Show HN: DeathSwitch
deathswitch.comYou've got to be kidding me.
Despite the policy difficulties of running a site like this (when is someone dead?, how long until release of secrets?, how to deal with lack of access to emails? etc), This site is completely insecure.
https://www.deathswitch.com/members/myaccount.php is vulnerable to a CSRF hijack through the update email page. This literally took 20 seconds to find...who knows what would happen if I dedicated an entire minute.
In fact, there are no CSRF tokens on the entire site at all. There are big problems in these services and the policies that run them. Technical solutions might not be the best to use here. Perhaps a legal solution is the best route...
edit: I gave it 20 more seconds. Stored XSS. If I paid the money for premium service which allows file upload I'll bet I can RCE too. This is just not the type of person I want protecting my secrets.
Also sitting atop of BlueHost.
Not that there's anything wrong with (what's likely) shared hosting, but it doesn't paint the best picture.
To the author: Your idea is good, but it was executed poor, and it's not a <need> by any means. If it is, the logistics of it are too damn difficult to warrant your service (or any service that does this, for that matter).
Can I ask how you identify issues like this so quickly? I'm an infosec student, and I'd love to hear what your thought process is when briefly looking over the security of a certain website.
I've got a lot of practice breaking things. CSRF can be identified really fast by checking for unique tokens. Some unguessable token should be submitted with each state changing request. If not, attackers can steal authenticated accounts by making a request to the "change PW" or "change email" URLs. It's a little confusing at first.
XSS I just set JavaScript as something that shows up in a field on a different page. The RCE I mentioned is just uploading a PHP file for the "file upload" feature associated with messages. If he puts the uploaded file within the webroot (and the file is php since his whole site is php) then the file will be executed when you go to its URL
Web app security is something that infosec professors don't talk about at all (in my experience). I had to teach myself but OWASP is very good to get started. It also helps to write a lot of software as well since you'll tend to find pitfalls of doing things wrong
edit: If you would like to see more of the technical how-tos behind CSRF check this link out. It is a blog I wrote about CSRF and how one would actually attack someone with it. http://ejj.io/csrf-password-bruteforce/
Hey, I appreciate the response. BTW, I tried to follow you on Twitter via your website link but it said user doesn't exist anymore. :-/
It's actually twitter.com/steakejjs. I just changed it last night actually independent of reading this.
Cheers
> when is someone dead?, how long until release of secrets?
After the recurring payments stop coming through?
Unfortunately that is too simple. These are secrets. People forget to update credit cards in sites all the time and you're going to immediately shoot an email off on a failed CC transaction or when you cancel a credit card hastily? An email containing secrets?
There's a lot that can go wrong that has to be thought up before-hand and debugging in production for this type of service is completely unacceptable.
Hey, just as a funny side note, I implemented this on this very domain back in the early 2000s. Gald to see someone else is using the domain this way :-)
This is of course the main problem with this type of idea. It is very likely that I will live longer than this site will, therefore it doesn't make sense to use it.
What did you do with the people who had signed up for you site?
I share your fears about its longevity.
What company would you trust to launch and maintain this kind of service?
I feel like WordPress.org or Wikipedia Foundation would be two companies with the right moral compass, funding and longevity who would be great backers of something like this.
The Internet Archive.
Boom. Perfect example.
The big issue - as has been mentioned - is how do we know this service will be there when we need it.
The answer is it needs to be tied to some infrastructure that's reliable and already has access to this data.
And yes, paying $2/mo for this is nonsensical for someone relatively young. This is a problem without a solution, but this is also not a solution. To be frank, the odds that this domain even resolves this time in 2015 are pretty low.
This alone does not warrant a service. This should be a piece in a bigger puzzle - a small part of a bigger suite of life contingency services.
Check this out: http://web.archive.org/web/20070823004521/http://www.deathsw...
Surprised me too.
Meh. Do what I did; write your 1Password down on a bit of paper, hand-make a wax seal, put the paper in an envelope, seal with wax, give envelope to friend. :-)
(If a critical password changes - e.g. Dropbox, which actually contains my 1Password file - that password is encrypted, sent via email, I tell him the password via some other means (usually involving some sort of puzzle just to keep life interesting), he decrypts it and writes it on the envelope.)
And yes, suffice to say I trust my friend absolutely.
I think it's an interesting view into how we think about our lives that the first scenario listed is about work data and coworkers, not loved ones or personal data:
"Imagine that you die with computer passwords in your head, leaving coworkers without access to critical files."
I enjoy my job, and my coworkers are great people, but when thinking about things as serious as planning for post-mortem, I'll admit that thinking about how it would affect my employer ranks much lower on the list.
I kinda agree, on my deathbed I doubt I'll be thinking about work passwords!
I can't really think of much of anything work-related that should be a secret known by only one person and released upon death. I feel like part of my job is ensuring that at least one other person knows how to access our accounts. We actually use an encrypted password manager to which at least two of us have access.
Anyone who's interested in an idea like this might want to see if Google's Inactive Account Manager is right for them. (Disclaimer: I work for YouTube, which is part of Google.)
It triggers if you don't sign in to a Google Account for X months, where you choose X from 3, 6, 9, 12, 15, or 18.
You can provide up to 10 contacts (email addresses, phone numbers, and custom messages) for people whom you want to be notified once the timer expires. You can also grant them access to the data from your Google Account; they'll need both the link in the email as well as a code from an SMS sent to the phone number you provided for them.
You can also choose whether you want your account to be deleted if the Inactive Account Manager triggers.
Posted this in another thread but what company would you trust to launch and maintain this kind of service?
You need to know that when you kick the bucket in 10, 20, 30, 40, 50 years etc that the switch is actually going to work.
You need a company with the right moral compass; funding to pay for hosting, maintenance etc; and the longevity to keep going for the next 100 years.
Companies on the "maybe" list for me include Wikipedia, WordPress and maybe Evernote...
Internet Archive might be the best option if they can sustain their funding / longevity.
> Posted this in another thread but what company would you trust to launch and maintain this kind of service?
A law firm. That is the "correct" answer to this problem and is what people actually use.
What about life insurance companies? It could be offered as an "addon" service.
That's a pretty good idea.
But in reality, they probably wouldn't make enough money from this for it to be worth the trouble to them.
I've been thinking about this as well. An interesting idea will be an opensource software that you can deploy on aws, azure or something like heroku yourself, and it emails you every month "are you alive?" if you don't answer for few weeks then it trigger some tasks, like sending passwords.
Again the problem is who will pay your aws when you are dead. But is supposed that you have been paying the latest invoices with your credit card. To be honest I haven't digg enough in the legal terms of these cloud providers.
To me it seems that there are two separate problems: 1) storying the information you want released upon your death, and 2) keeping it secure until that time.
For storing, perhaps a torrent or blockchain approach might work, where the encrypted data is stored on the computers of many users who 'buy into' this.
For release, I still feel that the safest way would be to give the 'key' to a trusted person (perhaps along with your will?). Any other approach leaves something so important too uncertain.
I'm a bit concerned how little they talk about security of this data. At one point they suggest using "codes" to obscure messages:
"For example, you can design your message to contain privately shared codes (“my password is a combination of the street where we grew up and the first name of your mother-in-law”)"
This would only really add security against a very small threat, if they were properly encrypting data at rest: attackers taking over one of the email addresses on the recipient list. And I'll not even dive into how bad it is to base passwords on this kind of personal info.
Is anyone aware of more details on what they're doing to secure this data?
Feedback:
> from your after you’re gone
from you after you're gone
Create a favicon. It's still showing the BlueHost icon.
Interesting idea. I think my father might be interested. Every time he flies on a plane (not often), he lets me know where various financial information is and the passwords to get at it.
The pricing seems really strange to me. Wouldn't only messages be sent when someone is dead or severly disabled? A model similar to life insurance makes more sense to me where the customer pays a small amount of money on a yearly basis. And there wouldn't be a free tier except for maybe a trial.
So your father and also I would be interested. But I really doubt a service like that would last given the current startups scene we have now. It must be rock solid. Fully dependable. It's life-and-death business here. I'd pay a good amount for this kind of solution.
It would need to operate much like "perpetual care" at cemeteries. Fees for the services go into an irrevocable trust that runs much like an endowment -- costs are kept below the ongoing interest income of the account.
As I understand it, these are rather tightly regulated in many states for the same reason you're asking this service to be dependable.
> I'd pay a good amount for this kind of solution.
Use a law firm.
Without debating the merits or otherwise of this service, it's worth using it as a reminder to spend a little bit of time and not much money and ensure you and your loved ones have a legal Will.
Your wishes are important after you die (and statistically, we're all likely to die). It's well worth recording them, even if you feel you don't have much in the way of assets to pass on.
Agreed. I'm unclear what this service provides that a Will doesn't, and in addition a Will both more reliable and legally binding.
Kinda weird you've implemented SSL/TLS everywhere except the home page. Surely that's not a deliberate omission?
Also, as much as I hate to be a pedant, spelling mistakes/missing words on the homepage look sloppy:
"The people in your life will feel better knowing they can expect an email from your after you’re gone."
"you canlog back"
TYPO under the heading, 'Information Insurance:'
With no reply, the computer deduces you are dead or critically diabled, and your pre-scripted messages are automatically emailed to the individuals you designated.
Change 'diabled' to 'disabled'
Wonder if their private plans for monetization involve blackmailing the bereaved relatives of the recently deceased. Roald Dahl wrote a story about this (one of his short stories for adults, not his children's stories), "the Bookseller".
How long does the system send out: "Are you alive?" messages before it sends out the logged message? What if a family needs more immediate access to the data?
Props for hosting Eagleman's shortstory http://deathswitch.com/deathswitch.pdf
There was also this site from 6 years ago: http://www.deadmansswitch.net/
How do I ensure that they'll remain when I expire?
Hello,
I think there is a need for this type of service. Two comments:
* People might be concerned that this website will shut down long before they pass away. On the homepage I suggest you GUARANTEE that emails will be sent.
* I am 34. I don't want to pay $1.67 every month for the rest of my life. Make it an easy purchase decision: one time fee of $40. For example.
I think everyone else's criticism of this idea is that it can't really be guaranteed, can it?
So this is the new cloud based service that should be trusted with all our secrets?
sidenote, i just showed this to a friend and his response was
"Be a great way to ensure you can tell heaps of ----s to go ---- themselves after you're dead"
maybe you could pivot and focus on that. ;)
Feedback: >you canlog back in to the site
you can log back into the site
It would be cool to see a similar service encrypt the data in the Bitcoin blockchain and have an automated way of decrypting the data. This way no company or people were involved.
Does the blockchain support something like this?
The devices animation forces a scroll-up on Opera 12.
while the idea has merits, i would not trust you with my most sensitive data (especially if it is reversibly encrypted or plaintext), i would feel like i was paying for an added secuirty risk, of which there are too many already. also it doesnt seem like there are assurances against you abusing my data like there would be if you were a lawyer i had entrusted to execute my will. there's no personal relationship there, so i don't feel comfortable.
They should implement some shared key encryption for you. But I'm not sure if any systems provide building blocks. For instance, does FB login have any API for encrypting data?
The secrets they store should be offline and require manual intervention to retrieve.
Also, what's to stop a false triggering? It should require confirmation from m of n sources you specify. If I had some serious life secrets, I'd want to be very sure they don't get sent out just because I'm in a coma for a month.
Ghostmemo is another alternative (I use it): http://ghostmemo.com