Ask HN
How would you setup an emergency data locker for a (mostly) trusted partner to access if you were indisposed in some kind of emergency?
If I got hit in the head and couldn't remember my main passwords or was unconscious, I would want my partner to be able to access all my accounts and such if needed. I do trust her but do not want to just give her a URL and credentials she could access at any time. I think maybe a timed access with notification to me if she accessed it would give me time to intercept if needed.
18 comments
[ 4.5 ms ] story [ 51.4 ms ] threadThis requires you logging in or responding to the service daily/monthly/yearly.
Then, as you say, if she wants to access the plaintext, she would have to click a button on a secret web page somewhere which would trigger a server to send an email to you (and a couple of friends) saying that she had done this and that a 24 hour timer had started.
The email would also include a link to a page that could reset the timer, up to N times, while you tried to buy a new phone or regain consciousness or post bail or whatever the attack scenario is that you want to defend against.
In practice, the most likely failure mode is that you don't need to use this system for years and then something silently breaks, like you forget to renew a domain, or you forget that you changed your email address. As such you should include a quarterly test process for all of the steps, including making sure your partner remembers the process for performing the decryption, and making sure your friends haven't marked the automated email as junk, and so on.
But I have no contact with the lawyers themselves. Lawyers are, say, private access to the entity that handles the will. There's an entrance. I basically have ownership over the will. This is done by proving my identity, biologically or legally. Thus I have read, write, delete access. I'm making the assumption that with a delete request, that they would return the password. Or otherwise I might have to add something that triggers the will if I am mentally incapacitated. But for now, the risk of that is quite low.
[1]: https://john2x.com/blog/managing-pgp-keys.html
That requires some extra "UX design", but I think it's possible. It's like that classic piece of advice "you're not designing a computer system, you're designing a system in which a computer and a human interact".
So, I would recommend making this half-yearly "fire-drill" part of a day you set aside and fill with other more positive things, like having a fancy meal with your family, relaxed in the knowledge that you've done your half-yearly duty, and focused on making the most of every day you have.
I guess it might still feel a bit weird at the start, but after the first 20 times you do it, you won't even be thinking about the technical details (and why you are doing them), you'll be looking forward to enjoying the rest of the day as the reward for that quick little chore.
I think this is the difficult step. How does an attorney know whether you are incapacitated? Do they video-call you every day, and check that you aren't under duress or being deepfaked? Do they check government records of deaths every year?
It would seem that any system with a reasonable cost and reasonable latency will have to involve software at some stage, so saying "get an attorney" really means "don't trust software you've written yourself, get an attorney to write it instead".
(Okay, the attorney would pay someone else to write the software they use, but in any case, suggesting reliance on an attorney leaves unanswered the technically interesting part of the question, and doesn't really allow us to speculate about what role would actually be left to the attorney).
You realize that the system to deal with this already exists? It's called the legal system, and it hooks into various specialized professions, including medical ones. As in, the partner brings the lawyer some papers from doctors that say you're out of commission, and the lawyer executes whatever procedure you prescribed for such a case. The same way as when you're dead, just without the death part (hopefully).
(Cue HNers saying that the papers can be forged, etc.—if that's the worry, one has more immediate problems in their relationship than the arrangement of a ‘dead man switch’.)
Sometimes I have to wonder if a bunch of hackers from ~2000s decided to live entirely in computer systems, and forgot that the ‘hacker ethos’ pertains also to researching and using existing systems.
Anyway, during my discussion with him he asked me whether I would like to avail the "will creating and custody service". And he mentioned that in addition to financial assets they also have an option for safe custody of digital assets with them. Here digital assets are anything like usernames, emails, passwords, URLs, digital photos, backups etc that you would like to pass it on to the nominees.