100
Dead Man Switch (lemmy.world)
submitted 3 months ago by ransomwarelettuce@lemmy.world to c/programming@programming.dev
57 comments fedilink hide all child comments

This week I read a post about the death of the Boeing whistleblower, and how Boeing might have suicided him.

I don't care about if the rumors are true or not, however someone mentioned in the comments that in such situations one should always have a Dead Man Switch.

For those who don't know a Dead Man Switch is basically an action TBD in case you die, like leaking documents, send messages/emails, kill a server etc . . .

The concept tickled me a bit, and I decided I want to build a similar system for myself. No, I am not in danger but I would like to send last goodbyes to friends and family. I think it would be cool concept.

How would you go and build such service?

I thinking of using a VPS to do the actions because it would be running for a while before my debit card gets cancelled.

The thing that is bugging me out is the trigger, I will not put that responsibility onto someone that's cheating, so it would have to be something which can reliably tell I am dead and has to run regularly.

Where is what I come up with :

  • Ask a country association through email if am I am dead.

  • Check if I haven't logged out on my password manager in a week. If it's even possible.

TLDR; Give me ideas on how to build a DEAD MAN SWITCH and what triggers should I use.

you are viewing a single comment's thread
view the rest of the comments
[-] xmunk@sh.itjust.works 13 points 3 months ago

I think the classic choice is a ping with a wide enough margin of error to allow for temporary incapacitation. There are a plethora of ways to do this and the main concern would probably be obfuscation of the trigger and a proof of identity. In the modern world the cheap solution I'd suggest is connecting a server with a 2FA app on your phone and having a request string/web page where you can input a token. If the server goes a few days without a correct token it triggers the death script.

I'd avoid anything that actively pings you since that traffic would be predictable and easier to snoop - potentially alerting a bad actor to the fact you have such a system setup... you also, obviously, don't want to tell anyone you have such a system. And you definitely want some kind of rotating identity proof so that replay attacks can't indefinitely delay the script trigger - random ass 2FA apps might be too easy to identify in this regard but it's so trivial and accessible to implement that I think it's a reasonable choice.

this post was submitted on 22 Mar 2024
100 points (97.2% liked)

Programming

16210 readers
131 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 1 year ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
MaungaHikoi@lemmy.nz