this post was submitted on 22 Mar 2024
101 points (97.2% liked)

Programming

17313 readers
190 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]



founded 2 years ago
MODERATORS
 

This week I read a post about the death of the Boeing whistleblower, and how Boeing might have suicided him.

I don't care about if the rumors are true or not, however someone mentioned in the comments that in such situations one should always have a Dead Man Switch.

For those who don't know a Dead Man Switch is basically an action TBD in case you die, like leaking documents, send messages/emails, kill a server etc . . .

The concept tickled me a bit, and I decided I want to build a similar system for myself. No, I am not in danger but I would like to send last goodbyes to friends and family. I think it would be cool concept.

How would you go and build such service?

I thinking of using a VPS to do the actions because it would be running for a while before my debit card gets cancelled.

The thing that is bugging me out is the trigger, I will not put that responsibility onto someone that's cheating, so it would have to be something which can reliably tell I am dead and has to run regularly.

Where is what I come up with :

  • Ask a country association through email if am I am dead.

  • Check if I haven't logged out on my password manager in a week. If it's even possible.

TLDR; Give me ideas on how to build a DEAD MAN SWITCH and what triggers should I use.

top 50 comments
sorted by: hot top controversial new old
[–] solrize 81 points 8 months ago (1 children)

Leave instructions in your will for your executor to carry out after you are gone. The high tech stuff is not needed. Several times on forums or in other places, someone passes away and word gets around. In some cases the member's widow will log in to relay the news and maybe share some memories of the deceased. That means they must have been given the account password for such purposes.

[–] [email protected] 29 points 8 months ago

This one makes the most sense, and has the fewest failure modes.

[–] perviouslyiner 28 points 8 months ago* (last edited 8 months ago) (3 children)

Tech people are overthinking this. You pay a lawyer to do something when certain conditions are met.

Deviant has a talk about setting up a similar protocol for their group of friends to access passwords - https://m.youtube.com/watch?v=6ihrGNGesfI

In that case the protocol involved the lawyer contacting certain people to ensure consensus that the person is really in need of help, but the protocol can be whatever you want.

[–] ransomwarelettuce 13 points 8 months ago (2 children)
[–] perviouslyiner 9 points 8 months ago* (last edited 8 months ago)

The human in this protocol fixes the "false-positive" problem:

Consider the case where the technical system has just sent an alarm that "ransomwarelettuce hasn't been following their usual internet routine for the last week, and therefore they must be dead"

ransomwarelettuce meanwhile is unconscious in a hospital after an accident that destroyed their phone and all of its 2FA methods, but will eventually wake up and be super-embarassed if their documents were published!

If the technical system is primary, it immediately publishes your "don't publish this while I'm alive" documents.

If the technical system is filtered through some human system such as the remote lawyer, they try to phone you, contact your family, contact the hospitals, search for news stories about you, before publishing the "don't publish this while I'm alive" documents.

[–] [email protected] 5 points 8 months ago (1 children)

Also not a fan of that "pay a lawyer" part.

[–] [email protected] 2 points 8 months ago (2 children)

Is it the word “lawyer” or spending some small amount of money?

Lawyers are bound by law and an ethical code to conduct business in a particular way. They also tend to have support infrastructure and continuity plans that private individuals do not.

If making sure something actually happens is important to you, this is the best option.

load more comments (2 replies)
[–] [email protected] 2 points 8 months ago

Every method has vulnerabilities. If you are concerned enough, you can take the legal route and the technical route to make attacking the system require different areas of expertise.

load more comments (1 replies)
[–] [email protected] 22 points 8 months ago (1 children)

I always thought it was just like an email set to future send in say a week or 2, then every few days or every week you go in and bump forward the date.

I always heard a Dead Man's Switch defined as a switch which goes off once you stop pressing it. So you just set up something to go off in the future, then for as long as you're alive you keep preventing it from going off.

[–] [email protected] 27 points 8 months ago (3 children)

As long as you're okay with the edge cases on that: jailed, hospitalized, or other event lasting two weeks and your switch goes off.

[–] [email protected] 12 points 8 months ago

Yep, false positives are a problem for a dead man's switch.

Two weeks without being able to get internet access or word to a friend is definitely possible but seems pretty unlikely.

You could make it more than 2 weeks out but I think that's a good middle ground between avoiding false positives and striking while the iron is hot, you know? Imagine sending an email beginning "if you're reading this I'm dead..." and having recipients think "Yeah, that was ages ago."

[–] ransomwarelettuce 6 points 8 months ago (1 children)

Yeah that's my problem, a false positive in this situation is not something that atrocious, but I would catch slack by my friends for the rest of my life hehehe.

[–] [email protected] 2 points 8 months ago (1 children)

Just make it ridiculous. Like instructions to get an artifact that will resurrect you from a museum in France... Then if it goes off by accident, it is comedy.

load more comments (1 replies)
[–] [email protected] 5 points 8 months ago

This is the core issue with the traditional dead man's "switch" -- it doesn't require death to go off, just letting go of it, and there are other reasons why that might happen. By extension, a switch that requires you to log into something periodically might be problematic if you're predisposed. Personally I'd just set a longer timer, a month is probably fine and, unless your "exposure" is extremely time sensitive, a month won't matter once you're dead.

[–] Pyroglyph 17 points 8 months ago

Thor from Pirate Software (a game studio) does this. He has his set up so that if he doesn't log into a specific server for a year, the source code to his game will be automatically published.

You could do the same thing. Just grab a super cheap server that checks the last login date and sends out emails.

[–] [email protected] 13 points 8 months ago

I think the classic choice is a ping with a wide enough margin of error to allow for temporary incapacitation. There are a plethora of ways to do this and the main concern would probably be obfuscation of the trigger and a proof of identity. In the modern world the cheap solution I'd suggest is connecting a server with a 2FA app on your phone and having a request string/web page where you can input a token. If the server goes a few days without a correct token it triggers the death script.

I'd avoid anything that actively pings you since that traffic would be predictable and easier to snoop - potentially alerting a bad actor to the fact you have such a system setup... you also, obviously, don't want to tell anyone you have such a system. And you definitely want some kind of rotating identity proof so that replay attacks can't indefinitely delay the script trigger - random ass 2FA apps might be too easy to identify in this regard but it's so trivial and accessible to implement that I think it's a reasonable choice.

[–] [email protected] 12 points 8 months ago (1 children)

Some form of compute with a recurring job that checks for a DNS address or domain.

Choose a domain that needs to be regularly paid for as a target.

Reason I would choose something you pay for as the trigger is because not paying a bill after your death is one thing that will be actioned on no matter what.

[–] cactusupyourbutt 4 points 8 months ago (1 children)

except your family can continue to pay for your hosting and domains

[–] [email protected] 3 points 8 months ago

That's if they know about it and have access to any of the accounts.

For example you can setup a domain.com account that's almost completely anonymous.

[–] eager_eagle 11 points 8 months ago
#!/bin/bash

SERVICE="irl_heartbeat"
LOGFILE="/var/log/heartbeat_monitor.log"
EMAIL="[email protected]"
SUBJECT="Alert: irl_heartbeat service stopped"
BODY="See y'all in hell"

if systemctl is-active --quiet $SERVICE; then
    echo "$(date "+%Y-%m-%d %H:%M:%S") - $SERVICE is running" >> $LOGFILE
else
    LAST_ACTIVE=$(systemctl show $SERVICE --property=InactiveExitTimestamp | cut -d'=' -f2)
    CURRENT_TIME=$(date +%s)
    LAST_ACTIVE_TIME=$(date -d "$LAST_ACTIVE" +%s)
    DIFF=$(( (CURRENT_TIME - LAST_ACTIVE_TIME) / 60 ))

    if [ "$DIFF" -gt 20 ]; then
       echo "$BODY" | mail -s "$SUBJECT" $EMAIL
       echo "$(date "+%Y-%m-%d %H:%M:%S") - Email alert sent: $SERVICE has been inactive for more than $DIFF minutes" >> $LOGFILE
    else
       echo "$(date "+%Y-%m-%d %H:%M:%S") - No alert sent. $SERVICE has been inactive for $DIFF minutes, which is less than the threshold of 20 minutes." >> $LOGFILE
    fi
fi

pls test it accordingly before use

[–] [email protected] 10 points 8 months ago (1 children)

Man, if I ever become suicidal I'm gonna become a whistleblower first so I can leave chaos and confusion in my wake

[–] ransomwarelettuce 5 points 8 months ago

Yeah but before anything say to everyone that if you are found dead you didn't kill yourself and let the chaos begin.

Honestly a good way to put a mistery into any suicide would be do that.

[–] CosmicTurtle 9 points 8 months ago (1 children)

I've actually given this a lot of thought over the years. The biggest issue for me is all my AWS services that no one in my family knows about.

So the idea would be to, at minimum, let my family know what services are being used.

Unfortunately there isn't a turn-key solution. I've seen a number of well-meaning solutions and some that are quite novel but they all suffer from the same problems: how do you deal with false positives and how do you verify your deadness.

I imagine that the problem is similar to the Yellowstone trash can problem, in that any solution to mitigate one will make it harder on the other.

The best solution I've found is to have a two-person solution, similar to launching a nuke. You have automation that tests if you are active that emails a close friend or relative to verify you are indeed dead.

Ideally there would be more than one person on this list a confirmation from two people would kick off all of the automations you code.

[–] ransomwarelettuce 2 points 8 months ago (1 children)

mmm I didn't want to bring anyone into this, but I if I manage someone techy I know to be Dead Man Switch buddies, honestly it would be a good measure.

load more comments (1 replies)
[–] [email protected] 9 points 8 months ago (1 children)

Well, if you can tolerate Google, they actually offer this. If I don't interact with my accounts for 3 months, it will send the email I've composed to designated recipients.

[–] [email protected] 12 points 8 months ago (1 children)

They'll probably cancel that feature well ahead of your death.

[–] [email protected] 3 points 8 months ago

Oh, probably. I just hope it 30 years before my death. I'm 67. :)

[–] [email protected] 8 points 8 months ago (1 children)

One concept I would add is that the machine hosting the dead man's switch should have a booby trap.

Suppose your enemies know about the dead man's switch. (And they probably should know as it would encourage them not to murder you.) They want to disable it, so they abduct and torture you for the details. You must be able to give them details that will plausibly allow them to disable the DMS - so that they stop torturing you, while secretly triggering your backup.

I imagine this as the VM running the DMS has a process that runs on login. The process silently runs, sleeps for an hour, and then sends a message to a second VM, configured from a totally different account. That second VM will wait a month (long enough for your enemies to stop torturing you and assume they've won - or for you to disable in the case of an accidental trigger) and then post your information on various socials. When you login to the DMS machine you have an hour to kill the process or a month to kill the second machine if you forgot to do so.

I would also say that you can pay for your VMs in advance using bitcoin or monero (njalla accepts both!). Pay in advance for 10 years from separate wallets, configure your DMS and backup, and let them go!

[–] ransomwarelettuce 2 points 8 months ago

Ooh nice got me a cold wallet a while ago for monero, might it put to use.

Thx for the tip.

[–] [email protected] 6 points 8 months ago (2 children)

Just have a requirement that you sign into the system every N hours and respond to a simple challenge. Once you stop doing that, it auto-fires when the time has run out.

[–] [email protected] 4 points 8 months ago (3 children)

There could be reasons other than death preventing you from accessing the system to update this though. Stranded somewhere, power outage, unexpectedly arrested and incarcerated, medical emergency, etc.

load more comments (3 replies)
[–] [email protected] 2 points 8 months ago

Yes, this is what I think of when I think of a "dead man's switch". It relates to the concept of a physical device that deactivates or activates if you let go of a switch, like a light saber for example.

I think an interval of weeks would be more convenient than hours to avoid false positives. But I think Patrick Stewart's character did daily check-ins in the movie Safe House. The dead man's switch was actually the central plot point in that movie.

[–] [email protected] 6 points 8 months ago (1 children)

Make it check a lemmy or x account. If you don't post for 24 hours it should run.

[–] [email protected] 5 points 8 months ago (1 children)

Network interruption would cause it to run then. Or an API change. Dangerously causing it to actually run.

load more comments (1 replies)
[–] [email protected] 5 points 8 months ago (1 children)

Write a web server with a countdown that sends you regularly a link via email to reset the countdown.

[–] cynar 5 points 8 months ago (1 children)

One of the less mentioned aspects is that a dead man switch should be difficult, if not impossible to detect and neutralise. If you are to the level of being unalived, you're likely also a target for significant directed hacking. Such a dead man switch should be as resistant as possible to this. A simple email could let them detect and disable your dead man switch.

[–] [email protected] 2 points 8 months ago (1 children)

Maybe make it look like a spam email? :-)

[–] [email protected] 3 points 8 months ago (1 children)

This is a good point -- it didn't have to look like spam tho, it could look like anything. Or it could look like many things. Write up a 10-20 line text file of bullshit emails from one person, or even a few people -- or even have Chat Gippity write them, tho that might have a paper trail, depending on your attacker.

All you have to do is put some "flag" word in the first few words so you recognize it. Then, any reply to that inbox (which could have many aliases) resets the timer.

The big problem is, imo, if you're "dangerous" enough to de-alive, then you've already exposed something big. Would you have something left to expose after that?

[–] cynar 2 points 8 months ago

Hiding it would work. You just have to make sure you don't miss any.

As for the danger. There are levels of exposure. You could leak something damning, but that could be played off as a 1 off. You might also be sitting on a huge amount of paperwork that proves it's endemic. That paperwork might also expose others who wanted things changed, but don't want to be outed. In this case, an initial leak can test the waters. The additional info can be rolled out, if it's needed, or the results justified.

E.g. Initial leak proves they did something nasty. The additional info massively backs it up, but also implicates a VP in its gathering. You might not want to show that hand until later, either to protect them, or to gather more info on their reaction.

[–] Aedis 5 points 8 months ago (1 children)

I don't have a great solution for this particular problem.

However any solution that you come up with has to be resilient enough that the nodes that execute such scenario are always available.

You don't just want a system with high availability, you want a system that will stand the test of time. For example, it might trigger 30 or 50 years from now. You might not want to use AWS or Google or Azure or any sort of system like that. They don't seem to keep their solutions available for that long. So you'll need to host something yourself and make sure it's resilient to a multitude of scenarios that might bring the "back end" down.

You'd also need to set-up some sort of test for the system to make sure it's still running and it'll do what you want it to. Maybe it runs every 3 months or so like a fire system drill.

Honestly the trigger can be something as simple as you hitting a button connected to your system every week with a way for it to ping and prompt you to do it you if you haven't "reset" the counter in a timely fashion.

I would probably do something like that with a weekly cadence and a whole other week to make sure I don't miss the reset.

You probably also want to be able to set it to different modes if you think you will be away for a while. Like a vacation mode or oh shit I'm in the hospital mode.

Additionally, I also wouldn't be as fatalistic as sending goodbyes to everyone. I would use it more as a system to sound an alarm that I'm not okay and something has happened to me and communicate that with people who could do something about it. Like verify if I'm alive or not, or contact local authorities to post a missing persons report.

This same system of notifying could also allow closer people to me to trigger an "oh shit I'm dead mode" which would then execute whatever is in that idea of yours.

[–] [email protected] 6 points 8 months ago

I wouldn't rely on a technology solution entirely. I would pay multiple lawyers to send a specific file to different recipients in the case of my death. The file would contain the list of release mules and recipients.

If I had something worth my life.

[–] BuryMyHorse 3 points 8 months ago* (last edited 8 months ago) (1 children)
[–] ransomwarelettuce 1 points 8 months ago

Oh that's a cool gadget for an opsec really strict.

[–] [email protected] 3 points 8 months ago (1 children)

I saw a meme about someone setting their Apple Watch to delete their browser history if their heartbeat dropped below 5, maybe something like that?

[–] ransomwarelettuce 2 points 8 months ago

Yeah I can't type or sleep with my watch hehehe, so it would have to be something else.

[–] [email protected] 2 points 8 months ago* (last edited 8 months ago)

You could build a mobile/watch app that communicates to a self hosted server when the device gets unlocked. if you don't get that signal at least once over a week, trigger the switch.

[–] abhibeckert 2 points 8 months ago* (last edited 8 months ago) (1 children)

I thinking of using a VPS to do the actions because it would be running for a while before my debit card gets cancelled.

Your debit card could be cancelled very quickly. But most VPS providers allow you to pay in advance, so you could maintain something like $100 credit with the provider... which goes a long way if they charge $5 per month for example.

load more comments (1 replies)
load more comments
view more: next ›