This week I read a post about the death of the Boeing whistleblower, and how Boeing might have suicided him.
I don't care about if the rumors are true or not, however someone mentioned in the comments that in such situations one should always have a Dead Man Switch.
For those who don't know a Dead Man Switch is basically an action TBD in case you die, like leaking documents, send messages/emails, kill a server etc . . .
The concept tickled me a bit, and I decided I want to build a similar system for myself.
No, I am not in danger but I would like to send last goodbyes to friends and family. I think it would be cool concept.
How would you go and build such service?
I thinking of using a VPS to do the actions because it would be running for a while before my debit card gets cancelled.
The thing that is bugging me out is the trigger, I will not put that responsibility onto someone that's cheating, so it would have to be something which can reliably tell I am dead and has to run regularly.
Where is what I come up with :
TLDR; Give me ideas on how to build a DEAD MAN SWITCH and what triggers should I use.
I think the classic choice is a ping with a wide enough margin of error to allow for temporary incapacitation. There are a plethora of ways to do this and the main concern would probably be obfuscation of the trigger and a proof of identity. In the modern world the cheap solution I'd suggest is connecting a server with a 2FA app on your phone and having a request string/web page where you can input a token. If the server goes a few days without a correct token it triggers the death script.
I'd avoid anything that actively pings you since that traffic would be predictable and easier to snoop - potentially alerting a bad actor to the fact you have such a system setup... you also, obviously, don't want to tell anyone you have such a system. And you definitely want some kind of rotating identity proof so that replay attacks can't indefinitely delay the script trigger - random ass 2FA apps might be too easy to identify in this regard but it's so trivial and accessible to implement that I think it's a reasonable choice.