digital estates

[cellio]

What happens to your digital life -- your email, your online games, your social-networking sites, your online banking, etc -- when you die? Some companies are selling services akin to safe-deposit boxes, so your heirs will be able to get your passwords and stuff. It's an interesting idea, but I think it has some (human-engineering) flaws.

The article raises privacy concerns, but that's the least of the practical issues to my mind. I don't know how I would blend encryption and the ability for a non-tech-savvy recipient to use it, but I think that problem could be solved. (Aside: the non-technical user is going to need a lot more than just a list of username/password pairs.) The much bigger problem I see is maintenance. How many passwords do you have? How often do you change them? Are you going to remember to update the records in your digital safe-deposit box every single time? Only for the important ones, you say? So when you created that throwaway account on eBay to buy one item you didn't bother, and then later you started selling there and didn't think to add it? Until the stored copy is as easy to use as clicking "remember password" in your web browser, it's going to be hard for people to use such a service properly. (And even "remember password" doesn't always do the right thing when you change a password.)

There's also a behavior issue on the other end: the service, of necessity, relies on someone asking for the stored contents. How does the heir know to do that? Can he do it via a phone call? I'm picturing my mother trying to deal with something like this for my father's accounts -- my mother who has never so much as used a web browser or sent email. It's a foreign world to her. Would she realize that it could be important for her to access my father's email? (Would she know if his email provider is auto-billing his credit card until he says to stop?) Or would she assume there's nothing there that matters, if she even thought about it at all?

All that said, the article does make me realize that this sort of thing is important. If something were to happen to Dani, I wouldn't know where all his digital homes are and which ones matter. Having this information available -- if we can also remember to keep it up to date, of course -- would be valuable. But we don't need a service with unproven security and high subscription fees for that. I think it's time to buy a pair of $5 thumb drives to keep in the drawers with the passports and insurance papers.

See also: duplicate entry with its own comments (oops).

Comments

[tsjafo.livejournal.com]

I've an Iron Key https://www.ironkey.com/ that I use to keep accounts together with user names and passwords. I'll leave the password somewhere it will be found on my demise but not before. I just don't trust any service, on-line or otherwise, to keep my data safe.

Wearing my Pedant hat

[brokengoose.livejournal.com]

Would you encrypt the drives?

If so, where would you keep the password?

If not, why not just use paper?

[530nm330hz.livejournal.com]

I've thought about this from time to time. The model I've considered is a dead-man's drop (like the kind we used to use in the MIT Assassins' Guild games).

That is, I'd want a (suitably encrypted and hardened) site where I store all my account numbers, passwords, and instructions --- and email addresses of my "data beneficiaries".

Once every N days (configurable, and you can set up vacation exemptions) it should send me an email reminder to click on a link that (1) displays my current information (suitably redacted) so as to remind me to update anything that's out of date, and (2) updates the "Andrew last logged in" timestamp.

If I fail to log in within M such intervals (configurable), it should send me a final reminder email "Hey, are you still alive? If not, 48 hours from now we will send your dead-man's drop email" and, if I don't respond, my "data beneficiaries" would get the email message I had written, with enough personalization that they know it's really from me, and with instructions of how to log on to the site to get the rest of the package.

Yeah, if our mail server goes wonky during the two weeks after I unexpectedly die, that wouldn't help. But I think the basic scheme would work.

[mabfan.livejournal.com]

After Mom died, we had to deal with her credit cards, her cell phone, and other accounts, most of which we knew about. But there were still things we didn't know about that came around to haunt us later on. And that got me pondering these exact same questions. Is my LJ permanent account, for example, something I can pass on to my heirs? The mind boggles.

[mabfan.livejournal.com]

I'm more than happy to be your data beneficiary. :-)

Re: Wearing my Pedant hat

[cellio]

If so, where would you keep the password?

It would be a shared secret, something strong that we can both remember.

If not, why not just use paper?

I want strong passwords for the important stuff, and those are challenging to transcribe (at least for me). Also, I note the state of my post-it-note cheatsheet at work after several password changes... I wouldn't want anyone else to have to try to interpret that. (Before you ask: the cheat sheet is essentially a key; I don't write down passwords but I do write down clues that will lead me to passwords without being evident to anyone else.)

[dglenn.livejournal.com]

I've been thinking about the same thing (slightly different usage but same idea and reasoning), off and on, for a couple of years. Haven't gotten around to implementing it yet.

[cellio]

Thanks for the pointer. Dani works for a company that does disk-encryption software, but you know, startups... :-)

[cellio]

That's an interesting idea and has the benefit of reaching people who wouldn't know to go look (or where to look).

[cellio]

I hadn't considered passing on an LJ account. Interesting question. (I think I would not want to do that; rather, I would want the bearer of the password to make one final entry and otherwise leave it alone. It is, after all, "me", and my heirs can create their own easily enough.)

[mabfan.livejournal.com]

I don't mean passing on the account for someone else to use; but I would want someone to take custody of it, to make sure it doesn't end up attracting spam comments and the like.