Offensive Thinking

Brain tumors suck. Hi, I'm Patrick btw. This is my cancer blog. My "normal" stuff is over here.


It's <em>symbolic</em>, ok!?
It's symbolic, ok!?

When you die, all your secrets die with you. Which, depending on what kinds of secrets you have, might be exactly what you want, otherwise they wouldn’t be secrets. But what about those secrets that should become your legacy when you die? Or that unlock your legacy?

Before electronic devices took over most of our lives, secrets were stashed away in vaults or written down in secret diaries, and you just told people you trusted where to find the key in case you died. Everything you left was either physically retrievable (like your diary, or your collection of childhood photos) or could not be recovered, because it never left your head. Those were the analog times.

These days however, there are so many digital memories we create that you need to think about the preservation of those in case you die, which is not as intuitive as just telling people to grab the key around your neck and open your vault of awesome secrets to be left to the world. Instead, you have to think about all the digital data stashed away on your computers, smartphones and who knows what other contraptions you will own in the future. Not to forget everything that is stored on someone else’s server on the Internet (thanks, Cloud™ and Internet of Things™).

If you are using reasonably well working security precautions, getting access to that data will be next to impossible for your heirs. For example (almost) all my hard drives are using full-disk encryption with a key only I know the password for. There’s a couple of passwords that are so important to me that I have them only in my head, others can only be unlocked if you know those passwords (i.e., I’m using a password manager). Then, there’s secret encryption keys (e.g., my GPG key). Even if you’re not the kind of person who consciously encrypts their stuff (shame on you though, you should), if for example you are using an iPhone, the data is encrypted by default, at least in the latest models.

Now, of course, the first question you have to ask yourself is: When I’m dead, who should have access to all that data? Do I even want people to go through my stuff when I’m dead? In my case, the answer is yes, I absolutely want the special people in my life to inherit everything. Even those embarrassing emails from ten years ago. It’s who I was and am. Besides, there’s nothing to be embarrassed about when I’m dead anyway :). I also don’t care about a glorified picture of myself for those following me in my life, let them know me how I really was.

This being said, I wouldn’t want to trust my really secret passwords and encryption keys to any single person right now, if only for the fear that it would put too much risk on that one person. I do not possess any confidential information right now that would be worth it to torture me for (or do I? That’s what I would say if I did, wouldn’t I?), but maybe in the future I will, or someone thinks I do. This leaves giving my most secret passwords to any single person out of the question. Besides the simple fact that, for example, were I to trust everything e.g. to my wife and we both died in the same car crash (no one said it would have to be my brain tumor that kills me, right?), everything would still be lost. Redundancy is key here ;).

There is however a technical solution: Secret Sharing (check out the link for the key points of what that is). If you’re using Linux like me, you can use ssss. The tl;dr of ssss is: Give it a secret and it will split the secret into a number of “shares”. You can then distribute these shares, e.g. to people you trust, put one into your bank vault etc. Only the combination of the shares will unlock the secret again. The nifty thing is: You can also define a “threshold”, that means how many shares are necessary to reveal the secret again. You could for example split a secret into 5 shares with a threshold of 3. This means that if you distribute each share to a person you trust (5 people in total), only 3 of them need to come together to unlock the secret.

At the moment, I still haven’t set up the scheme above for myself, although I’m planning to do this for quite some time now. That’s why I wrote this blog post, to remind myself that I really need to get my shit together and work on my digital legacy :).