Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: How will you manage your digital assets when you die?
298 points by sirsuki on March 6, 2018 | hide | past | favorite | 171 comments
As I get older I have needed to perform digital forensics on friends and family members online accounts and assets. This has me thinking how can I automate this for my own things?

For example I've built a password protected web-site that I try to keep updated with important information for family and a paper in my desk that reads "In the event of my passing visit this URL ...". This is a place to give survivors the keys to my password vaults and allow them to memorialize my social media profiles.

However no amount of documentation will cover cases of GitHub repositories and NPM modules. Are there ways of transferring repo ownership to others or bots to auto-reply to pull requests long after the authors passing? How do others plan to handle the case were their code and digital assets will live on past their own life?




If it’s important, people will figure something out; if it’s not important, who cares?

When my dad passed away, I looked through all his files (fortunately he had one password he used everywhere), but in the end there really wasn’t anything important.

There where a bunch of proposals, half finished projects, gigabytes of various data files, but following up on any of that stuff would just be a lot of work and require time that I don’t have.

I think that 99% of my data/code/digital footprint is only valuable because of me; when I pass away, most of my stuff will become worthless, and that’s okay.


That's a really, really bad idea.

I watched an hour long video about a youngish technologist who died in auto accident. His wife lost control of their i-devices. Some of his encrypted devices that he maintained for clients were also equally inaccessible. The only way the wife regained control of her own digital and financial life was to tap technologist friends who called in favors with Google / Apple. Even they could not decrypt the miscellaneous client owned devices. Neither could the clients. [Edit: I searched for this video and unfortunately could not locate it.]

I put my parents on 1Password. Begged them actually. I quote "how about we just try it for like a week while I am here? if you don't like it, I won't ask you again." My Dad had a crazy so-called method that was supposedly simple to follow, but every time he tried to explain it to me as executor of his & my mom's estates, it was incomprehensible.

After 1 week, Dad was a convert and Mom had her first reliable access to the joint online bank accounts.

For myself, I have a technical hand over plan for somebody to follow to break the encryption on my devices. I also give an accounting of my data, what is where, both financial and sentimental. Most data can be immediately deleted, but some thing like my photography and music collections may be wanted by somebody in the family. The executor of my estate gets the financial records.


>The only way the wife regained control of her own digital and financial life was to tap technologist friends

That sounds very unlikely. This isn't a new problem, and there are procesing in place which discover any and all financial account belonging to the deceased and transfer ownership to the estate's executor. I don't believe for a second that this woman couldn't get into some financial account belonging to her husband without inside help.


This was a video lecture (like a TED talk, but not) and was notable for me because I was doing my estate plan at about the same time. Ran across the video maybe in 2015... I will continue the hunt for the video.

The issue wasn't getting into a financial account per se, rather getting into all the devices the husband controlled. She didn't know the passwords.

In the old days, estate executors would monitor physical mail to make sure they found all bank accounts. With many tech savvy people moving away from physical mail, the only notification about which accounts are out there are arriving by email to an account an executor does not have access to. How to know which accounts need to fall under the estate if you don't know the account exists?

Anyway, I will keep up the search for the video. I tweaked my personal technology plan a bit to deal with some of the issues that video raised. In addition to a physical list of key passwords, 2FA recovery keys, and encryption keys, I also included specific recovery scenarios like:

1) me dead, all laptops / phones / 2-factor fobs destroyed

2) me dead, phone missing, but still have laptop & fobs

3) me dead, laptop missing, but have phone & fobs

4) me dead, fobs missing but have laptop & phone

As a courtesy to clients, I also noted what client assets and data I controlled, where I kept the object, how to decrypt if necessary, and who to contact to arrange hand over.


EDIT! I found it! I thought it interesting enough to send to my folks.

https://boingboing.net/2016/02/04/how-to-prepare-to-join-the...


I think a big takeaway from this is that just writing stuff down is important. Even if you don't die it could be useful; maybe you are involved in a car accident and forget the last 3 years of your life.

Where do you store all of this?


I have a relative who's a doctor who managed all her client data in her head. She didn't write much down.

She actually did have an accident that caused memory loss and it was a huge problem for her.

Your memory is important, make sure you have a backup of the crucial bits :)


The value isn't in the items themselves, but in their perceived value.

Especially valuable is the optionality. How would you feel if you could not have reviewed your father's files? What if you couldn't access critical financial accounts or didn't know they exist?


>What if you couldn't access critical financial accounts or didn't know they exist?

There are already procedures for an executor or heir to assume control of a deceased's financial accounts and assets, and part of that process is determining what accounts the deceased had.. You don't need to dig through Dad's Gmail for that.

Like the first poster said, anything actually important either already has procedures in place or will be figured out in the probate process or otherwise.


Don't you? Many people aren't great at record keeping, especially as they get older. It can often be difficult to figure out exactly what accounts and investments exist, let alone how to access them to clean them up.

Trawling through browser histories and correspondence is often the only way to get a reliable picture of what's going on.


Equifax, for as much as they are maligned, will tell you what open credit accounts the deceased person had.

Last year's tax return will probably identify any significant investments, at least those that are producing income.


https://en.m.wikipedia.org/wiki/File:World_population_percen...

I, along with 95% of the world's population, do not live in a place where Equifax exists.

Tax returns capture some things. They also don't get filed for several years sometimes. They don't capture assets like cryptocurrency or off market shares.

Life is messy and death more so.


>I, along with 95% of the world's population, do not live in a place where Equifax exists.

But you probably do live in a place with probate laws. This isn't a new problem, and there are processes to deal with it.


You are wrong about the 95% number. They entered India few years ago.


> What if you ... didn't know they exist?

FWIW, if I really don't know that they exist, I would probably not feel anything about them ;P.


He means you would be wondering about them, causing angst.


In which case you might as well be wondering about them already: your father might very well have a bank account in another country, or a chest of gold dubloons buried in the back yard, or a bunch of stock certificates for some company he invested in fifty years ago... you really never know!


I beg to differ. Just today i was watching this story unfold https://twitter.com/ColinLevy/status/971124112440487936

He was lucky all his grand father's note were on paper.


That's a shame that you think that. Our digital footprints are the maps of our lives. I will happily give every password I own to a website that scrapes all the services and constructs a timeline of my life. You think its mundane, but our identity lives in the work we do, half finished or not. I love re-reading notebooks from elementary school not for the content, but for the little scribblings I did in the margins.

TimeHop kind of does this for social media, but it would be cool to open up my email accounts and iMessage. I think my loved ones would value opening up an app and saying "What was jbob doing on this day 2 years ago..."


'I think my loved ones would value opening up an app and saying "What was jbob doing on this day 2 years ago..."'

Having in recent years lost more than one close relatives - no, I don't really need. I wouldn't do this even if I could.

If you want to be there for your loved ones be there today. Instead of coming up with a novel data vault scheme come up with a way to delight them tomorrow, when you are alive.

I love nerding about but if one is dealing with serious things like relationships, I would focus on pre-death interactions rather than post death mausoleums.


In life it's easy to be uninterested in your Dad's thousand-hour audio archive of him presiding over the Civic Plumbing Council of Akron, Ohio.

Listening to that while he's alive would be a waste of your irreplaceable shared time on Earth, right? It's just his job. While your Dad is alive you should go talk to him on subjects he cares about.

After he dies, though, if there happens to be an archive of your father joking around with, remonstrating, and otherwise being himself with the people who made up half of the social context for his waking life, year after year, that might be valuable to you.

It only has value in the right emotional context, of course, perhaps when you reach the age he was when the recordings were made. You can measure your daily self against the daily self your father created and inhabited.

An existential crisis might create a desire for that comparison, or perhaps you'll find yourself missing him and realize that family records don't show who he was in the world at large.

If your father is careless with that information you don't have that opportunity. If you are careless with your equivalent of that information your heirs won't have that opportunity.


As somebody who spent wholly too much time on the dead, honestly, it's not worth it. Poring through old things gives you a thin kind of happiness, but prolongs your grief. When people die, information is inevitably lost - an awful lot of it. The real loss is that what they leave behind, including your memories, are very shallow in comparison to who they were. Trying to make up for essential shallowness by just collecting more data is like trying to quench your thirst by drinking spit.

When I die, I hope I am forgotten - because honestly, grief is shit, and the dead neither appreciate it, nor wanted it before they died. People can't be measured, and their lasting forms aren't them in any case - they are just text, video, photographs.


"When I die, I hope I am forgotten"

On the other hand, now, that's bleak.

I would view that human relationships are like strings that connect human beings. Grief of loss is the process of cutting those strings - one-by-one - and it hurts like hell. Because, if the relationship was an important one - I think it's supposed to. And after the grief has done it's job the living move on.

After the grief has done it's job, memories become bitter sweet. There are always complications, of course, and for example unresolved issues make it difficult to let go.

We begin to die the day we are born. It's only a matter of time, really. All of us are mortally ill of a condition called life. Every precious relationship must end in time.

There is a zen-story about this. A wise man was asked what was happiness? He answered, a man is born, a son is born, a grandson is born. Man dies, son dies, grandson dies. It sounds horrible the first time you hear it, but then you realize it nailed it completely - any other order would be worse, and having no children would be even sadder.


"When I die, I hope I am forgotten" On the other hand, now, that's bleak.

My mother has always said "Funerals are for the living, not the dead." I don't find the GPs attitude bleak at all. The people who grieve most heavily seem to be those with unfinished business with the deceased. If you leave behind no unfinished business, I think people can let it go fairly easily. They got what they needed while you were alive. That's a good deal.


There's a huge difference between forgetting and letting go though.


We have very different viewpoints. I'm a creative person. I have worked on many things that haven't been successful (and some of which have) but people I know might find them interesting and entertaining (Stories, novel attempts, video games, board games, music, videos, etc).

I'd rather a decent amount of those survive me in some fashion. A few might, as they'll probably be included in console or flash game rom dump collections, but I wish more would. I also wish i completed more projects in my lifetime.


Realistically, if a project is unfinished, is it interesting? My feeling is that I don't finish creative projects because they have some kind of fundamental dysfunction or problem. If a creative project failed to keep my attention to the bitter end, then I don't think it would be keeping the attention of my descendants on its own merits.

I've experienced the other side of this one - a lot of my family were amateur artists. Their work, on the whole, isn't that interesting. Their practice, on the other hand, is something they passed on, and I value it quite a lot. As a kid, I was always encouraged to make things, and to make new things rather than replicas, and to take making things seriously.

I still make a lot of stuff, and I really feel that people who don't are missing out - but I don't think I've made anything that I'd like my descendants to have - other than the practice of making things itself. I guess family, at its best, is about passing on traditions that allows you to live well in a frankly hard and troubling world. I mean, you can pass on more stuff than that - paintings, photos - but it usually ends up sitting in some attic. At least, that's what's happened to the creative output of about four generations of my family.


I agree. An old friend of mine died last year, and I recently discovered a youtube video of her speaking at an academic conference. The subject doesn't interest me, and while she was alive I wouldn't have even bothered to search for videos much less watch it. But now she's dead it is the only record I have of what her voice sounded like, how she expressed herself. So I downloaded a copy to keep and although it's unlikely I'll watch it again, it is some tiny comfort. Context changes the value of these things.


I've been wanting to create something like this for a long time. A recreation of your life using all the services from the web that have a 'takeout' option. Google emails, photos, messages, location data, Facebook messages and posts, Mint transactions, SMS, etc.


>I would focus on pre-death interactions rather than post death mausoleums.

Truer words have never been spoken.


"I love re-reading notebooks from elementary school not for the content, but for the little scribblings I did in the margins."

But when you're dead, there's no guarantee your descendants or next of kin will have any interest whatsoever in the minutia of your digital life.


> there's no guarantee your descendants or next of kin will have any interest whatsoever in the minutia of your digital life.

Easy to fix - leave a note telling them you have huge wealth hidden away and the only way to find is it to solve the puzzles sprinkled throughout the minutia of your digital life.


The worst kind of betrayal is the kind you inflict after your own death.


No family photos? Digital books and music?


My grandfather's were on his PC and cameras (those that weren't hard-copy photos that he developed himself).

For my own, some are online, but most are around the room, copied onto various storage devices (redundantly, and on devices that my wife knows about, and that other family members could easily find, if we were collectively hit by a bus).

In terms of ebooks and non-CD digital music, there's maybe a couple hundred dollars worth. Almost all of my digital video is on DVD/Blu-Ray. The photos would have more value, anyhow.

For software: Meh. My projects are mostly for my own entertainment. If someone wanted to fork them, it's not like they'd be fighting for control of a community, or something.


Is that not already digitized and shared with family?


oofff... wipes a tear (honestly) i still have the computer of my father, i can't get myself to power it up and go through it. I'm saving it for a day i do feel up to it.


You might want to do that soon-ish, just because of the flakiness of most hard drives. Take a solid backup of the files and put it somewhere reliable.

Although it's hard to look through personal files like that, it's even worse if you had the opportunity to, didn't do it, and the hard drive failed.


My current approach to this problem is a feature of LastPass - if a designated person requests access to your account, and you don't respond within [x] days, then they are granted access. I set this to be the people necessary for after-life management. I know this doesn't answer all of the details you've asked about, but it is a mechanism for leaving the authentication details and instructions for those who remain after us.


>if a designated person requests access to your account, and you don't respond within [x] days, then they are granted access

isn't this wildly insecure? at the very least it means lastpass can read all your passwords at any time.


The feature requires that the designated person has a Lastpass account. This works then because each Lastpass user has a public key, and private key encrypted inside their vault.

When you designate someone for emergency access, it also encrypts your vault with their public key. In a way the person and Lastpass hold each other accountable because:

1. Lastpass only gives the encrypted vault data to the emergency contact after the waiting period. They cannot decrypt the vault without having the encrypted vault data.

2. The person's private key is encrypted inside their vault by their master password. As lastpass doesn't know their master password for their vault, lastpass doesn't have the key to your vault.

I would not call this "wildly insecure", but definitely has more risk factors than not doing it. For most people I think this is a reasonable tradeoff if they want people to be able to access their data without huge inconvenience.


thanks, I didn't consider pre-encrypting the data with the recipient's key ahead of time.


> at the very least it means lastpass can read all your passwords at any time.

Not if it's been done right. They'd use some kind of multi-key secret sharing scheme (like shamir), where the password database would be encrypted with the public keys of both lastpass (the custodian) and the designated person. (This would be done on the client side, by the designator.)


Laspass is massively insecure in all aspects of its design & history - including many facepalm-worthy breaches... It's terrible.


As someone who uses the service, could you go into detail? Please do consider this a sincere query to your claim, I would like to know more


Wikipedia has a good overview of their (known) security lapses. Two server breaches, one known to have exfiltrated sensitive information. Several browser plugin vulnerabilities, one of which allowed arbitrary plaintext passwords to be stolen.

https://en.m.wikipedia.org/wiki/LastPass#2011_security_breac...

LastPass’s history is troubling but they’re also the biggest target out there. IMO, the entire space of “cloud” password managers is inherently untrustworthy.


Nothing like a bit of hyperbole in the morning.


Off topic, but what makes you say LastPass is insecure, provided of course that you follow common sense rules like strong master password + 2FA?


I exactly did the same thing. But in addition to this, pretty much all the underlying accounts are 2FA enabled, if they support it. We use Authy to manage 2FA tokens and have it installed on my phone and my wife's phone.


I also use this Lastpass feature but take it one step farther. I have all the info stored on copies of encrypted usb drives stored in multiple secure locations that my loved ones have access to. The password is stored on Lastpass. So if I croak they can request the password but also need physical access to the thumb drive. I have set up the same for other family members with assets worth protecting. Of course this all fails hard if Lastpass disappears, anyone have a better replacement?


Encrypted iron-key in a safe deposit box which with specific instructions for the executor in my will.

(one step of which will be to activate my dormant conciousness transference program so I can become the singularity)

Joking aside. If you don't have a will, and/or a trust established, you need to do so asap! It will save your family much trouble, drama, and probably money. For example, if you have multiple properties in other states, there is a tax imposed for transferring the title to a family member that sometimes is so steep the family must sell the property to pay it! This can largely be avoided though if you have multiple properties in a trust...

Source: I know lawyers and paralegals who talk about this kind of stuff all the time, and how sad it is when people die without having created a will and all their assets are siezed by the state, and other similar situations. (For example, it depends on the state, but a common misconception is everything you own goes to your next of kin if you don't have a will, such as a wife or child. That's often not true though.)


There was a website that had nice, clear directions on how to take care of certain things while you are still alive because you never know when something is going to happen. It was called www.getyourshittogether.org. It was started by a woman whose husband died unexpectedly at a young age.

Unfortunately it seems to have turned into a weird site driving people to lawyers/life insurance quotes but you can still view the original one on the way back machine: http://web.archive.org/web/20130124012917/http://getyourshit...

Their checklists were pretty awesome.

Edit:

Here is their annual checklist: https://media.npr.org/assets/news/2013/checklist.pdf


I saw them once at a job fair back in 2013. I honestly couldn't figure out what they were about. They did an extremely poor job at explaining themselves, and I walked away wondering if they were just a Google Docs ripoff.


All of the code I write now, I release publicly under a permissive license.

I do not use any cloud services for storing data, and do not use any social media websites (other than perhaps HN, but all my actions are public here anyways). So that's a nop.

If there are things I think others will want when I'm gone (e.g. photos, documents), put them in a place where they can be physically accessed.

Everything else disappears when I do.


Geeky version: let's assume you want to "time release" something (e.g. unlock it in approximately 5 years).

Encode your assets/keys/passwords and share just a portion of the key.

If you extrapolate computing cost/power trends, you can estimate how long until it will be practical to brute-force decrypt the portion of the key you didn't share.

Of course, this is an approximate, not precise, timing system.


problem is that a powerful adversary can "beat" your intended recipient by years or even decades. think whatever computing power a desktop has vs NSA, or even a guy with a lot of aws credits to burn.


A more likely problem is that nobody will ever even try to crack your key and release your information.


Related, this is the premise of MC Frontalot's "Secrets from the Future": https://www.youtube.com/watch?v=FUPstXCqyus


There are ways of doing this that aren't trivially parallelizable for an attacker: https://www.gwern.net/Self-decrypting-files. (Of course, the criticism still applies if the adversary is faster at whatever single-threaded operation you build the timelock on.)


You can't estimate the time required because an attacker can crack keys in parallel.

"devices can differ dramatically now even in the same computers; to take the example of Bitcoin mining, my laptop’s 2GHz CPU can search for hashes at 4k/sec, or its single outdated GPU can search at 54M/second [...] it would not be very useful to have a time-lock which guarantees the file will be locked between a year and a millennium, depending on how many & what kind of people bother to attack it and whether Moore’s law continues to increase the parallel-processing power available"

A better (but still not great) way to do it is to take 100 random numbers, hash them a trillion times (in parallel), then use each hash to successively encrypt the starting seed for the next hash. The last hash in this chain is the private key you encrypt your data with. You release the first seed and each encrypted hash and the encrypted data.

To brute force your key someone would have to hash the first seed a trillion times, decrypt the seed of the next hash and hash it a trillion times and so on until they get the key. This can't be parallelized, but you can generate the hashes in parallel.

It's still not great because you're probably not using 100 of the best possible ASICs for your chosen hash, whereas an attacker might or might not.

https://www.gwern.net/Self-decrypting-files


There is probably a distinction between personal software and websites in contrast to accounts at web services. The fundamental point here is who is in charge of running a service. Even the self-hosted website is probably entangled with a contract for the domain and a contract for a VPS, as well as updates and maintenance. Similiarly to a family residence left behind, such things have to be managed: Who is capable or can pay neccessary reparations?

It will probably quickly turn out that things which currently look important are unmaintainable for the long term. Software updates are expensive and even companies frequently do not invest budget in old software.

This does not render the indiweb useless on the long term in contrast to a mainline blog provider such as medium.com, it just gives it another quality. To cover such services: Even if they guarantee you today the service will be free "forever", they do not need to comply with that in 10, 50, 100 years. Where is geocities today? I think in the digital age, decay goes much quicker then in the past.

What can be done is to make sure information go to well-preserved standards. PDF-A, static websites, https://archive.org/ , these are more likely to hold up for a longer time.


Easy button: Set your spouse's email (or whoever is appropriate) as the recovery address on your Gmail. They should be able to reset passwords on most anything else from there.


Google even has a designated feature for this, Inactive Account Manager.

https://support.google.com/accounts/answer/3036546?hl=en


I'm using this, if I don't touch my account for a while it gets nuked.


I've given this a LOT of thought.

I have several storage arrays of data (about 100TB currently). I've amassed every family photo I can get my hands on. Important TV, Movies, Books, Audiobooks.

I'm working on software to annotate the data and provide a "guide" of a sort of a "Young Lady's Illustrated Primer".

I'd like to be able to hand my daughter a hard disk or whatever the equivalent is-- of everything that was important to our family and to her intellectual development. In the case of my untimely death-- I'd like her to have a chance at avoiding some of the lessons I have paid entirely too much to learn.


Years ago, my father was diagnosed with Stage 4 cancer, and given a 55% chance of surviving six months. The immediacy pushed him and my mother into writing out the book they'd been thinking about for years, a book on manhood for their sons.

He ended up surviving it, and actually being declared cured--chemotherapy+radiation worked really well for him. It was a terrifying time, though, and I was really glad that they took the time to write down these things for us in case we lost him. They ended up publishing the book and it's sold tens of thousands of copies, but for me it's still the book my father wanted me and my brothers to have if he wasn't there to talk about it.


What is the book?

My mother wrote a children's book called The Magic, about my brother & me. It wasn't pressured by death, but having something written for / about us by our parents is a very special treasure.


You might also consider creating a video of yourself explaining what these things are, why they are important and how to access and use the data.

That would also be a good opportunity to share thoughts with her that she may appreciate more when she has matured. Life seems to get in the way of saying some of the most important things. I have so many regrets about the conversations I was never able to have with my mom. She was a single parent and died at a young age. Our last conversation was an argument.


Wayyyy ahead of you :) But thank you :)


I too have scanned all the photographs from my family and my wife's family. The oldest is a tintype of my father's paternal grandparents, circa 1868. The scans are on a RAID 1 NAS, backed up nightly to another RAID 1 NAS, with other periodic backups. But it seems unlikely any of these copies will last another 150 years.


Steven E. Foster, a bartender whose magnum opus was at one point available at mixdrinks.com[0] and later at brightredlipstick.com[1], had a section on the latter site labelled 'Look At Old Pictures Of My Relatives, So They Are Not Forgotten.' Here's an example: http://brightredlipstick.com:80/pictures2.html

He wrote 'Live Each Day - Make Your Life Extraordinary - To[sic] Soon It All Ends' in the header of those family pictures, and sadly it ended too soon for him; he died in 2016[2]; his obituary notes the he 'aspired to publish his self-written bartending book "Drinks for the 21st century."'

But his family photos were indexed by the Internet archive, and maybe now a few HN readers have seen them, and seen his own picture, and his memory lives on just a little bit longer.

[0] https://web.archive.org/web/19991012192746/http://mixdrinks....

[1] https://web.archive.org/web/20070403211755/http://www.bright...

[2] http://www.wacotrib.com/obituaries/foster-steven-edward/arti...


There's archival Bluray format called M-Disc which claims to have a several hundred year storage life and to be "impervious to environmental conditions". You can get the writers fairly inexpensively, and the discs are $88 for 5x100GB on Amazon.

I never believe the projected lives of the things-- but consider it like everything else to be part of a safety net. I burn the irreplaceable things to those in addition to a normal backup strategy.


Perhaps consider making multiple copies to optical media using parity data on each volume. Writing rar and par files to multiple DVD's should suffice. There is of course the risk that not many people will know what a DVD or rar/par file is in 150 years.


What if you print it to microfiche?


Can you say more about the annotation aspect?


I don't want to say a lot about it because the idea is way, way ahead of its time. I will however point you to a book called "The Diamond Age". :)


How are people dealing with crypto/bitcoin inheritance?

Dead man's switch (or euphemistically, "Google Inactive Account Manager") that emails inheritee(s) with instructions for retrieving encrypted keys from a safe deposit box or other location, along with password for decryption and distribution allocation?

Just giving private keys directly to your lawyer, sealed in your will, or encrypted with some type of challenge that only inheritees would know?


There are a couple of cryptocurrency inheritance management startups: https://www.digipulse.io is up and running and https://safehaven.io at the pre-ICO stage. Disclaimer: I haven't researched thoroughly so I can't comment on how secure etc. these are.


I'd expect https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing to become the standard way, but I don't know how easy it is to set up yet among non-programmers.


How have people always dealt with this? Wills and lawyers. Why is HN trying to (poorly) reinvent probate law? Yes, give the keys to your lawyer. Or, if you’re uncomfortable with that, open a safe deposit box and keep important documents there that your lawyer/family can access after you die.


a bitcoin private key is essentially a piece of gold bullionl Keep it locked up somewhere safe, and give the key to someone you trust.


I once played with the idea of some dead man switch triggering an event where it gathers a pool of pre-designated friends from Facebook into one group chat. There would be a bot guiding through opt-in to receive dividends of my wealth into their wallets/bank accounts. The idea was that if I'd have any side hustles, e.g., projects which are mostly autonomous, those would run their time and pay dividends until they deplete or become obsolete. Same would happen to my crypto assets and whatever holdings my sole proprietorship still has.

The idea to gather the group chat was that tech-savvy people could help those in need of technical help and people could conglomerate together to reach out to people who are not active on Facebook. I imagine it to be fair that people who've helped me during my life would be offered an opportunity to receive tangible value for their positive effect in my life.

As for online accounts in general, I think those should die with me.


> There would be a bot guiding through opt-in to receive dividends of my wealth into their wallets/bank accounts...

The bot is called a “lawyer” and the process by which someone receives your wealth is called “executing a will”.


Ah, it didn't cross my mind that I would have needed to be explicit about the fact that my scheme is practically inheritance tax avoidance.

Practically, while possible, leaving an inheritance in my current country of residence for anyone outside of my family is imposing negative tax consequences on another. And that's not a gift in my book, more like showing up on your door in a foreign country asking for help, followed by a quick notion that the government is also after me.

With all these lawyers, their leetspeak, and lengthy processes posing friction it's not a worthwhile effort to practically leave any change after me, thus why I thought to slap a "smart contract" on it.


This anti-lawyer rhetoric you're getting is comical. Your suggestions are solvent.


What happens if Facebook dies before you?


You port the solution to the new hotness...


Reality check: after you die no one really cares about your stuff or is going to look through your social media photos.


Many artists have become famous after posthumous publications, at times of stuff never published in their lifetimes.


I have one dead person on my Facebook now. For the first couple of years she would be awkwardly wished a happy birthday by some of her "friends" who obviously didn't even know she had died.


I had been thinking about it for quite some time, but nowdays I think I don't care. Whatever will be, will be - but I live alone and my github projects are totally worthless.

Maybe I'm growing bitter with the years, but I think that the Internet is an abstract concept - it doesn't exist, it's just bytes and bits.


Not exactly an answer to your question, but I have one folder in my inbox called "biographaphical" where I archive any personal communication, even the mundane stuff, but not bills and invoices and alerts.

I plan to set up something to archive that folder somewhere accessible, together with various chat logs. This is intended to be the digital equivalent of the "box of letters in the attic", which anyone who survives me and is sufficiently interested can access. I decided to do this when looking through old letters and realising that the digital era can, if we're not careful, put an end to the possibility of going through the correspondence of the deceased, which would be a real loss.


I use Dashlane for this purpose and have provided my wife access...the way it works is she only gets access if her request is not denied by me after 72 hours. Presumably on death, she requests access and 3 days later has control over my accounts.


all my public stuff is on github and forkable. all my private stuff that i want people to have access to, they already have access to now. everything else can die with me for all i care.

"Nobody exists on purpose, nobody belongs anywhere, everybody's going to die, come watch TV."


"Wuba duba lub lub!"


Try that again.


wubba lubba dub dub :)


I don't have social media profiles. Only HN and Reddit, where the latter is unimportant, and the former, well, nothing needs to be done.

Any digital asset worthy of a look are in my computer (and in a separate backup drive). All my personal data resides in a special volume, which is mounted at a directory under root path, and almost everything under $HOME is a symlink to a directory in this volume, or in some cases a symlink to a directory symlinked to another directory in that volume. At the root of the volume there's a Readme.org file, which lists all the important paths.

Among tens of gigabytes of data, there's actually a few megabytes worth saving: all my notes (agenda, research, etc.) and writing (blog, research, literary stuff), all of which conveniently are located in a specific tree, most if not all in Org mode format; and my bits of code, should I produce a project of importance in the coming years. I use pass(1) and gpg to encrypt lost of stuff, including passwords, all of which is better never recovered.

This was not a personal "doomsday" plan (given also I'm still in my twenties), but it all emerged naturally from the normal way categorisation and hierarchy among files and directories work. And I recently added that Readme.org file to formalise the fundamental bits of such hierarchy and categorisation. But I do reflect on, from time to time, things like "what would happen if Fernando Pessoa encrypted his $HOME?"


You know what I'd love to do if my child/sibling/father/mother passed away?

Learn how Unix works.


Your decision to stay away from social media, any reason for that? I ask this only because for someone in your twenties, the pressure to get on social media must be extremely high.


I have a family 1-password account that I share with my wife. In our shared vault I have 2 secure notes: 1 that explains the process of how to unlock my 1-password vault, and another note that highlights which of the +200 accounts are important. That last list only contains about 20 accounts, some financial, some work related. For difficult technical recoveries, I've listed the name of trusted people that can help her.

We've gone through the notes together so she knows what to do.

Inviting my parents is the next step.


Maybe it is better your code dies with you? If it can't be completed in your lifetime why should next generation suffer?


I think about this a lot. At one point I almost built a Keybase-like application for Shamir's Secret Sharing to see if it would be useful for automating at least some bits of digital will/trust escrow, but that idea ran aground of 1) not enough attorneys/solicitors are technically competent to see a need for it yet, and 2) the general legalities of digital assets as a whole is a weird, currently untested in the court system wild west rabbit hole that attempting to educate on (1) quickly falls into (2).

I think at some point we may need to sit down as a software industry with the law industry and draft better laws protecting digital assets as inheritable assets.

Some easy examples:

1) Digital movie unlocks on platforms like Ultraviolet and/or Movies Anywhere. Are those unlocks inheritable? The service agreements are unclear, and the "family account" adds additional gray area.

2) Software Licenses and Software Subscriptions/Accounts. How many EULAs bother to mention inheritable rights other than to squash them or send them to mediation? Which of the App Stores support family sharing? How many have yet thought ahead to inheritable rights?

3) Are the GDPR Rights (Right to Erasure, Right to Rectification, Right to Access by the Data Subject, et al) inheritable? Right now the easy answer is that they don't mention the idea at all, and at least some of the GDPR implementors' heads might explode if they thought they would also need to consider survivors' access to those Rights.

There are likely to be some huge coming legal battles over some of this stuff, and its something that I feel surprised not enough legal minds are even considering today.


Based on recital 27 "This Regulation does not apply to the personal data of deceased persons. Member States may provide for rules regarding the processing of personal data of deceased persons." Source: https://gdpr-info.eu/recitals/no-27/

So it would mean that companies would not be obliged to comply with GDPR.


That is an interesting punt by the legislators.


Digital movies are inheritable.


I agree they should be, but the fact of the matter is that its not that simple. A digital movie unlock in the systems I mentioned are a "service license" where your relationship to that property is via the service's Terms & Conditions. There's not "digital asset" law that currently takes precedence over such T&Cs and it's not been tested in court (to my lay knowledge at least), if those are inheritable.

More directly, if we look at Movies Anywhere's T&Cs [1], here's the main description of your license:

«Within the Territory and subject to the terms and conditions in these Movies Anywhere Terms of Use, Movies Anywhere grants you a limited, personal use, non-transferable, non-assignable, revocable, non-exclusive and non-sublicensable right»

I am not a lawyer, but the keywords there seem to me to be non-transferable and non-assignable. That is meant to keep you from reselling movies unlocked in your account, but also implies that the right is not inheritable. So too, the words "personal use" may imply "you and only you". Though that is a fun gray area in the terms because the system allows family accounts that bend past "only you". That's also why there is gray area in inheritance cases. The T&C as written would seem to me to bind only to you, not your family. Disney has the right to suspend your account for any reason at all, according to the T&Cs, but if they did need a reason "your death" is pretty clear because at that point the T&Cs no longer apply to "you".

Again, I'm not a lawyer, but this seems a pretty big and ugly minefield for digital assets that I would love to see more frank conversations about. I think it is a missing EFF plank, at the very least (and I've mentioned that with past donations).

[1] https://moviesanywhere.com/terms-of-use


Yes. Apparently some people are creating Trusts which actually hold these licenses, but the idea hasn't been tested in court.


What Aaron Swartz did with http://www.aaronsw.com/2002/continuity seems kind of relevant. Of course what he said he wanted to have happen and what the people who had access decided should happen weren't the same thing. Would have been interesting if he had of automated it.


I don't.

I've made sure family know which brokers my money is with. Everything else can crash & burn.


Nothing matters in the end...


Exactly. Or to partially quote the 11th Doctor from Doctor Who:

"...we're all stories, in the end. Just make it a good one, eh?"


But what if you have digital assets that are generating revenue without needing much maintenance?

This revenue could be going to a family member for many months or even years after you have expired rather than just coming to an abrupt halt because you were paying for hosting month to month.


Just make your spouse/immediate family member aware of your finances. They should always know where the money is coming from. If your family somehow is not aware or does not understand how the food is coming on their table, then it is not the right way of leading the family. Your significant other should be aware of your income sources and debts. They should never get surprises doesn't matter whether your are alive or dead.


I work on the basis that nearly nothing I have is of much value when I die. I aggressively prune my data on an ongoing basis as I'm doing it. Any bill over store years old, I delete; any unflagged email over three years old, I delete. I'm keen to proactively reduce the overhead of dealing with this stuff myself and for those I leave behind. I keep very little in the way of ephemera, and generally scan important letters and shred/recycle the originals.

I store all of my logins in pass[1], and have the store synced in Dropbox. My will has the password for my GPG key and my Dropbox in it. I realise that's a potential security hole, but the copies are sealed and held at home and with a trusted friend, so I consider it relatively minimal.

I also print out all of the important photos I've taken. It's a pretty low-tech solution, but it's a proven one: I have albums and photos from both sets of grandparents and great-grandparents precisely because a hardcopy photo doesn't need software to use.

[1]: https://www.passwordstore.org/


Many online soft purchases made with a unique mailbox I own but the rhs@lhs.org domain I own also. So.. when I'm gone the ownership of the email identified will vest with who gets my domain.

The IPR lawyers hate this and want to say "no no no you can't vest rights in those MP3s with your son" but they're going to struggle to show a loss of continuity in the licenced holder.

Personal domain be powerful tool.


I'm curious, how do you make sure the domain ends in the right hands? Can you put it on your will and will the registrar respect that?


It was a thin forest of hits in google btw. So, not a field which is well ploughed. So my assumption the domain is heritable is probably moot. But, what I really meant is that its an artifice which makes it significantly less likely an IPR licence through an email account falls fallow: The domain possession means my heirs can ensure the rhs@lhs.com always responds, so they can do password recovery and ID checks through email to satisfy they "own" the account. Obviously if it falls back to real-world ID checks, they're hosed.

I didn't mean to imply what I do is intruding a legal mechanism to acquire IPR by transfer. The law says I bought exclusive use, for me and regards the MP3 licence to use as a thing which dies with me. The email chain is going to say "yep.. this mailbox responds when you ask for money" and so the issuing MP3 licence issuer is going to say "I see no interruption in service to the identity I apparently sold the IPR to" so whilst in law, I'm still breaking the law, in practice, I don't think people are going to know. Then, when the new owner subscribes to an 'all you can eat' MP3 service which scrapes the id3 info and says "your tunes are in me" the music will be re-identified, and I suspect their permanency will be enshrined through that agency, even if they terminate the rental agreement: most of the ones I used let you use a one-time bulk downloader to get back the tunes you uplifted by signature.

Its not me@lhs.com. its a generic like sharedmusic@lhs.com or music@lhs.com or family@lhs.com btw.

(and I wish it was lhs.com)


I think the transfer of the domain as a heritable use is arguably stronger than licenced IPR. but you're right to question the assumption. Worst case my heirs can use my keystore to open the registry account, unlock the domain and transfer it to themselves for fee if need be.


Anything public - it's open sourced.

Anything paid - it's in escrow

Anything private - it dies with me.


Escrow how?


You have 3rd party companies which provide such services [0].

I personally just built an automated git push + email that will get sent if I don't stop it every week. Simple, Clean & Free. And my email has been prepaid for ~2 - 3 yrs (and I pay every year so it gets pushed ahead every year).

[0]: https://www.codekeeper.co/ - I don't personally use it. I found it on google.


https://en.wikipedia.org/wiki/Source_code_escrow


wow, I had been meaning to ask something similar on HN for a while, and was still figuring out how to best word the question.

Basically: How do you make sure the effort that you put into building something for the long-term, isn't wasted and forgotten when you die, especially if you're kind of a loner and have no friends/family who would care about it?


I'm not nearly interesting enough to anyone besides myself for anything that doesn't already have a controlled exfiltration path to need one. My assets will go to various parties if/when I drop off and the rest of it is so uninteresting that it'll probably just be thrown out after collecting dust for a few years.


Well, I'm biased because it's my company, but we use VESvault CloudDash matrix for this. It allows you to encrypt, organize and share critical information to specific people or a team. You can set up an "entity" which can be a family, business, team etc. Each entity has it's own matrix - rows are people, columns are apps or items that you create. For each cell, you can deposit critical information such as passwords and then selectively share it with each person. For example, you can create your bank as an app, deposit your banking information and share or not share it with each person in the entity. If you don't share it, even it you die everything is organized and can be retrieved if you properly set up the VESrecovery function. So your personal stuff is encrypted and protected, and yet it is shareable and recoverable. www.VESvault.com


What happens if you go out of business?


The way I read that question is that nobody should use any app or cloud service that has personal information for fear that it will go out of business. In this regard, CloudDash is no different than any other service. Of course, you can always print everything out and put it in a drawer as a backup to address that concern.


Could put something like a 1password (or other password manager) key/password somewhere accessible.


You anyway need an offline backup for such keys/passwords in case you forget them, lose them, or they get destroyed in e.g. fire.

E.g. it's not safe if the passphrase for your password manager or cryptocurrency wallet is only a single copy in your head; there are all kinds of plausible traumatic events/accidents resulting in things like prolonged hospitalization (e.g. what if you get hit by a car?) that may result in you misremembering some detail.

If you have a backup of the "master keys" in a safe somewhere, then they're not only a backup for you, but also for whoever inherits that safe.


I'll admit I've considered the amnesia scenario before. Haven't done anything about it yet though. Might need to start thinking about that.


It's not even amnesia - any life event that's serious enough to simply force you to not use some password and require you to stressfully think about something else for some weeks can be sufficient to misremember anything that's complex/random enough to be secure.

E.g. a loved one getting a near-death event and suddenly needing lots and lots and lots of attention isn't really an "amnesia scenario", but might be sufficient; the same applies for the (admittedly rare) scenarios where travellers have gotten kidnapped by criminals or detained by third-world authorities, and people who have had to suddenly evacuate out of, for example, Syria. If you're out of action for some time, you may realistically be unable to recall exact details that aren't relevant to daily life in your changed environment - such as passwords. I've even seen breakups or divorces being traumatic enough so that people wouldn't care about anything at all for quite some time; and I can also imagine that a "less than perfect" childbirth and its consequences occupying all your thoughts and cares (and sleep!) for a week or two would also suffice.

There are all kinds of scenarios that trigger mental breakdowns so that, for example, people don't care about eating for days simply because what's happening right now is more important, immediate and overwhelming. In such cases they wouldn't also care about their digital suff, and when (some time after) the situation normalizes, and they get back to caring about access to their digital resources, there's no guarantee that they'd be able to recall anything that's not a basic, instinctive skill.


You could put it in your will, right? That way only your lawyer has access, and if you die then it is released based on the instructions.


I'd strongly suggest NOT putting it in your will - more people than you may think end up taking a look at the will.

Off the top of my head, based on acting as (co)executor for my father:

-All executors

-Lawyer

-Bank teller (x2) who took photocopies so they know who the exeuctors are

-Car insurance person, same as above

-All potential beneficiaries, so they can challenge it if needed (this is a part of probate)

-Once it's in probate, pretty much anyone

I'd say it's safer to have in a "in case I die" envelope next to the will, but explicitly not part of the will.


So, I'm using an open source password manager (KeePassX), and syncing the encrypted password database over several devices. Hopefully this gives me protection from loss from this data and I've thought about giving somebody the passphrase, in some way. I guess I could write it in a will and seal it up or leave it with a solicitor, but I think the best thing might be to give it to an old friend of mine who I don't actually see all that often these days though I met him at uni, 30+ years ago (but I went to both his weddings, was best man at one of them). I'm pretty sure I could trust him to know how to close the accounts and/or give the details to my next of kin.


You could also use something like Shamir's Secret Sharing algorithm to include a piece of your password in your will, another with your old friend, maybe a third in a safety box with a key in escrow with your solicitor, and make it so that it takes two of the three pieces (or n of the k) to recover your password.


If you are interested in transferring digital data with privacy without having to provide your descendants an ever-changing password... you could use "YourDigitalFile"- which uses keysplits, a nomination process (who receives your file after death or incapacitation) and an escrow. *disclosure- I work for YDF. As our founder came to learn- and this inspired him- sometimes it is important and no-one knows how to get access. https://www.yourdigitalfile.com/data-legacy/


Who cares about software and github repositories after death? I certainly don't.


Planning with Legacy Concierge may be step one. Build an electronic vault with its app and/or enter lots of information in a secure encrypted location. Use the contents of the vault upon death. Post-death activities involve the court, an estate administrator (usually an attorney) and a personal representative with fiduciary duties. By law, the fiduciary cannot impersonate the user; the Revised Uniform Fiduciary Access to Digital Assets act (RUFADAA) makes this very clear. Each state has its own version of RUFADAA. To be continued.


I was asking this question to myself lately and started working on some flow:

https://raw.githubusercontent.com/yasinaydin/yasinaydin.gith...


The public stuff gets mirrored by the Internet Archive, so it will hang around after I stop paying for hosting, even if a bunch of URLs break. If it disappears from the world, so be it. I would honestly prefer that my social media profiles disappear entirely, but I'm fine if they just become stale and forgotten.

The private stuff like bank accounts should be hackable for someone with access to my computer. That's not particularly pleasant -- like digging through a dead man's pockets -- but the important parts will be worth the trouble.


Atm I guess what would happen is that some of my servers would keep running for a few weeks and then shut off.

Most of my data is synced but encrypted, only I know the password.

My family would be unable to access any of my data (including the linux ISOs and art collection), I'm not sure if there would be any interest.

My biggest concern would be that my digital hoard would be lost, some of the data I have stored isn't available on the internet anymore. Would be a shame to loose it.

Maybe I should set something up with my family to ensure continued existence of my hoard.


Digital assets are only part of the legacy; there are electronic records and financial documents that need to be collected. Electronic records are maintained by over 100 agencies and these records were created with a variety of keys. Once the Letter Testamentary is issued, the estate administration can begin their tasks. First steps may be removing, marking or locking records belonging to the deceased. These exit activation procedures help prevent identity theft.


I recently contacted Archive.org to ask if they had a "time-capsule" option... could I upload now and have it made public in xx years. They don't, but I wish they did. Not so much for friends and family but thinking that there may be some historical value to my archives in the future.


Anyone use Google's service for this?

https://myaccount.google.com/inactive


I keep a free wordpress.com blog assuming it will last longer than me.

Further to that I have my keepass password manager with the master password written down on paper.

Then my spouse has access to my email and knows from keepass all the accounts I have.

I'm not sure what to do about domain names. I guess they'll just lapse and free up for the next in line with my name.

I think twitter and Facebook accounts should be nuked. I've never said anything important there.


For my own things, my accounts will just linger until the provider either goes out of business, or until account inactivity leads to deletion. Hopefully I wrote something witty or clever prior to going on permanent vacation.

If I had my own small business, I would set up a legal trust and specify who and what is required to access a bank safe deposit box and what information was required to decrypt things.


I worked for a startup that helped to track and store your digital assets, as well as standard ones like insurance and bank accounts. The platform allows its users both to share access and set up a chain of custody for your account in case of death. https://www.zokuvault.com


I use forever.com FOREVER™ isn't like other photo storage services. We're focused on providing you with a permanent digital home that will last for generations. It's like insurance for your photos.™

I just put the address in my letters to my brothers, and my son so they know where to find the things.


Having no talent and no achievements I have no plans for this. My only wish is my browsing history dies with me.


I am more interested regarding Crypto Management..should one share 2FA and Private Keys etc with the spouse?


Print everything out and seal it in an envelope with instructions for them to "open this when I die". If you don't trust them enough, give the same thing to a lawyer.


I would not worry about it. In a decade or so when this becomes a common problem, expect the major tech companies to come up with their own automated process to handle this. Whatever system you come up with now will probably be obsolete in a few years. I would just let the service providers handle it.


If only we had guaranteed lifespans.


I suspect most people on HN are their own service providers, to at least some extent.


I won't because I'll be dead.


I keep a set of Google recovery passwords printed on paper. Everything else online is tied to this email plus a draft mail with some offline passwords and instructions. But as the top comment mentioned - nobody cares.


They die with me; all encrypted. If there's something others need, I'll arrange for that beforehand.


That's good. But you're assuming you can control when you die. That's not always the case: what about accidents?


Been thinking about this as I setup web hosting for my clients sometimes. Suppose I'd need some way of getting someone to transfer ownership of the web hosting account to the client in case something happened.


I do the same using the "digital inheritance" feature in SecureSafe. https://www.securesafe.com/


You're probably cloning repos of dead people all the time. We all do.


FWIW, https://www.deadmansswitch.net/ has been mentioned on HN in the past.


hmm, I wonder what I could sell my digital identity for in the case of my death. There should be a market for this. /wry cynicism over


Maybe sometime in the future you can donate it to science like your physical remains? Or even to living people, like organs?


Everything will be as good as deleted since nobody will have my password - nor do I want anyone to. I do not concern myself with post-life as there is no evidence that I'll care when I'm dead. The few social profiles I have will just one day stop posting as if I finally decided I had more important things to do with my life, nobody knowing if I've simply left or if I've really left.

I have no friends and the only family that would care will, assuming we all die due to passage of time, have already passed years prior.


Here's a framework and protocol for handling your digital assets after your death:

https://arielelkin.github.io/articles/digital-estate-plannin...

TL;DR:

You need a digital estate planning protocol that is comprehensive, privacy-preserving, reliable, and convenient. The best solution is to use a secret-sharing scheme.

The following sequence is suggested:

  1. Alice encrypts her digital testament using a symmetric encryption algorithm, splitting the key according to a 
  secret sharing scheme.
  
  2. Alice publishes the encrypted testament.
  
  3. To each executor, Alice gives one of the shares of the encrypted key.
If you use a password manager, this is equivalent to giving each of your executors a slice of your password.

Feedback welcome :-)


Facebook has a "Legacy Contact" system in which you designate someone to be an "heir" to your account. FB Research published a great paper that ruminated about how complicated the situation could be, even compared to the traditional sense of inheritance of assets/brand that we have today:

https://research.fb.com/publications/legacy-contact-designin...

I recently saw an edge case of how complex it is to manage online identity after death, in this WaPo article titled, "She wore the weapon in a photo with a friend -- then killed her with it": https://www.washingtonpost.com/news/true-crime/wp/2018/01/18...

This story is notable, for starters, because instead of using a screenshot of the photo, the article embeds the FB image directly, which means it is clickable and you can go to the user profile. What's even more unusual is that this photo was a selfie taken by the murderer (the selfie features both women), who then sent it to the victim, who then posted it on her own profile before getting murdered that night. And apparently, as most people her age, the victim didn't think about suddenly dying, nevermind designating an "heir" for her FB account.

Anyway, you can see the comments in that photo and guess that the victim's friends were very pissed about something. Not just about how the murderer (whose faux-woe-is-me comment can still be seen) commented, but because apparently the victim uploaded this photo (taken by her murderer) and used it as her profile pic. So the victim's friends apparently had a dispute with FB to get the photo removed -- or at least changed to not be her profile pic -- and were apparently successful after an initial rejection.

tl;dr: FB doesn't have a policy for when you choose a photo with a friend as your profile pic, but then get murdered by that friend.


This would be a good use case of having a trust and a last will and testament, that provides instructions to your friends how to decrypt a password container, keypass, etc... that takes FB out of the loop. The executor or beneficiary can log in and update the account to something appropriate.


That adds some complexity though. Not just the problem of the key getting lost, but of the "friend" deciding to break into your account while you're alive. Or they key getting compromised some other way.


That isn't how a trust / will works. Your friend won't know about the account information until you have passed on and your lawyer contacts them. You could certainly make them aware of the fact this will occur ahead of time so they don't ignore the legal notice or phone call.

As to whether you can trust your friend or not, that is a different matter all together. You have to pick someone you can trust. If no such person exists, just close your FB ahead of time.




Applications are open for YC Summer 2023

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: