
Show HN: What happens if you disappear - pomnia
https://cronu.com
======
runjake
I can see so many things go wrong with this:

\- Company tanks.

\- Company gets acquired, and your private data gets mined.

\- Company gets hacked and database dump gets posted.

I think I'd rather stick to the old methods of sealed envelopes and trusted
friends or a lawyer. It's more reliable and requires less brain time slices
("Does the comapny still exist? Has it been hacked or acquired?" etc)

~~~
0xmohit
Another possibility is:

\- An insider misuses _powers_.

~~~
pomnia
That shouldn't be possible, everything is encrypted with the OAuth provider
ids that are not stored and available only through the login ... then again
SSH was broken ...

~~~
codingdave
Dude...

People are raising valid concerns about your product, and instead of listening
and accepting early feedback from HN, you are all over this discussion,
defensively arguing with everyone. Just sit back, hear what people have to
say, and then decide for yourself if you want to make changes, or reject the
feedback.

------
simonsarris
Google already has a service for this:

[https://www.google.com/settings/u/0/account/inactive](https://www.google.com/settings/u/0/account/inactive)

~~~
codingdave
Real life already has a service for this. They are called lawyers. They can
keep your records on file, you know who they are, they have legal
responsibility to keep everything confidential, and when you die... things
just work.

I guess this would work for more casual documents, passwords to facebook,
whatever. I have a document printed out and kept in our file cabinet for such
things, so I would not use this service, but I can see where other people
might.

~~~
pomnia
Yes, lawyers ... good or nothing for those. Thing is, your friends and family
must know where that document is and then who gets to read it first?

~~~
codingdave
Yeah, no system is perfect. If your will cannot be found, that is a problem.
Of course, digital documents won't be notarized, so that is also a problem.

Your service has some use cases... but please do not tell me you seriously
expect it to replace lawyers when it comes to managing one's estate.

------
joenot443
Call me cheap, but $1 a month seems a little steep for this for me. I'm not
planning on dying for another 50 years or so. Even if your site is still
around at that point (which, let's be honest, isn't likely), I'll have paid
$600 for you to send off a couple email for me.

It's a cute idea, and maybe something I'd consider for a small, one-time fee,
but I definitely would never pay monthly for it.

~~~
JoeAltmaier
Also an old email with long-expired passwords etc.

------
jyriand
I'm constantly losing/breaking my credit/debit cards and forgetting about the
services I have subscribed to. Usually I'm reminded by an email from a service
telling me that they were unable to charge my credit card. Does it mean that
next time it happens and i'm subscribed to your service everyone related will
be notified of my death?

Edit: I read the description one more time and it seems that you send an email
three times. But still I don't see how not answering email is a good way to
determine that I'm dead.

~~~
pomnia
It really comes down to "we need to know you are around". Month is acceptable
cycle, email or card it's up to you. The email assumes you are the only one
with access to that email.

------
midgetjones
Cool idea, but what happens if, for instance, I lose access to my email
account? Or if the messages start going into my junk folder? I'd hate to scare
my loved ones with an email implying I've disappeared/died.

~~~
pomnia
You will need to lose access to all (3) of your social accounts and your
email, highly unlikely. One of the reasons why we don't have our own account
management ...

~~~
donretag
3 social accounts? As a person that does not really do social media, I wonder
what those 3 accounts are.

------
antisthenes
> If a subscription charge fails three consecutive weeks, Cronu will release
> your message.

Oh boy. I can see so much going wrong with this.

~~~
pomnia
What else can detect your disappearance? Other than email pings. We use stripe
so your card expiration should be covered ... still valid point there.

~~~
inimino
"Sorry for the false alarm everyone, I'm not dead, I just didn't check my
email for a while."

------
throwanem
> The system can not generate the key required to decrypt your data unless you
> are logged in. Our staff have no means of accessing your data at any given
> time.

If this is true, how can your service work? If I'm dead, I can't log in to
generate a decryption key so my message can be sent in the clear.

If your service works, how can this be true? If it can decrypt and send my
message in the clear when I'm dead, I very evidently don't need to log in for
decryption to occur.

~~~
pomnia
When you add recipient your message is (decrypted using your id) copied and
the copy is encrypted with the recipient email. Once the recipient logs in
(their OAuth id becomes available) the email (verified by the OAuth) is used
to decrypt the message copy and encrypted again this time with his/her id.
That temporary email encrypted message is decryptable of course although there
is no utility or UI for us to do so. I guess we'd better store the owner Id
and don't make copies, since it doesn't change anything security wise ... Yes,
rogue admin can do harm ...

------
staticautomatic
How do I know the site won't die before I do?

~~~
pomnia
It's comfortably running within GAE free quota so even if we disappear it
should be up and running ... Gotta pay that domain for max years though ;)
Good question, thanks!

~~~
tga
Comfortably running on the GAE free quota makes it _more_ , not less likely to
disappear unless you're there to move it when Google pulls the plug.

~~~
pomnia
Yeah you are right. I think we are safe for now in the cloud wars ... maybe.

~~~
LeifCarrotson
You are in the least safe position possible. You're on a free Google service.
In spite of the longevity of a few of these services, those are shut down _all
the time_.

You say:

> To make sure you are well and sound, Cronu will charge your card a dollar a
> month.

I would insert "and to ensure your message remains available", as written this
feels so inauthentic as to be mildly offensive.

And then take that dollar a month from myself and from a few others, and spin
up some paid instances. Pick a couple hosts that are likely to be around for a
long, long time, and get a box from each, and make your service redundant.
Show that you've paid for service from these providers and have paid up for
the next 10? 50? 100 years. Register cronu.com for the next 10? 50? 100 years
(this expiry date is easily verified with whois) because you obviously can't
send email from cronu.com if your domain registration expired. Right now, your
expiry is in September of next year.

Paying for these instances is what distinguishes you from a free monthly dead-
man-switch email and makes you worthy of receiving that dollar.

~~~
pomnia
We do have budget and will be paying once quota is depleted (can't wait for
that moment) but so far (and in case of our disappearance) free should sustain
the minimum viable service levels (aka delete account).

------
ezekg
How is this secure? You yourself (or somebody who works for you – a rogue
employee) could access your database and decrypt all of your customers
passwords and sensitive data for their accounts. This adds a single point of
failure for everything you store/send with it. You get hacked, and now they
have access to everything.

------
JoeAltmaier
Can't you send an email on a timer? Say a day or two after your birthday or
some holiday. Every year on your birthday you reset the timer. It could take
some time after you disappear for the info to arrive.

~~~
pomnia
We can and we do. Just the cycle is month not a year cause we think your
friends and family won't like to wait a year ...

~~~
nommm-nommm
They don't want to wait a month either.

------
kidmenot
Those two "Sign up" buttons hide the last line of both paragraphs for me.
Also, the three buttons at the top ("login with") look a bit funky.

~~~
pomnia
Device/browser? Will fix, Thanks!

~~~
kidmenot
Chrome Version 56.0.2906.0 dev (64-bit) on Windows 10.

~~~
pomnia
great, thanks!

~~~
kidmenot
Here, I took a couple of screenshots:
[http://imgur.com/a/urg8s](http://imgur.com/a/urg8s)

~~~
pomnia
Ugh it's not the browser but the resolution ... right between. Thanks for the
screenshots!

------
king_magic
Isn't this essentially MetLife Infinity?
[https://metlifeinfinity.com](https://metlifeinfinity.com)

~~~
pomnia
Close but not really storage. I guess more of detection and notification
although Google and Merlifeinfinity very close ...

