I've had a thought for a while about how to share the master key to my password manager when I die (so family can access bank accounts, etc.). One thing I thought of was to use Google's 'inactive account' feature to give access to a file someone I know when my account is inactive for 90 days. But that's such a long time period, and my loved ones might need that data in the meantime.
Another thought I had was to use some secret sharding scheme like this, but the venn diagram of people that I trust with the data, and the people who could competently carry out guarding and then revealing the secret is too small.
Looks like Lastpass has a solution[0], but it also involves a waiting period. And I'd love something that's open source and self hosted. Does anyone have a good solution?
There are stories around the net of people forgetting to reset the "deadman switch" on their solution, and their contacts are supplied with an errant death notice.
Have you considered low/no tech solutions?
Along with a living will (should you become incapacitated,) access to account passwords may assist your family/friends in taking care of your estate when you are unable.
It could be as simple as providing a password list in a sealed envelope to someone you trust to serve your best interests, should their assistance be required
A lawyer may also be willing to provide this service to you
I yubikey with two slots... the long press is the master password to my password manager and is stored securely with my will, key papers and instructions as to how to unlock everything else.
My partner and closest living relative know who to contact to obtain this.
I think writing down your master password, or the hard recovery keys, on a piece of paper, and storing that with your lawyer or in a safety deposit box accessible by your lawyer/executor of your estate is the correct way to go about this.
I feel like there isn't really a strong need for a purely technical solution here, when the problem of "get information to person or persons after my death" has been largely solved by the legal and banking system.
Or maybe part of the password, and give the other part to the intended recipient now. So that your lawyer/executor/banker can't get into everything if they get breached/criminal/warrant.
Related to this, I briefly explored the idea of digital secret sharing tech for lawyers/notaries to use as a service in Estate Planning. Certainly not "zero trust" and you'd still want the usual YGWYPF and contract law to back it up. Ran into some huge hurdles. The idea was to be a somewhat safer "digital escrow" ("safety deposit box") in the cloud providing artifacts that could be placed in wills or real world safety deposit boxes. The first and obvious being generally lawyers aren't as tech savvy as they should be and building a good UX for that is likely a very hard problem.
(But the real problem I got into in casual conversations picking lawyer brains to see if there was a viable MVP to try to build was what I felt to be the real serious Digital Escrow whammy that we're going to maybe need decades to fix: digital goods survivorship isn't an established right. Most Terms of Service agreements forbid, indirectly or directly giving someone else your password. Worse, many Terms of Services explicitly are being written between only one specific individual and the company and have clauses that terminate with the individual. A lawyer asked to write a password into an estate plan doesn't have to think about what it protects and doesn't need to know and passwords on paper stored in a safety deposit box are mostly covered/secured by existing contract law and insurance and all that. [But also you can't update that password without the rigmarole of paying the lawyer to open the file in the safety deposit box and updating the document.] But even in just casual conversations, asking if password and digital "item" storage/escrow as a service was useful to lawyers led them down into frightening rabbit holes that Digital Estate Planning is a giant mess, the contracts [Terms of Services] are nightmares, most companies don't want to consider digital goods as inheritable goods, and the legal fights over inheritance rights of things like Steam accounts or Movies Anywhere or Kindle accounts are just waiting to happen and lawyers would generally prefer to ostrich that as long as possible unless someone pays them heavily or someone else sets a good first precedent. I still think about some of these problems and how unprepared we currently are with respect to "digital goods".)
"Civilized parts of the world" haven't got around to actually encoding such regulations into laws, much less enforcing them in courts of law. (Again, there are legal battles that likely need to happen, and it is a surprise that some of them already haven't happened, and there is concern that the longer we wait without preparing for those legal battles the rougher it will be to fight them.)
The closest a regulation to date I'm aware of has gotten to addressing digital goods and especially survivorship was the EU's GDPR mentioned it explicitly as a concern and then kicked the can down the road with no solution offered, leaving it someone else's problem.
All across the "civilized parts of the world" HN is full of horror story headlined about people and small businesses losing access to all of their Google Docs and entire Google Drive folders on which their homes or businesses ran because of a spam judgment from YouTube. How many of those have gone to court? Contract law is the law of the land in most "civilized parts of the world" and the Terms of Service are the only contracts and the only laws we have in most cases in the digital world. Those Terms of Service say that your Google account is entirely at Google's discretion, full stop, and that's the current "law". If lawyers don't think they can fight or appeal a company losing their Google account and going bankrupt because of that because the Terms of Service say "Google is always right", how do you expect them to fight for Grandpa's Steam account?
You can believe all you want that "common sense" dictates that anything you should be able to inherit physically you should be able to inherit digitally, but that's not what the laws currently say. Those clauses in the TOS agreements are the only laws in most of the "civilized parts of the world" on the record right now, because it's not a problem any legislature has wanted to address.
And they have plenty of lobbyists in their ears telling them it isn't a problem they need to address. Disney makes more money if your heirs have to "buy" all the movies in the Disney Vault again when your Movies Anywhere account gets shut down at your death, just like everyone needed to buy the movies on VHS and then DVD and then Blu-Ray… (This is overwrought example because Movies Anywhere TOS actually seems concerned about this and has made steps for more "family sharing" and some of that hints at survivorship planning and how they hope that to work. To be fair, so is Steam more than "average". But that also underscores my point in a different way: right now your rights are entirely dependent on the Terms of Service of the digital services you use and no two TOS documents are the same and nearly every one of them is going in different directions based on different corporate lawyer priorities and corporate/shareholder greed/"charity". Everything is at the discretion of whichever corporate overlords you rely on.)
Nothing is guaranteed even in the "civilized parts of the world" until there are a lot more court cases backing up one side or the other with enough precedence to swing contract law interpretations or a lot more consumer protection advocates managed to get meaningful laws actually enacted about digital goods rights/survivorship. Not just GDPR levels of "some countries in the EU see this is a potential problem but not enough of them yet for us to do anything about it yet". Right now the consensus seems to be "that's someone else's problem" and "we'll worry about that tomorrow", especially in "civilized parts of the world". Like I said, I've had more than one conversation with Lawyers about this picking their brains on it. Anecdotally, their terror that none of this is getting addressed was very real. I don't think a lot of people know how b...
Usually the status quo is not substantially different in other EU countries, so I assumed that.
TOS in general are always limited by other laws. That something is written in the TOS doesn't make it a binding contract automatically. (A related and one of the better know cases is that EULA-like "contracts", that aren't shown to users before they install a software, aren't contracts at all in Germany—as you need consent form all parties upfront to establish a contract. If you didn't see any contract and didn't agree to it upfront there is just no contract. That's why it's legal in Germany for example to sell OEM licenses of MS products even the MS EULA "forbids" this. It doesn't matter Microsoft says the EULA is enforced by their TOS).
It's not much different regarding other things written in TOS: You can just ignore those things in case such clauses would give the service provider unexpected or overly broad advantages (like trying to make a "contract" binding you never saw). Such clauses don't have any legal meaning and aren't enforceable.
Of course it's not always clear form the get go which kind of clauses are moot. That's up to the courts to decided if there is disagreement. But for a lot of things there are court rulings, and most of the time it's even quite clear from the laws governing TOS in general. (A clause like "by using our service we're entitled to your first-born" can for example never be a binding part of a TOS; no discussion needed).
Regarding things like VOD or that-like services: Well, you never bought anything there! You're usually only renting this stuff.
Apple got for example sued because they had a "buy" button on movies in Apple TV+ even though you can't "buy" of course any movies on Apple TV+—you can only rent them. Rented stuff doesn't belong to you in the end, so it doesn't get inherited by your heirs.
Person-bound contracts are of course possible and such renting contracts are often of this kind. So your heirs don't inherit "your" VOD movies (you've never owned them). Such a contract usually just terminates with the death of the contractor in case this was the only person entitled to use the service. (Like say, in case of a gym contract).
If this all is "new problems"—even things are actually quite clear as there are regulations form the analog era governing most of those questions—maybe the parts of the world where this is the case aren't civilized at all?^^
BTW, that's actually why "case law" is nonsense: Given a case law system if something "new", like the internet, comes across "everything" is needed to be reevaluated. If one have laws instead that govern general things and not specific cases you can most of the time just apply the existing laws to the "new" thing without bigger trouble or legal uncertainty. The point here is: Something like contract law is mostly "done". There is almost 3000 years of experience with it. So there are hardly any really "new" things to consider. (At least if you don't have case law—where it's always a new gamble).
Yes, my perspective on the status quo is largely American where there's enough regulatory capture by powerful corporate lobbies to assume that you can't trust consumer protections generally. American law also has a sad tendency to keep legislation, especially for things like consumer protections, as narrow as possible "to avoid Government overreach" and there is a wild pendulum in American politics between corporate interests and consumer protections.
In the US most laws seem to believe "if it is digital it is something new" which is creating so many "exciting" startup opportunities of "X but as an app" that get to skirt around previous regulations (until and unless someone writes new regulations). (It's not a "case law" problem, it's a "regulations/legislated laws are intentionally too narrow" problem. Because several political parties in the US have made that their mission to make sure laws are as narrow as possible.)
I get the joke that by definition that makes the US "uncivilized", but given how many of these companies that control major swathes of "digital goods" are American in posture, and how large the US generally is as a first world super-power, calling it "uncivilized" isn't particularly funny and maybe a bit dangerous if we are trying to defend consumer rights.
I appreciate that Germany is doing much better than US, and that there are other EU members doing similarly. I lament that it will take a larger international effort to push such protections into the radar of some of the American companies, and I especially lament the missed opportunity to do so in the GDPR itself given that was a scary enough regulation that a lot of American companies jumped to correct things in their TOS/cookie handling/etc even if they didn't believe they had any EU customers.
«Regarding things like VOD or that-like services: Well, you never bought anything there! You're usually only renting this stuff.
Apple got for example sued because they had a "buy" button on movies in Apple TV+ even though you can't "buy" of course any movies on Apple TV+—you can only rent them. Rented stuff doesn't belong to you in the end, so it doesn't get inherited by your heirs.»
That's not a distinction that US law has made to date. The en-US version of Apple TV+ still says "Buy" everywhere.
Additionally, there actually are analog "entitlements" law equivalents to "digital entitlements" and US does have a lot of regulations on the books for the analog equivalents (in Securities and Exchange laws). If I built a movie theater and decided to bond/notarize a ticket that stated the bearer would have access to a specific film any time that movie played and they wished to see it. Such an "entitlement" ticket you could resell or inherit. Beyond that being a somewhat silly business model in the physical world (depending presumably on how much you make on concessions from repeat customers, I suppose), it's often not done simply because there are so many Securities trading regulations today around it.
(But there are real world physical things that still exist even with such strong regulations in existence. It's not far from how mortgages work, for instance.)
Generally an entitlement/Security/Bond is still considered "bought" not "rented", even though it may be contingent on services provided/businesses meeting contractual obligations.
VOD can be considered a bought entitlement/"security" and could be inheritable. I'd argue that's how "common sense" in the US already sees it (and they don't yet realize that things like VOD entitlements are "personal to you and only you" rather than "bearer entitlements, based on how TOS are written today), but it is going to take a while for US regulations to catch up with that, ...
As someone who unexpectedly went to jail and lost access to the Internet for many years, I have thought about this too.
Make sure if you have any 2FA that your family can get access to your 2FA device - e.g. get to your text messages, get to your Authenticator app.
It's no good for them to have your usernames and passwords if they still can't get in. If your phone dies with you (say you're in a plane crash), how will they complete the 2FA?
I actually wouldn't be surprised if this project was named after that movie as their project logo looks similar to the crystal in that movie (but that could just be coincidental).
Actually, I prefer to use dark as a descriptor for a wide arrange of things that are non-sinister.
There is a lurid racist history to using the word dark for sinister, in the oddest of corners. For example, the racial history of the Mormon church has extremely strong connotations in their sacred writ for "dark" meaning sinful. Obviously melanin in the skin doesn't correlate to scrupulosity or zealotry -- but in the minds of its 19th century author(s) it does.
Similarly, during my few years sojourning in the Philippines, dark skin was seen as socially undesirable because American television typically portrayed beautiful people as white.
These are hogwash notions, but reinforced by a desire to equate bad/immoral with a color scheme. So, I don't personally feel we need to restrict dark to negative connotations, simply because dark isn't negative by itself, nor is luminous always a positive (e.g. JWST likes the dark for pictures).
Is it just me or does the social recovery system sound tricky?
I'm thinking phishing, social engineering, threats, but also people often trust the wrong people, relationships don't always last, and sadly people die.
Especially for very important and sensitive stuff I'd say there are better alternatives.
sincere question: what are the better alternatives?
Do any have a (different) key technological component or do they mostly rely on other non-technology-based trust channels like a notary or a lawyer, as other comments have mentioned?
I'm by no means an expert so take everything with a grain of salt.
Notary/lawyer/safety deposit box do sound like proper solutions. I also think 2nd factors like hardware keys, auth apps, also just multiple devices you have logged in, work well in recovery.
For after you die notary/lawyer sounds like the most solid option, they seem quite skilled and experienced with that kind of stuff.
Otherwise you need some other way to recover. Recovery email seems to work quite well, but could be another account, another type of log in, there are many ways; I've had some services send me a physical letter, I have gone to physical stores with my id.
Nothing is perfect of course, but the social one seems unnecessary complex and fragile.
Have been looking at the Magma collective's stuff a few times in the past. They work on interesting stuff. Especially the distributed file storage stuff.
Oh, a project baked by a German ministry and some crypto scam?
Highest trust levels given here… ;-)
On a more serous note: Germany is a digitally failed state. I can say that for sure as I'm living here my whole live.
Just everything that involves state authorities is a big failure. It's all nepotism, burning taxpayer's hard earned money for extremely doubtful projects that fall apart like a house of cards when you look askance on them. One IT related failure marches after the other. There are literally no success stories. It's not only a popular joke that Germany's government IT is made up of fax and printed internet pages. That's actually the truth! (We had to learn this once again the hard way during the pandemic…)
So if an IT related project has a federal ministry badge on it you should be at least very skeptical. (Or even better, you should start running not looking back). This, paired with advertisement form the Ethereum foundation, is more than enough for me to assume this is a complete failure. If I would be willing to spend time looking into the details I'm very sure this would turn out to be some complete useless nonsense. (As the "five block-chain" COVID check-in app with a central privately hold database in the back-end lately; which of course failed miserably. Since than the joke is that every new government IT project needs to include at least five block-chains, otherwise it's not worth it). Long story short: The people giving away money for such things don't have the slightest clue about anything IT related. They constantly make business with the most scummy "partners" resulting in usually hundreds of millions of euros getting burned for literary nothing (besides the partners, and other friends of the involved politicians, getting rich in the process).
The specific case of Prototype-Fund, which is what's linked on the page, is not perfect but far from the usual level of mess you reference. It's small-scale (<50k€) funding for a wide range of projects.
The Dark Crystal is also a trope-laden, cheesy (though critically acclaimed) puppet-action fantasy movie from 1982, whose making involved Jim Henson (of The Muppet Show fame).
One horcrux-like trope central to the plot is that a missing shard from a crystal (the Crystal of Truth) must be found and reunited with the crystal to put the broken world back in order again.
32 comments
[ 3.1 ms ] story [ 71.0 ms ] threadAnother thought I had was to use some secret sharding scheme like this, but the venn diagram of people that I trust with the data, and the people who could competently carry out guarding and then revealing the secret is too small.
Looks like Lastpass has a solution[0], but it also involves a waiting period. And I'd love something that's open source and self hosted. Does anyone have a good solution?
[0] https://blog.lastpass.com/2016/07/how-to-get-started-with-la...
There are stories around the net of people forgetting to reset the "deadman switch" on their solution, and their contacts are supplied with an errant death notice.
Have you considered low/no tech solutions?
Along with a living will (should you become incapacitated,) access to account passwords may assist your family/friends in taking care of your estate when you are unable.
It could be as simple as providing a password list in a sealed envelope to someone you trust to serve your best interests, should their assistance be required
A lawyer may also be willing to provide this service to you
I yubikey with two slots... the long press is the master password to my password manager and is stored securely with my will, key papers and instructions as to how to unlock everything else.
My partner and closest living relative know who to contact to obtain this.
I feel like there isn't really a strong need for a purely technical solution here, when the problem of "get information to person or persons after my death" has been largely solved by the legal and banking system.
I mean you re inventing solutions to problems we always solved with a fee and a legally binding contract...
(But the real problem I got into in casual conversations picking lawyer brains to see if there was a viable MVP to try to build was what I felt to be the real serious Digital Escrow whammy that we're going to maybe need decades to fix: digital goods survivorship isn't an established right. Most Terms of Service agreements forbid, indirectly or directly giving someone else your password. Worse, many Terms of Services explicitly are being written between only one specific individual and the company and have clauses that terminate with the individual. A lawyer asked to write a password into an estate plan doesn't have to think about what it protects and doesn't need to know and passwords on paper stored in a safety deposit box are mostly covered/secured by existing contract law and insurance and all that. [But also you can't update that password without the rigmarole of paying the lawyer to open the file in the safety deposit box and updating the document.] But even in just casual conversations, asking if password and digital "item" storage/escrow as a service was useful to lawyers led them down into frightening rabbit holes that Digital Estate Planning is a giant mess, the contracts [Terms of Services] are nightmares, most companies don't want to consider digital goods as inheritable goods, and the legal fights over inheritance rights of things like Steam accounts or Movies Anywhere or Kindle accounts are just waiting to happen and lawyers would generally prefer to ostrich that as long as possible unless someone pays them heavily or someone else sets a good first precedent. I still think about some of these problems and how unprepared we currently are with respect to "digital goods".)
Your heirs are entitled to your past belongings. That includes of course all kinds of online accounts.
The closest a regulation to date I'm aware of has gotten to addressing digital goods and especially survivorship was the EU's GDPR mentioned it explicitly as a concern and then kicked the can down the road with no solution offered, leaving it someone else's problem.
All across the "civilized parts of the world" HN is full of horror story headlined about people and small businesses losing access to all of their Google Docs and entire Google Drive folders on which their homes or businesses ran because of a spam judgment from YouTube. How many of those have gone to court? Contract law is the law of the land in most "civilized parts of the world" and the Terms of Service are the only contracts and the only laws we have in most cases in the digital world. Those Terms of Service say that your Google account is entirely at Google's discretion, full stop, and that's the current "law". If lawyers don't think they can fight or appeal a company losing their Google account and going bankrupt because of that because the Terms of Service say "Google is always right", how do you expect them to fight for Grandpa's Steam account?
You can believe all you want that "common sense" dictates that anything you should be able to inherit physically you should be able to inherit digitally, but that's not what the laws currently say. Those clauses in the TOS agreements are the only laws in most of the "civilized parts of the world" on the record right now, because it's not a problem any legislature has wanted to address.
And they have plenty of lobbyists in their ears telling them it isn't a problem they need to address. Disney makes more money if your heirs have to "buy" all the movies in the Disney Vault again when your Movies Anywhere account gets shut down at your death, just like everyone needed to buy the movies on VHS and then DVD and then Blu-Ray… (This is overwrought example because Movies Anywhere TOS actually seems concerned about this and has made steps for more "family sharing" and some of that hints at survivorship planning and how they hope that to work. To be fair, so is Steam more than "average". But that also underscores my point in a different way: right now your rights are entirely dependent on the Terms of Service of the digital services you use and no two TOS documents are the same and nearly every one of them is going in different directions based on different corporate lawyer priorities and corporate/shareholder greed/"charity". Everything is at the discretion of whichever corporate overlords you rely on.)
Nothing is guaranteed even in the "civilized parts of the world" until there are a lot more court cases backing up one side or the other with enough precedence to swing contract law interpretations or a lot more consumer protection advocates managed to get meaningful laws actually enacted about digital goods rights/survivorship. Not just GDPR levels of "some countries in the EU see this is a potential problem but not enough of them yet for us to do anything about it yet". Right now the consensus seems to be "that's someone else's problem" and "we'll worry about that tomorrow", especially in "civilized parts of the world". Like I said, I've had more than one conversation with Lawyers about this picking their brains on it. Anecdotally, their terror that none of this is getting addressed was very real. I don't think a lot of people know how b...
Maybe the "civilized parts of the world" are much smaller than I assumed? That may be. I did not double check. :-D
At least in Germany there is a highest court ruling that deals with this subject.
https://www.tagesschau.de/wirtschaft/facebook-konto-erben-to...
Usually the status quo is not substantially different in other EU countries, so I assumed that.
TOS in general are always limited by other laws. That something is written in the TOS doesn't make it a binding contract automatically. (A related and one of the better know cases is that EULA-like "contracts", that aren't shown to users before they install a software, aren't contracts at all in Germany—as you need consent form all parties upfront to establish a contract. If you didn't see any contract and didn't agree to it upfront there is just no contract. That's why it's legal in Germany for example to sell OEM licenses of MS products even the MS EULA "forbids" this. It doesn't matter Microsoft says the EULA is enforced by their TOS).
It's not much different regarding other things written in TOS: You can just ignore those things in case such clauses would give the service provider unexpected or overly broad advantages (like trying to make a "contract" binding you never saw). Such clauses don't have any legal meaning and aren't enforceable.
Of course it's not always clear form the get go which kind of clauses are moot. That's up to the courts to decided if there is disagreement. But for a lot of things there are court rulings, and most of the time it's even quite clear from the laws governing TOS in general. (A clause like "by using our service we're entitled to your first-born" can for example never be a binding part of a TOS; no discussion needed).
Regarding things like VOD or that-like services: Well, you never bought anything there! You're usually only renting this stuff.
Apple got for example sued because they had a "buy" button on movies in Apple TV+ even though you can't "buy" of course any movies on Apple TV+—you can only rent them. Rented stuff doesn't belong to you in the end, so it doesn't get inherited by your heirs.
Person-bound contracts are of course possible and such renting contracts are often of this kind. So your heirs don't inherit "your" VOD movies (you've never owned them). Such a contract usually just terminates with the death of the contractor in case this was the only person entitled to use the service. (Like say, in case of a gym contract).
If this all is "new problems"—even things are actually quite clear as there are regulations form the analog era governing most of those questions—maybe the parts of the world where this is the case aren't civilized at all?^^
BTW, that's actually why "case law" is nonsense: Given a case law system if something "new", like the internet, comes across "everything" is needed to be reevaluated. If one have laws instead that govern general things and not specific cases you can most of the time just apply the existing laws to the "new" thing without bigger trouble or legal uncertainty. The point here is: Something like contract law is mostly "done". There is almost 3000 years of experience with it. So there are hardly any really "new" things to consider. (At least if you don't have case law—where it's always a new gamble).
In the US most laws seem to believe "if it is digital it is something new" which is creating so many "exciting" startup opportunities of "X but as an app" that get to skirt around previous regulations (until and unless someone writes new regulations). (It's not a "case law" problem, it's a "regulations/legislated laws are intentionally too narrow" problem. Because several political parties in the US have made that their mission to make sure laws are as narrow as possible.)
I get the joke that by definition that makes the US "uncivilized", but given how many of these companies that control major swathes of "digital goods" are American in posture, and how large the US generally is as a first world super-power, calling it "uncivilized" isn't particularly funny and maybe a bit dangerous if we are trying to defend consumer rights.
I appreciate that Germany is doing much better than US, and that there are other EU members doing similarly. I lament that it will take a larger international effort to push such protections into the radar of some of the American companies, and I especially lament the missed opportunity to do so in the GDPR itself given that was a scary enough regulation that a lot of American companies jumped to correct things in their TOS/cookie handling/etc even if they didn't believe they had any EU customers.
«Regarding things like VOD or that-like services: Well, you never bought anything there! You're usually only renting this stuff.
Apple got for example sued because they had a "buy" button on movies in Apple TV+ even though you can't "buy" of course any movies on Apple TV+—you can only rent them. Rented stuff doesn't belong to you in the end, so it doesn't get inherited by your heirs.»
That's not a distinction that US law has made to date. The en-US version of Apple TV+ still says "Buy" everywhere.
Additionally, there actually are analog "entitlements" law equivalents to "digital entitlements" and US does have a lot of regulations on the books for the analog equivalents (in Securities and Exchange laws). If I built a movie theater and decided to bond/notarize a ticket that stated the bearer would have access to a specific film any time that movie played and they wished to see it. Such an "entitlement" ticket you could resell or inherit. Beyond that being a somewhat silly business model in the physical world (depending presumably on how much you make on concessions from repeat customers, I suppose), it's often not done simply because there are so many Securities trading regulations today around it.
(But there are real world physical things that still exist even with such strong regulations in existence. It's not far from how mortgages work, for instance.)
Generally an entitlement/Security/Bond is still considered "bought" not "rented", even though it may be contingent on services provided/businesses meeting contractual obligations.
VOD can be considered a bought entitlement/"security" and could be inheritable. I'd argue that's how "common sense" in the US already sees it (and they don't yet realize that things like VOD entitlements are "personal to you and only you" rather than "bearer entitlements, based on how TOS are written today), but it is going to take a while for US regulations to catch up with that, ...
Make sure if you have any 2FA that your family can get access to your 2FA device - e.g. get to your text messages, get to your Authenticator app.
It's no good for them to have your usernames and passwords if they still can't get in. If your phone dies with you (say you're in a plane crash), how will they complete the 2FA?
I actually wouldn't be surprised if this project was named after that movie as their project logo looks similar to the crystal in that movie (but that could just be coincidental).
Unfortunately it was cancelled after one season.
There is a lurid racist history to using the word dark for sinister, in the oddest of corners. For example, the racial history of the Mormon church has extremely strong connotations in their sacred writ for "dark" meaning sinful. Obviously melanin in the skin doesn't correlate to scrupulosity or zealotry -- but in the minds of its 19th century author(s) it does.
Similarly, during my few years sojourning in the Philippines, dark skin was seen as socially undesirable because American television typically portrayed beautiful people as white.
These are hogwash notions, but reinforced by a desire to equate bad/immoral with a color scheme. So, I don't personally feel we need to restrict dark to negative connotations, simply because dark isn't negative by itself, nor is luminous always a positive (e.g. JWST likes the dark for pictures).
As a left-handed person, I'm aware that there's also a lurid history of using the word 'sinister' to mean 'evil'. :)
https://www.merriam-webster.com/words-at-play/sinister-left-...
https://en.wikipedia.org/wiki/The_Dark_Crystal
I'm thinking phishing, social engineering, threats, but also people often trust the wrong people, relationships don't always last, and sadly people die.
Especially for very important and sensitive stuff I'd say there are better alternatives.
Do any have a (different) key technological component or do they mostly rely on other non-technology-based trust channels like a notary or a lawyer, as other comments have mentioned?
Notary/lawyer/safety deposit box do sound like proper solutions. I also think 2nd factors like hardware keys, auth apps, also just multiple devices you have logged in, work well in recovery.
For after you die notary/lawyer sounds like the most solid option, they seem quite skilled and experienced with that kind of stuff.
Otherwise you need some other way to recover. Recovery email seems to work quite well, but could be another account, another type of log in, there are many ways; I've had some services send me a physical letter, I have gone to physical stores with my id.
Nothing is perfect of course, but the social one seems unnecessary complex and fragile.
Highest trust levels given here… ;-)
On a more serous note: Germany is a digitally failed state. I can say that for sure as I'm living here my whole live.
Just everything that involves state authorities is a big failure. It's all nepotism, burning taxpayer's hard earned money for extremely doubtful projects that fall apart like a house of cards when you look askance on them. One IT related failure marches after the other. There are literally no success stories. It's not only a popular joke that Germany's government IT is made up of fax and printed internet pages. That's actually the truth! (We had to learn this once again the hard way during the pandemic…)
So if an IT related project has a federal ministry badge on it you should be at least very skeptical. (Or even better, you should start running not looking back). This, paired with advertisement form the Ethereum foundation, is more than enough for me to assume this is a complete failure. If I would be willing to spend time looking into the details I'm very sure this would turn out to be some complete useless nonsense. (As the "five block-chain" COVID check-in app with a central privately hold database in the back-end lately; which of course failed miserably. Since than the joke is that every new government IT project needs to include at least five block-chains, otherwise it's not worth it). Long story short: The people giving away money for such things don't have the slightest clue about anything IT related. They constantly make business with the most scummy "partners" resulting in usually hundreds of millions of euros getting burned for literary nothing (besides the partners, and other friends of the involved politicians, getting rich in the process).
One horcrux-like trope central to the plot is that a missing shard from a crystal (the Crystal of Truth) must be found and reunited with the crystal to put the broken world back in order again.