Lately I started including what happens to my data in case I die unexpectedly in my threat model. As of now I’d like for everything to stay private. All my accounts have a strong password that I store on a keepass datbase that I store only on encrypted devices which themselves are protected only by PIN or Password with no biometrics (I use the pin only on my phone which is set up to get wiped after 20 failed unlock attempts to mitigate bruteforce attacks). As for what I post online, I keep it to a minimum and nothing really personal, preferring only viewing content through clients with no account when possible. I know some services allow to set up what happens after a certain period of inactivity but I was wondering if you guys can suggest anything else. Maybe some program that wipes the computer’s drive after a period of inactivity? Some other tools or some tips I didn’t consider?
If you want to make sure the data’s never recoverable, just use a password in addition to your hardware keys to unlock your computers. So when you die it’s completely gone forever. No one will ever decrypt it
If you want to make sure people can open your archives after your death, but only after your death, you could look at bit warden’s emergency release functionality.
You could also implement Shamir’s secret sharing, on some print out paper, so that two or more people would be required to collude to unlock your secrets. And if they’re trusted people in different jurisdictions, you know they’ll only do that after you’re dead. Then they could use that to get to your digital legacy, your crypto wallets, your decryption keys etc. https://github.com/cyphar/paperback
Wow this paperback thing is a cool idea. I was looking to not share anything but I’m sure I can apply it to other cases.
Yeah it’s really neat. There’s a couple other projects. But I think this is the most polished.
If you do use it, for long-term archival, make sure you get acid-free paper heavy stock. And use a nice quality printer. You might want a laminate it as well. Just to be safe I would print out two copies of everything, and only laminate one copy. And store them in separate folders wherever you’re going to store them. That way if there’s any issue if the lamination process the original data would just survive in the paper.
It’s a great way to do your backups. You can store your encrypted data backed up in the cloud to multiple places. But you can store your keys offline with Shamir’s secret sharing.