
Show HN: DeathSwitch - skyjacker
http://deathswitch.com/
======
steakejjs
You've got to be kidding me.

Despite the policy difficulties of running a site like this (when is someone
dead?, how long until release of secrets?, how to deal with lack of access to
emails? etc), This site is completely insecure.

[https://www.deathswitch.com/members/myaccount.php](https://www.deathswitch.com/members/myaccount.php)
is vulnerable to a CSRF hijack through the update email page. This literally
took 20 seconds to find...who knows what would happen if I dedicated an entire
minute.

In fact, there are no CSRF tokens on the entire site at all. There are big
problems in these services and the policies that run them. Technical solutions
might not be the best to use here. Perhaps a legal solution is the best
route...

edit: I gave it 20 more seconds. Stored XSS. If I paid the money for premium
service which allows file upload I'll bet I can RCE too. This is just not the
type of person I want protecting my secrets.

~~~
chk
Can I ask how you identify issues like this so quickly? I'm an infosec
student, and I'd love to hear what your thought process is when briefly
looking over the security of a certain website.

~~~
steakejjs
I've got a lot of practice breaking things. CSRF can be identified really fast
by checking for unique tokens. Some unguessable token should be submitted with
each state changing request. If not, attackers can steal authenticated
accounts by making a request to the "change PW" or "change email" URLs. It's a
little confusing at first.

XSS I just set JavaScript as something that shows up in a field on a different
page. The RCE I mentioned is just uploading a PHP file for the "file upload"
feature associated with messages. If he puts the uploaded file within the
webroot (and the file is php since his whole site is php) then the file will
be executed when you go to its URL

Web app security is something that infosec professors don't talk about at all
(in my experience). I had to teach myself but OWASP is very good to get
started. It also helps to write a lot of software as well since you'll tend to
find pitfalls of doing things wrong

edit: If you would like to see more of the technical how-tos behind CSRF check
this link out. It is a blog I wrote about CSRF and how one would actually
attack someone with it. [http://ejj.io/csrf-password-
bruteforce/](http://ejj.io/csrf-password-bruteforce/)

~~~
chk
Hey, I appreciate the response. BTW, I tried to follow you on Twitter via your
website link but it said user doesn't exist anymore. :-/

~~~
steakejjs
It's actually twitter.com/steakejjs. I just changed it last night actually
independent of reading this.

Cheers

------
cdibona
Hey, just as a funny side note, I implemented this on this very domain back in
the early 2000s. Gald to see someone else is using the domain this way :-)

~~~
birken
This is of course the main problem with this type of idea. It is very likely
that I will live longer than this site will, therefore it doesn't make sense
to use it.

What did you do with the people who had signed up for you site?

~~~
nedwin
I share your fears about its longevity.

What company would you trust to launch and maintain this kind of service?

I feel like WordPress.org or Wikipedia Foundation would be two companies with
the right moral compass, funding and longevity who would be great backers of
something like this.

~~~
toomuchtodo
The Internet Archive.

~~~
nedwin
Boom. Perfect example.

------
nkozyra
The big issue - as has been mentioned - is how do we know this service will be
there when we need it.

The answer is it needs to be tied to some infrastructure that's reliable and
already has access to this data.

And yes, paying $2/mo for this is nonsensical for someone relatively young.
This is a problem without a solution, but this is also not a solution. To be
frank, the odds that this domain even resolves this time in 2015 are pretty
low.

This alone does not warrant a service. This should be a piece in a bigger
puzzle - a small part of a bigger suite of life contingency services.

~~~
joshmn
Check this out:
[http://web.archive.org/web/20070823004521/http://www.deathsw...](http://web.archive.org/web/20070823004521/http://www.deathswitch.com/)

Surprised me too.

------
jen729w
Meh. Do what I did; write your 1Password down on a bit of paper, hand-make a
wax seal, put the paper in an envelope, seal with wax, give envelope to
friend. :-)

(If a critical password changes - e.g. Dropbox, which actually contains my
1Password file - that password is encrypted, sent via email, I tell him the
password via some other means (usually involving some sort of puzzle just to
keep life interesting), he decrypts it and writes it on the envelope.)

And yes, suffice to say I trust my friend absolutely.

------
akerl_
I think it's an interesting view into how we think about our lives that the
first scenario listed is about work data and coworkers, not loved ones or
personal data:

"Imagine that you die with computer passwords in your head, leaving coworkers
without access to critical files."

I enjoy my job, and my coworkers are great people, but when thinking about
things as serious as planning for post-mortem, I'll admit that thinking about
how it would affect my employer ranks much lower on the list.

~~~
jakejake
I kinda agree, on my deathbed I doubt I'll be thinking about work passwords!

I can't really think of much of anything work-related that should be a secret
known by only one person and released upon death. I feel like part of my job
is ensuring that at least one other person knows how to access our accounts.
We actually use an encrypted password manager to which at least two of us have
access.

------
cbhl
Anyone who's interested in an idea like this might want to see if Google's
Inactive Account Manager is right for them. (Disclaimer: I work for YouTube,
which is part of Google.)

It triggers if you don't sign in to a Google Account for X months, where you
choose X from 3, 6, 9, 12, 15, or 18.

You can provide up to 10 contacts (email addresses, phone numbers, and custom
messages) for people whom you want to be notified once the timer expires. You
can also grant them access to the data from your Google Account; they'll need
both the link in the email as well as a code from an SMS sent to the phone
number you provided for them.

You can also choose whether you want your account to be deleted if the
Inactive Account Manager triggers.

------
nedwin
Posted this in another thread but what company would you trust to launch and
maintain this kind of service?

You need to know that when you kick the bucket in 10, 20, 30, 40, 50 years etc
that the switch is actually going to work.

You need a company with the right moral compass; funding to pay for hosting,
maintenance etc; and the longevity to keep going for the next 100 years.

Companies on the "maybe" list for me include Wikipedia, WordPress and maybe
Evernote...

Internet Archive might be the best option if they can sustain their funding /
longevity.

~~~
javert
> Posted this in another thread but what company would you trust to launch and
> maintain this kind of service?

A law firm. That is the "correct" answer to this problem and is what people
actually use.

~~~
copperx
What about life insurance companies? It could be offered as an "addon"
service.

~~~
javert
That's a pretty good idea.

But in reality, they probably wouldn't make enough money from this for it to
be worth the trouble to them.

------
akerl_
I'm a bit concerned how little they talk about security of this data. At one
point they suggest using "codes" to obscure messages:

"For example, you can design your message to contain privately shared codes
(“my password is a combination of the street where we grew up and the first
name of your mother-in-law”)"

This would only really add security against a very small threat, if they were
properly encrypting data at rest: attackers taking over one of the email
addresses on the recipient list. And I'll not even dive into how bad it is to
base passwords on this kind of personal info.

Is anyone aware of more details on what they're doing to secure this data?

------
hadoukenio
Feedback:

> from your after you’re gone

from you after you're gone

Create a favicon. It's still showing the BlueHost icon.

------
rpedela
Interesting idea. I think my father might be interested. Every time he flies
on a plane (not often), he lets me know where various financial information is
and the passwords to get at it.

The pricing seems really strange to me. Wouldn't only messages be sent when
someone is dead or severly disabled? A model similar to life insurance makes
more sense to me where the customer pays a small amount of money on a yearly
basis. And there wouldn't be a free tier except for maybe a trial.

~~~
caio1982
So your father and also I would be interested. But I really doubt a service
like that would last given the current startups scene we have now. It must be
rock solid. Fully dependable. It's life-and-death business here. I'd pay a
good amount for this kind of solution.

~~~
colinbartlett
It would need to operate much like "perpetual care" at cemeteries. Fees for
the services go into an irrevocable trust that runs much like an endowment --
costs are kept below the ongoing interest income of the account.

As I understand it, these are rather tightly regulated in many states for the
same reason you're asking this service to be dependable.

------
JacobAldridge
Without debating the merits or otherwise of this service, it's worth using it
as a reminder to spend a little bit of time and not much money and ensure you
and your loved ones have a legal Will.

Your wishes are important after you die (and statistically, we're all likely
to die). It's well worth recording them, even if you feel you don't have much
in the way of assets to pass on.

~~~
rqebmm
Agreed. I'm unclear what this service provides that a Will doesn't, and in
addition a Will both more reliable and legally binding.

------
D4AHNGM
Kinda weird you've implemented SSL/TLS everywhere except the home page. Surely
that's not a deliberate omission?

Also, as much as I hate to be a pedant, spelling mistakes/missing words on the
homepage look sloppy:

"The people in your life will feel better knowing they can expect an email
from your after you’re gone."

"you canlog back"

------
ajcarpy2005
TYPO under the heading, 'Information Insurance:'

With no reply, the computer deduces you are dead or critically ___diabled,_
__and your pre-scripted messages are automatically emailed to the individuals
you designated.

Change 'diabled' to 'disabled'

------
LeonB
Wonder if their private plans for monetization involve blackmailing the
bereaved relatives of the recently deceased. Roald Dahl wrote a story about
this (one of his short stories for adults, not his children's stories), "the
Bookseller".

------
bprater
How long does the system send out: "Are you alive?" messages before it sends
out the logged message? What if a family needs more immediate access to the
data?

------
gourneau
Props for hosting Eagleman's shortstory
[http://deathswitch.com/deathswitch.pdf](http://deathswitch.com/deathswitch.pdf)

------
shard
There was also this site from 6 years ago:
[http://www.deadmansswitch.net/](http://www.deadmansswitch.net/)

------
vsviridov
How do I ensure that they'll remain when I expire?

------
throwitawayacc
Hello,

I think there is a need for this type of service. Two comments:

* People might be concerned that this website will shut down long before they pass away. On the homepage I suggest you GUARANTEE that emails will be sent.

* I am 34. I don't want to pay $1.67 every month for the rest of my life. Make it an easy purchase decision: one time fee of $40. For example.

~~~
smt88
I think everyone else's criticism of this idea is that it can't really be
guaranteed, can it?

------
dazzledpenguin
So this is the new cloud based service that should be trusted with all our
secrets?

------
mxxx
sidenote, i just showed this to a friend and his response was

"Be a great way to ensure you can tell heaps of ----s to go ---- themselves
after you're dead"

maybe you could pivot and focus on that. ;)

------
jwally
Feedback: >you canlog back in to the site

you can log back into the site

------
source99
It would be cool to see a similar service encrypt the data in the Bitcoin
blockchain and have an automated way of decrypting the data. This way no
company or people were involved.

Does the blockchain support something like this?

------
Mithaldu
The devices animation forces a scroll-up on Opera 12.

------
thegenius
while the idea has merits, i would not trust you with my most sensitive data
(especially if it is reversibly encrypted or plaintext), i would feel like i
was paying for an added secuirty risk, of which there are too many already.
also it doesnt seem like there are assurances against you abusing my data like
there would be if you were a lawyer i had entrusted to execute my will.
there's no personal relationship there, so i don't feel comfortable.

~~~
MichaelGG
They should implement some shared key encryption for you. But I'm not sure if
any systems provide building blocks. For instance, does FB login have any API
for encrypting data?

The secrets they store should be offline and require manual intervention to
retrieve.

Also, what's to stop a false triggering? It should require confirmation from m
of n sources you specify. If I had some serious life secrets, I'd want to be
very sure they don't get sent out just because I'm in a coma for a month.

------
modifier
Ghostmemo is another alternative (I use it):
[http://ghostmemo.com](http://ghostmemo.com)

