Hacker News new | past | comments | ask | show | jobs | submit login
Hacking My Mother’s Phone to Save Her Memories (nytimes.com)
127 points by tysone 14 days ago | hide | past | web | favorite | 81 comments

After going through my dad's computer while trying to fix it for him, I realized that there are a lot of things I really don't want to know about my parents. Everything I know about them is enough. Digging through their texts, their browsing history, their emails, etc is not fair in my opinion, and better left unread.

This sort of experience is fundamental to developing an appreciation for privacy. It just feels bad on a pretty basic level to have your privacy violated, or to uncover things you weren't supposed. Here's my two big transformative privacy moments.

I'm fifteen and talking online with various strangers from all over the world, as one did at the time, and one night at 3am one of my closest friends calls me as a joke. It was an older man from a different country. My mom answers, freaks out, and wakes up my dad who comes into my room and drags me away from the computer and asks who the hell is calling for me at this hour. I tell my dad it's a friend. He asks me who. I tell him his internet handle and my dad calms down, tells my mom it's okay, and sends me to bed. What I put together later and through similar experiences was that my dad had already vetted the guy. He knew everything I was doing and saying to people. Everything. It took me a long time to understand he was a nervous, technically-minded parent navigating a new aspect of parenting in the early 2000s. But the feeling of paranoia and violation lingered.

The second experience was being an insecure teenager and accessing people's emails and msn conversations. The things I learned were things I didn't want to learn, and weren't fair for me to know, and they just made me feel bad, untrusting, and slimy. But I'm grateful to have learned that early in life. I don't care about other people's emails or texts. I have zero interest or inkling to go through anyone's phone or data out of a basic level of understanding and respect for privacy.

The dad story sucks. My parents spied on me when I was in high school too. That was the first time I learned to use Linux. However. It didn’t really do anything to me. I was furious at the time. But now a decade later it doesn’t matter at all.

I don’t think I’d care if someone close to me goes through my stuff if i die. And I don’t think my parents or brother would care if I go through their stuff if they pass away before they can set up how to deal with their digital stuff.

The only ramification I can think of would be my father being sad at seeing some of my behavior which he would view as immoral because of his conservatism.

Though on the other hand. I stumbled across two secrets of a close relative because of some physical disks being left behind when they went off somewhere. I’ve never brought it up to anyone. I do wish I never knew them. And I do believe many people would negatively judge what was seen. That would be unfortunate.

I guess I don’t think being so black and white with privacy like HN usually is, is so obvious. Like how I don’t value my privacy if I die that much.

Parents have a duty to protect their children, including from themselves. That said they also have a duty to allow their older children enough freedom to learn independence. It’s a hard problem and there’s no algorithm.

> I don’t think I’d care if someone close to me goes through my stuff if i die.

Do you care that those you communicated with might care? It's probably not going to be just about you and your family.

This is what I try and get across to people who are snippy about me not letting them touch/look at my phone - "There are other people in there, not just me".

I will share a funny story when my grandmother died.

She and my grandfather had started a photography business before the days of color photography.

They had their own darkroom and were early adopters of motion-picture cameras.

My grandfather had passed many years beforehand.

Anyway, I found some 8mm film of her and my grandfather when they were first married, somewhat similar to what a couple on Snapchat would record.

I did not share this with my parents.

I have a similar story.

I bought a used NAS at a garage sale. The woman said it was her husband's, who had passed away a couple months ago.

I took it home and fired it up. It didn't have a password on it or anything. So I went looking through photos of the backyard, birdfeeders, and thought "wow it's so sad this stuff was just given away". I felt bad for the family who might be missing all his photos.

Then after a few more minutes it got way darker. The NAS had what looked like child porn on it. Some candid videos of a teenage girl adjusting her bra when she thinks nobody's looking, some more hardcore porn with someone who either was or at least tried really hard to look underaged.

So now here I was, in possession of child pornography (maybe?), on a drive from a garage sale, belonging to a dead man. That is a fucking dilemma. A million scenarios ran through my head. Was this was some sort of set-up? Would I face criminal charges for possessing this?

I took it to the police, they eventually reviewed it and told me there was nothing illegal on it. They asked me if I wanted it back, I told them to dispose of it.

I would have gone to the police with my lawyer, I would have asked for everything I say to be recorded. You were trusting the police to do the right thing bye you. Risky strategy.

Yeah in retrospect I should have just put a drill bit through it. But at the time I was just very afraid and wanted to do "the right thing".

Wow that was really risky taking it to the police. You never know what a bad person might do or what story they might push for.

Agreed. My father is currently fighting multiple myeloma. The treatment will have a risky phase in hospital where his immune system will be rebuild.

He is, in preparation, currently organizing a packet of information and passwords (Keepass) which I need if the worst thing would happen. The rest I will respectfully erase. And I hope my relatives will do the same for me.

Not quite what I expected when I clicked on this, but anyway.

I would never treat my phone as my only copy of my data. I don't consider phone storage to be permanent OR a backup.

If you're into preserving your memories that are locked into your online services and apps like Google Photos, Facebook, Twitter, etc, I've started a project called Timeliner which downloads your data to your own home computers: https://github.com/mholt/timeliner - I run it on a cron every week.

A phone is particularly terrible as a single copy of data because it has a high exposure to theft, physical damage, and water damage.

And just as importantly, phones are practically irreparable. Phone dropped and screen cracked? Good luck, unless it's an old Android (which don't prompt before allowing their storage to be mounted). Laptop dropped and snapped in half? Just take out the drive and put it in another computer.

I'm not sure why you would make this claim. I've replaced the screen on my partners phone in a couple of hours with no previous experience. There's an entire industry of phone repair and data recovery.

I don't know what kind of phone you have but that's just not true. OnePlus for instance will replace your screen for £89 even on a brand new OnePlus 7 Pro, and it takes about 5 days to get it back.

I've been looking for something like this for Reddit. I'd love to be able to pull down all of my comments there (ideally with context).

The only things on my phone that I don't regularly back up are text conversations. I've seen tools that forward all your texts to a gmail account, but I'm not really looking to give all that data to Google assuming they aren't already reading them off my device.

I've used SMS Backup and Restore on Android. Exports to xml, and can include mms if desired.

It's pretty good overall, though emojis can cause issues. They offer 2 settings on how to handle them.

I'm using Signal for text messaging as well, and thus can use its automatic backup functionality (only on Android currently, I think ). In case it's useful to you.

Sure, contributions welcome if you want to add reddit! I'd use it too. :)

As for text messages: that's on my list, but I'd have to learn how to write a mobile app first. If anyone is serious about contributing that, let's chat in the issues about an app design.

Last I checked reddit only shows your your last 1000 comments. So it's impossible to get your older comments. I don't know how they do this in light of GDPR's data portability requirements.




But what you can do is download every single comment on reddit, then search through that to find yours. See https://www.reddit.com/r/pushshift/

Cool project! I think there is definitely a need for something like this. I've achieved something similar by syncing Google Photos to Google Drive (https://support.google.com/drive/answer/6093613) and then using Google Drive for Windows to sync to my local computer, and then run restic periodically to store snapshots in Backblaze B2. It sounds like timeliner would make that a little easier, with some more powerful capabilities.

It looks like timeliner requires your phone's files to be uploaded to a third party cloud beforehand.

If you want to directly backup files from your phone to your home computer or NAS, https://syncthing.net/ and https://www.resilio.com/individuals-sync/ have android, iOS, desktop, and NAS support. It's what I've been recommending to PhotoStructure's beta users, and both seem to work well.

Can you link to iOS version of Syncthing? Main page doesn't link to it.

Huh, I could have sworn there was, but I don't see it there, either.

On iOS I've only used Resilio Sync, fwiw.

A nice feature of plex media server is that the app on your phone will back up your photos to your home server.

Weird title. They never managed to get in to the phone. They just took the SIM out and put it in another phone to use 2FA SMS codes, along with logins they found written down.

IMO hacking is getting into a system by any means. Ultimately they were going after the "memories" which were all stored on the cloud. They needed to get into that. They determined they didnt need to get into the phone in order to get into the cloud.

>"Hacking my Mother's Phone"

I agree with your definition of hacking but the explicit goal was to get into their mother's phone, which they didn't. Ultimately they achieved their goal, yes, but via a different method than the one they originally attempted.

Except they didn't get access to iMessage or other things encrypted locally on the device.

I thought iCloud contents were all encrypted?

  No one else, not even Apple, can access end-to-end encrypted information [1]
[1] https://support.apple.com/en-us/HT202303

End-to-end encryption only works for “certain sensitive information” according to your link. A close inspection at the link you provided reveals that just about nothing of value aside from the Keychain is E2EE.

They got access to her iCloud account.

I'd feel a bit weirded out at the prospect of someone going through my digital records after I pass. Not so much for my own embarrassment (I'd be too dead to feel that, after all), but to protect the trust and confidentiality of everyone I've communicated with.

On the other hand it would be super interesting if we _could_ get in to people's data maybe several generations after they've passed. Imagine what historians could learn about what life was like hundreds of years ago if those people left the same digital footprints that we're creating today.

But also imagine all the wannabe journalists that would just do character assassinations on long-dead people revered as heroes for a quick buck and some internet fame. They would completely ignore all the harm it would do.

Worse, there would be those that would do that same thing with plenty of intent to cause harm, especially to the groups they are prejudiced against.

It's the problems from the "right to be forgotten", but taken to the next level.

> But also imagine all the wannabe journalists that would just do character assassinations on long-dead people revered as heroes

That's an easy one. Pretty much anyone of notice living today will be labeled a "savage meat eater" and canceled. They will say "many people were already vegan, why was he/she still eating meat? Clearly a monster. Cancel"

If they fund industrial farming they would be right to make that moral judgement.

See the "Lasting Impressions" episode from "The Orville" which involves exactly that plot. Pretty good episode, actually.

The Orville (especially season 2, but really from ~Ep 4 onward) is actually a really solid series. I'm a big fan; after the second season it's really more like "TNG with minor Seth McFarlane moments" than "Family Guy does Star Trek".

With people sharing so much publicly (social media et al), can't historians learn about what life was hundreds of years ago without having to dig into private data ? :-)

At the end, it doesn't matter if you go through the digital or "analog" records. I had to do the same after mom & dad passed away.

I found a lot of open questions I'll never get an answer for. Ultimately, this made me a more open and honest person towards my siblings. They should never find something "surprisingly" in my digital or analog records. It also changed a bit how a communicate online. I never write something I wouldn't say anybody face to face.

Yeah I totally want my relatives hacking my devices and browsing through a collection of furry porn.

Yeah, I had to clean off a computer of a friend who passed to make it "safe" for his son to use. That was an eye-opener experience.

Can you share more on this? I'm assuming embarrassing content viewed or created?

He had some pay websites. He had told me once that his biggest revenue generator was girls dressed in superhero costumes, not PG-13 stuff.

However, one surprise was the VAST quantity of photos of women's feet.

I wonder how long (if ever) it will be until we have really good mechanisms for handling digital affairs after death. 1Password has the emergency kit [0] which I really should fill out and store alongside a will but I would need to write one of those first. It's just something that seems so.... antiquated? That's not the right word but writing a will feels like it will involve talking to a lawyer and not be cheap/easy. Does anyone have any good resources for setting up a will (also a living will if possible) through some software/service? I don't really want to trust my will to some startup but I'd use a product that put all the legalese together and I could just hand a binder to a lawyer or shove it in a security deposit box or something like that.

[0] https://support.1password.com/emergency-kit/

I've been diagnosed with Stage IV colon cancer. While I hope to be around for awhile yet, I'm getting things ready for my wife to take over our digital life. Setting things up for easy backup and retrieval, ect. One of the things I've started is a

Word document with instructions on how to backup, what to do if the computer crashes, how to handle 1Password, what subscriptions are important ect. It'll be printed out and put in the safe.

My opinion is modern generations are woefully unprepared for how to handle our digital stuff when we pass. Whereas before we had physical photos, video cassettes, ect. that were easily handled, now everything is digital, sometimes just on phones.

Having the physical photos still didn't mean we saved the context and relevance surrounding those images.

I've got boxes of photos from my Mom and Dad and Grandparents. For the most part, they don't have dates or captions. If I don't recognize a face, it's just random imagery that are, for the most part, just noise to my generation. If we knew why something was relevant, that'd be a different story.

If you can record your voice and retell the story behind an image, that could be golden to the people in your life. I only captured a couple of these recordings (just using my cell phone to record), and they're wonderful to listen to.

In the 1990s my cousins and I did a series of interviews with my grandfather about his experiences in WWII. Last year my cousin found the cassette tape of her interview and we all listened to it at Christmas. That was the first time I had heard my grandfather's voice in a decade.

In the 90s the stories themselves were interesting but now just having his thoughts in his voice is invaluable. I'd be equally happy with a recording of him describing his weekly coffee with his buddies, or what he had for lunch.

My parents picked up a couple of recordable storybooks for my 2 year old nephew. Right now those mean nothing to him but in 30 years they will be priceless.

I did record a special episode of my podcast just one year before he died. He was 86 at that time and my last living grand parent, so it was quite obvious, now or never. I'm really happy to have done 1.5 hours him remembering his childhood and youth as a German teenager during and after WWII https://jeena.net/pods/6 (it's in Polish/Silesian)

My other grand dad wrote a long letter just two days before he died. His whole life he was haunted by what he saw and did as a German soldier during WWII, and this is also what he wrote about in that letter which I later translated and published on my website http://paradies.jeena.net/artikel/zweiter-weltkrieg (in German) (need to fix the char set there too).

That is very precious material. As the world slides closer and closer to the last of those who saw these things with their own eyes dropping off the chances of repetition are increasing and their real life memories may be just what will stop the next round of madness. Thank you very much for doing this.

Wow that sucks. Strength to you.

Thanks. Ripe old age of 36 too. I'm optimistic though.

Oh wow :-(. I am around your age and this literally sent a shiver down my spine. More strength to you. Hope all will be well.

There is a startling statistic that shows colon cancer for older people is dropping, due to routine colonoscopies recommended for those 50+, but is increasing in those that are in their 20's and 30's. It's a more aggressive type too.

All I can recommend is that if one has previously unexplained constipation, thinning stools and/or blood in the stool, get checked right away and insist on a referral for a colonoscopy. My doctor initially thought it was constipation or IBS and it was two months before a referral to gastro.

In 5-10 years I think medicine will start to recommend a colonoscopy at age 30.

I use the 1Password emergency kit and put it in an "In Case of Emergency" envelope I left in our family safe for my wife. Has lists of accounts, insurance policies, etc, along with advice for my wife in a time of emotional turmoil. I wouldn't mind some kind of reliable service that could serve a similar purpose, but more proactively. My wife knows about the envelope, of course, but it would be nice to have someone on retainer that could step in and be a helping hand (with a fiduciary responsibility, too).

Probably exists, and I haven't tried too hard to find it.

In theory I like the idea of LastPass's better "inheritence system" better.

You set an account heir in the profile. They submit an access request after death, which the deceased has X amount of time to reject (in case of abuse/heir being hacked). If the request isn't denied, the heir gains full access to the account, including logins and passwords for all online accounts.

If you choose someone you trust and set the window to an appropriate period for rejecting false requests, i.e. not 3 days when I know I'll be off the grid for 2 weeks, it seems very secure.

Google has Inactive Account Manager[1], which lets you specify a user who can get access to your account after a specified time of inactivity has been determined. It also lets you specify if you want the account deleted after so much time.

I set it up a few years ago and get periodic reminders saying that it's setup. Lastpass offers something similar.

[1]: https://support.google.com/accounts/answer/3036546?hl=en

> writing a will feels like it will involve talking to a lawyer and not be cheap/easy

(Assuming you live in a jurisdiction that recognises them) a holographic will[0] is going to cost you nothing more than the time involve to write it out, assuming you have a piece of paper and a pen handy. You probably won't even need to have it witnessed.

[0] https://en.wikipedia.org/wiki/Holographic_will

Assuming you’re in the US, Nolo Press has been my go-to for this sort of thing for decades. Simple wills and living wills are, in most states, very simple.

In a related vein, I created a thing called VMSave a few years ago to let people easily save outgoing voicemail messages, something that the carriers make significantly harder than it should be. It’s saved almost 15,000 messages so far.


This is really neat. I despise voicemail and never use it but for those that do it would be wonderful down the road.


So it saves the "hi, this is John Doe. I'm currently not available. Leave a message after the beep!", correct?

Yep, exactly.

Cool! Now i'll be able to preserve my voice from 20 years ago!

This story is another testament to the dangers of using SMS as second factor.

Physical security keys seem nice here. If I am taken out by a bus my master password and backup security key can be used to get in to everything.

What happens if they get destroyed in the bus accident?

Or you go missing entirely (lost at sea)?

Backup security key implies that there are two, and he already plans for the primary one to be lost.

Can’t stand to read this. The parts of a person’s story they’ve chosen to keep private are the parts most likely to get interpreted and twisted—fragile, subjective, even mutable truths they’ve chosen to hold private. That choice is sacred. Shame on those who trespass.

There are some pretty explicit instructions as to what should happen to my digital stuff after I pass away, no need for any of my offspring to go digging around in there. If there is anything that I think they need to know I'll be sure to give it to them firsthand.

Seeing the title, I thought it'd be about Mom who dropped her phone, had a stroke, or whatever. And was still alive. That'd be sweet.

But for dead Mom? That's just plain creepy. Those kids might have learned all sorts of things that, in retrospect, they would have wished they hadn't. As in, for example, who their real Dad was.

Me, all of my machines and backups are full-disk encrypted (LUKS). With >64 character passphrases. So my memories will die with me. Except for those that I share online, anyway. And I do plan, as I get older, to share more freely. Given that there'll be less time to find me.

There's no reason to snoop on a dead person's personal data. It's a backstab to privacy.

Nothing to be proud of.

That’s why I think hard drives and passwords should become more widespread in wills

One takeaway: always put a PIN on your SIM card?

Don't use SMS based 2FA.

NIST recommends against it because it's so easy to hijack.

Is it easy to break a SIM pin?

What about taking control of the phone number itself? Unauthorized porting can probably be accomplished with a bit of social engineering.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact