an executor does not have access to. How to know which accounts need to fall under the estate if you don't know the account exists?

Anyway, I will keep up the search for the video. I tweaked my personal technology plan a bit to deal with some of the issues that video raised. In addition to a physical list of key passwords, 2FA recovery keys, and encryption keys, I also included specific recovery scenarios like:

1) me dead, all laptops / phones / 2-factor fobs destroyed

2) me dead, phone missing, but still have laptop & fobs

3) me dead, laptop missing, but have phone & fobs

4) me dead, fobs missing but have laptop & phone

As a courtesy to clients, I also noted what client assets and data I controlled, where I kept the object, how to decrypt if necessary, and who to contact to arrange hand over.

I think a big takeaway from this is that just writing stuff down is important. Even if you don't die it could be useful; maybe you are involved in a car accident and forget the last 3 years of your life.

Where do you store all of this?

I have a relative who's a doctor who managed all her client data in her head. She didn't write much down.

She actually did have an accident that caused memory loss and it was a huge problem for her.

Your memory is important, make sure you have a backup of the crucial bits :)

oofff... wipes a tear (honestly) i still have the computer of my father, i can't get myself to power it up and go through it. I'm saving it for a day i do feel up to it.
You might want to do that soon-ish, just because of the flakiness of most hard drives. Take a solid backup of the files and put it somewhere reliable.

Although it's hard to look through personal files like that, it's even worse if you had the opportunity to, didn't do it, and the hard drive failed.

My current approach to this problem is a feature of LastPass - if a designated person requests access to your account, and you don't respond within [x] days, then they are granted access. I set this to be the people necessary for after-life management. I know this doesn't answer all of the details you've asked about, but it is a mechanism for leaving the authentication details and instructions for those who remain after us.
>if a designated person requests access to your account, and you don't respond within [x] days, then they are granted access

isn't this wildly insecure? at the very least it means lastpass can read all your passwords at any time.

Laspass is massively insecure in all aspects of its design & history - including many facepalm-worthy breaches... It's terrible.
Off topic, but what makes you say LastPass is insecure, provided of course that you follow common sense rules like strong master password + 2FA?
As someone who uses the service, could you go into detail? Please do consider this a sincere query to your claim, I would like to know more
Wikipedia has a good overview of their (known) security lapses. Two server breaches, one known to have exfiltrated sensitive information. Several browser plugin vulnerabilities, one of which allowed arbitrary plaintext passwords to be stolen.

https://en.m.wikipedia.org/wiki/LastPass#2011_security_breac...

LastPass’s history is troubling but they’re also the biggest target out there. IMO, the entire space of “cloud” password managers is inherently untrustworthy.

Nothing like a bit of hyperbole in the morning.
The feature requires that the designated person has a Lastpass account. This works then because each Lastpass user has a public key, and private key encrypted inside their vault.

When you designate someone for emergency access, it also encrypts your vault with their public key. In a way the person and Lastpass hold each other accountable because:

1. Lastpass only gives the encrypted vault data to the emergency contact after the waiting period. They cannot decrypt the vault without having the encrypted vault data.

2. The person's private key is encrypted inside their vault by their master password. As lastpass doesn't know their master password for their vault, lastpass doesn't have the key to your vault.

I would not call this "wildly insecure", but definitely has more risk factors than not doing it. For most people I think this is a reasonable tradeoff if they want people to be able to access their data without huge inconvenience.

thanks, I didn't consider pre-encrypting the data with the recipient's key ahead of time.
> at the very least it means lastpass can read all your passwords at any time.

Not if it's been done right. They'd use some kind of multi-key secret sharing scheme (like shamir), where the password database would be encrypted with the public keys of both lastpass (the custodian) and the designated person. (This would be done on the client side, by the designator.)

I also use this Lastpass feature but take it one step farther. I have all the info stored on copies of encrypted usb drives stored in multiple secure locations that my loved ones have access to. The password is stored on Lastpass. So if I croak they can request the password but also need physical access to the thumb drive. I have set up the same for other family members with assets worth protecting. Of course this all fails hard if Lastpass disappears, anyone have a better replacement?
I exactly did the same thing. But in addition to this, pretty much all the underlying accounts are 2FA enabled, if they support it. We use Authy to manage 2FA tokens and have it installed on my phone and my wife's phone.
There is probably a distinction between personal software and websites in contrast to accounts at web services. The fundamental point here is who is in charge of running a service. Even the self-hosted website is probably entangled with a contract for the domain and a contract for a VPS, as well as updates and maintenance. Similiarly to a family residence left behind, such things have to be managed: Who is capable or can pay neccessary reparations?

It will probably quickly turn out that things which currently look important are unmaintainable for the long term. Software updates are expensive and even companies frequently do not invest budget in old software.

This does not render the indiweb useless on the long term in contrast to a mainline blog provider such as medium.com, it just gives it another quality. To cover such services: Even if they guarantee you today the service will be free "forever", they do not need to comply with that in 10, 50, 100 years. Where is geocities today? I think in the digital age, decay goes much quicker then in the past.

What can be done is to make sure information go to well-preserved standards. PDF-A, static websites, https://archive.org/ , these are more likely to hold up for a longer time.

(comment deleted)
Geeky version: let's assume you want to "time release" something (e.g. unlock it in approximately 5 years).

Encode your assets/keys/passwords and share just a portion of the key.

If you extrapolate computing cost/power trends, you can estimate how long until it will be practical to brute-force decrypt the portion of the key you didn't share.

Of course, this is an approximate, not precise, timing system.

problem is that a powerful adversary can "beat" your intended recipient by years or even decades. think whatever computing power a desktop has vs NSA, or even a guy with a lot of aws credits to burn.
There are ways of doing this that aren't trivially parallelizable for an attacker: https://www.gwern.net/Self-decrypting-files. (Of course, the criticism still applies if the adversary is faster at whatever single-threaded operation you build the timelock on.)
You can't estimate the time required because an attacker can crack keys in parallel.

"devices can differ dramatically now even in the same computers; to take the example of Bitcoin mining, my laptop’s 2GHz CPU can search for hashes at 4k/sec, or its single outdated GPU can search at 54M/second [...] it would not be very useful to have a time-lock which guarantees the file will be locked between a year and a millennium, depending on how many & what kind of people bother to attack it and whether Moore’s law continues to increase the parallel-processing power available"

A better (but still not great) way to do it is to take 100 random numbers, hash them a trillion times (in parallel), then use each hash to successively encrypt the starting seed for the next hash. The last hash in this chain is the private key you encrypt your data with. You release the first seed and each encrypted hash and the encrypted data.

To brute force your key someone would have to hash the first seed a trillion times, decrypt the seed of the next hash and hash it a trillion times and so on until they get the key. This can't be parallelized, but you can generate the hashes in parallel.

It's still not great because you're probably not using 100 of the best possible ASICs for your chosen hash, whereas an attacker might or might not.

https://www.gwern.net/Self-decrypting-files

I once played with the idea of some dead man switch triggering an event where it gathers a pool of pre-designated friends from Facebook into one group chat. There would be a bot guiding through opt-in to receive dividends of my wealth into their wallets/bank accounts. The idea was that if I'd have any side hustles, e.g., projects which are mostly autonomous, those would run their time and pay dividends until they deplete or become obsolete. Same would happen to my crypto assets and whatever holdings my sole proprietorship still has.

The idea to gather the group chat was that tech-savvy people could help those in need of technical help and people could conglomerate together to reach out to people who are not active on Facebook. I imagine it to be fair that people who've helped me during my life would be offered an opportunity to receive tangible value for their positive effect in my life.

As for online accounts in general, I think those should die with me.

What happens if Facebook dies before you?
You port the solution to the new hotness...
> There would be a bot guiding through opt-in to receive dividends of my wealth into their wallets/bank accounts...

The bot is called a “lawyer” and the process by which someone receives your wealth is called “executing a will”.

Ah, it didn't cross my mind that I would have needed to be explicit about the fact that my scheme is practically inheritance tax avoidance.

Practically, while possible, leaving an inheritance in my current country of residence for anyone outside of my family is imposing negative tax consequences on another. And that's not a gift in my book, more like showing up on your door in a foreign country asking for help, followed by a quick notion that the government is also after me.

With all these lawyers, their leetspeak, and lengthy processes posing friction it's not a worthwhile effort to practically leave any change after me, thus why I thought to slap a "smart contract" on it.

This anti-lawyer rhetoric you're getting is comical. Your suggestions are solvent.
What Aaron Swartz did with http://www.aaronsw.com/2002/continuity seems kind of relevant. Of course what he said he wanted to have happen and what the people who had access decided should happen weren't the same thing. Would have been interesting if he had of automated it.
All of the code I write now, I release publicly under a permissive license.

I do not use any cloud services for storing data, and do not use any social media websites (other than perhaps HN, but all my actions are public here anyways). So that's a nop.

If there are things I think others will want when I'm gone (e.g. photos, documents), put them in a place where they can be physically accessed.

Everything else disappears when I do.

all my public stuff is on github and forkable. all my private stuff that i want people to have access to, they already have access to now. everything else can die with me for all i care.

"Nobody exists on purpose, nobody belongs anywhere, everybody's going to die, come watch TV."

Facebook has a "Legacy Contact" system in which you designate someone to be an "heir" to your account. FB Research published a great paper that ruminated about how complicated the situation could be, even compared to the traditional sense of inheritance of assets/brand that we have today:

https://research.fb.com/publications/legacy-contact-designin...

I recently saw an edge case of how complex it is to manage online identity after death, in this WaPo article titled, "She wore the weapon in a photo with a friend -- then killed her with it": https://www.washingtonpost.com/news/true-crime/wp/2018/01/18...

This story is notable, for starters, because instead of using a screenshot of the photo, the article embeds the FB image directly, which means it is clickable and you can go to the user profile. What's even more unusual is that this photo was a selfie taken by the murderer (the selfie features both women), who then sent it to the victim, who then posted it on her own profile before getting murdered that night. And apparently, as most people her age, the victim didn't think about suddenly dying, nevermind designating an "heir" for her FB account.

Anyway, you can see the comments in that photo and guess that the victim's friends were very pissed about something. Not just about how the murderer (whose faux-woe-is-me comment can still be seen) commented, but because apparently the victim uploaded this photo (taken by her murderer) and used it as her profile pic. So the victim's friends apparently had a dispute with FB to get the photo removed -- or at least changed to not be her profile pic -- and were apparently successful after an initial rejection.

tl;dr: FB doesn't have a policy for when you choose a photo with a friend as your profile pic, but then get murdered by that friend.

This would be a good use case of having a trust and a last will and testament, that provides instructions to your friends how to decrypt a password container, keypass, etc... that takes FB out of the loop. The executor or beneficiary can log in and update the account to something appropriate.
That adds some complexity though. Not just the problem of the key getting lost, but of the "friend" deciding to break into your account while you're alive. Or they key getting compromised some other way.
That isn't how a trust / will works. Your friend won't know about the account information until you have passed on and your lawyer contacts them. You could certainly make them aware of the fact this will occur ahead of time so they don't ignore the legal notice or phone call.

As to whether you can trust your friend or not, that is a different matter all together. You have to pick someone you can trust. If no such person exists, just close your FB ahead of time.

They die with me; all encrypted. If there's something others need, I'll arrange for that beforehand.
That's good. But you're assuming you can control when you die. That's not always the case: what about accidents?
Anything public - it's open sourced.

Anything paid - it's in escrow

Anything private - it dies with me.

Escrow how?
You have 3rd party companies which provide such services [0].

I personally just built an automated git push + email that will get sent if I don't stop it every week. Simple, Clean & Free. And my email has been prepaid for ~2 - 3 yrs (and I pay every year so it gets pushed ahead every year).

[0]: https://www.codekeeper.co/ - I don't personally use it. I found it on google.

I worked for a startup that helped to track and store your digital assets, as well as standard ones like insurance and bank accounts. The platform allows its users both to share access and set up a chain of custody for your account in case of death. https://www.zokuvault.com
I think about this a lot. At one point I almost built a Keybase-like application for Shamir's Secret Sharing to see if it would be useful for automating at least some bits of digital will/trust escrow, but that idea ran aground of 1) not enough attorneys/solicitors are technically competent to see a need for it yet, and 2) the general legalities of digital assets as a whole is a weird, currently untested in the court system wild west rabbit hole that attempting to educate on (1) quickly falls into (2).

I think at some point we may need to sit down as a software industry with the law industry and draft better laws protecting digital assets as inheritable assets.

Some easy examples:

1) Digital movie unlocks on platforms like Ultraviolet and/or Movies Anywhere. Are those unlocks inheritable? The service agreements are unclear, and the "family account" adds additional gray area.

2) Software Licenses and Software Subscriptions/Accounts. How many EULAs bother to mention inheritable rights other than to squash them or send them to mediation? Which of the App Stores support family sharing? How many have yet thought ahead to inheritable rights?

3) Are the GDPR Rights (Right to Erasure, Right to Rectification, Right to Access by the Data Subject, et al) inheritable? Right now the easy answer is that they don't mention the idea at all, and at least some of the GDPR implementors' heads might explode if they thought they would also need to consider survivors' access to those Rights.

There are likely to be some huge coming legal battles over some of this stuff, and its something that I feel surprised not enough legal minds are even considering today.

Digital movies are inheritable.
I agree they should be, but the fact of the matter is that its not that simple. A digital movie unlock in the systems I mentioned are a "service license" where your relationship to that property is via the service's Terms & Conditions. There's not "digital asset" law that currently takes precedence over such T&Cs and it's not been tested in court (to my lay knowledge at least), if those are inheritable.

More directly, if we look at Movies Anywhere's T&Cs [1], here's the main description of your license:

«Within the Territory and subject to the terms and conditions in these Movies Anywhere Terms of Use, Movies Anywhere grants you a limited, personal use, non-transferable, non-assignable, revocable, non-exclusive and non-sublicensable right»

I am not a lawyer, but the keywords there seem to me to be non-transferable and non-assignable. That is meant to keep you from reselling movies unlocked in your account, but also implies that the right is not inheritable. So too, the words "personal use" may imply "you and only you". Though that is a fun gray area in the terms because the system allows family accounts that bend past "only you". That's also why there is gray area in inheritance cases. The T&C as written would seem to me to bind only to you, not your family. Disney has the right to suspend your account for any reason at all, according to the T&Cs, but if they did need a reason "your death" is pretty clear because at that point the T&Cs no longer apply to "you".

Again, I'm not a lawyer, but this seems a pretty big and ugly minefield for digital assets that I would love to see more frank conversations about. I think it is a missing EFF plank, at the very least (and I've mentioned that with past donations).

[1] https://moviesanywhere.com/terms-of-use

Yes. Apparently some people are creating Trusts which actually hold these licenses, but the idea hasn't been tested in court.
Based on recital 27 "This Regulation does not apply to the personal data of deceased persons. Member States may provide for rules regarding the processing of personal data of deceased persons." Source: https://gdpr-info.eu/recitals/no-27/

So it would mean that companies would not be obliged to comply with GDPR.

That is an interesting punt by the legislators.
How are people dealing with crypto/bitcoin inheritance?

Dead man's switch (or euphemistically, "Google Inactive Account Manager") that emails inheritee(s) with instructions for retrieving encrypted keys from a safe deposit box or other location, along with password for decryption and distribution allocation?

Just giving private keys directly to your lawyer, sealed in your will, or encrypted with some type of challenge that only inheritees would know?

a bitcoin private key is essentially a piece of gold bullionl Keep it locked up somewhere safe, and give the key to someone you trust.
How have people always dealt with this? Wills and lawyers. Why is HN trying to (poorly) reinvent probate law? Yes, give the keys to your lawyer. Or, if you’re uncomfortable with that, open a safe deposit box and keep important documents there that your lawyer/family can access after you die.
There are a couple of cryptocurrency inheritance management startups: https://www.digipulse.io is up and running and https://safehaven.io at the pre-ICO stage. Disclaimer: I haven't researched thoroughly so I can't comment on how secure etc. these are.
Everything will be as good as deleted since nobody will have my password - nor do I want anyone to. I do not concern myself with post-life as there is no evidence that I'll care when I'm dead. The few social profiles I have will just one day stop posting as if I finally decided I had more important things to do with my life, nobody knowing if I've simply left or if I've really left.

I have no friends and the only family that would care will, assuming we all die due to passage of time, have already passed years prior.

Encrypted iron-key in a safe deposit box which with specific instructions for the executor in my will.

(one step of which will be to activate my dormant conciousness transference program so I can become the singularity)

Joking aside. If you don't have a will, and/or a trust established, you need to do so asap! It will save your family much trouble, drama, and probably money. For example, if you have multiple properties in other states, there is a tax imposed for transferring the title to a family member that sometimes is so steep the family must sell the property to pay it! This can largely be avoided though if you have multiple properties in a trust...

Source: I know lawyers and paralegals who talk about this kind of stuff all the time, and how sad it is when people die without having created a will and all their assets are siezed by the state, and other similar situations. (For example, it depends on the state, but a common misconception is everything you own goes to your next of kin if you don't have a will, such as a wife or child. That's often not true though.)

There was a website that had nice, clear directions on how to take care of certain things while you are still alive because you never know when something is going to happen. It was called www.getyourshittogether.org. It was started by a woman whose husband died unexpectedly at a young age.

Unfortunately it seems to have turned into a weird site driving people to lawyers/life insurance quotes but you can still view the original one on the way back machine: http://web.archive.org/web/20130124012917/http://getyourshit...

Their checklists were pretty awesome.

Edit:

Here is their annual checklist: https://media.npr.org/assets/news/2013/checklist.pdf

I saw them once at a job fair back in 2013. I honestly couldn't figure out what they were about. They did an extremely poor job at explaining themselves, and I walked away wondering if they were just a Google Docs ripoff.
Maybe it is better your code dies with you? If it can't be completed in your lifetime why should next generation suffer?