This week I read a post about the death of the Boeing whistleblower, and how Boeing might have suicided him.
I don’t care about if the rumors are true or not, however someone mentioned in the comments that in such situations one should always have a Dead Man Switch.
For those who don’t know a Dead Man Switch is basically an action TBD in case you die, like leaking documents, send messages/emails, kill a server etc . . .
The concept tickled me a bit, and I decided I want to build a similar system for myself. No, I am not in danger but I would like to send last goodbyes to friends and family. I think it would be cool concept.
How would you go and build such service?
I thinking of using a VPS to do the actions because it would be running for a while before my debit card gets cancelled.
The thing that is bugging me out is the trigger, I will not put that responsibility onto someone that’s cheating, so it would have to be something which can reliably tell I am dead and has to run regularly.
Where is what I come up with :
-
Ask a country association through email if am I am dead.
-
Check if I haven’t logged out on my password manager in a week. If it’s even possible.
TLDR; Give me ideas on how to build a DEAD MAN SWITCH and what triggers should I use.
I saw a meme about someone setting their Apple Watch to delete their browser history if their heartbeat dropped below 5, maybe something like that?
Just have a requirement that you sign into the system every N hours and respond to a simple challenge. Once you stop doing that, it auto-fires when the time has run out.
There could be reasons other than death preventing you from accessing the system to update this though. Stranded somewhere, power outage, unexpectedly arrested and incarcerated, medical emergency, etc.
These are all situations that you would want to alert your loved ones though. And the power outage one will probably be solved faster than your switch hopefully.
Yes, this is what I think of when I think of a “dead man’s switch”. It relates to the concept of a physical device that deactivates or activates if you let go of a switch, like a light saber for example.
I think an interval of weeks would be more convenient than hours to avoid false positives. But I think Patrick Stewart’s character did daily check-ins in the movie Safe House. The dead man’s switch was actually the central plot point in that movie.
I think the classic choice is a ping with a wide enough margin of error to allow for temporary incapacitation. There are a plethora of ways to do this and the main concern would probably be obfuscation of the trigger and a proof of identity. In the modern world the cheap solution I’d suggest is connecting a server with a 2FA app on your phone and having a request string/web page where you can input a token. If the server goes a few days without a correct token it triggers the death script.
I’d avoid anything that actively pings you since that traffic would be predictable and easier to snoop - potentially alerting a bad actor to the fact you have such a system setup… you also, obviously, don’t want to tell anyone you have such a system. And you definitely want some kind of rotating identity proof so that replay attacks can’t indefinitely delay the script trigger - random ass 2FA apps might be too easy to identify in this regard but it’s so trivial and accessible to implement that I think it’s a reasonable choice.
I thinking of using a VPS to do the actions because it would be running for a while before my debit card gets cancelled.
Your debit card could be cancelled very quickly. But most VPS providers allow you to pay in advance, so you could maintain something like $100 credit with the provider… which goes a long way if they charge $5 per month for example.