this post was submitted on 11 Jan 2025
182 points (97.9% liked)

Asklemmy

44331 readers
1032 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
182
How would you implement a dead man's switch? (reddthat.com)
submitted 4 days ago by [email protected] to c/[email protected]
97 comments fedilink hide all child comments
 

After reading about the "suicide" of yet another whistleblower, it got me thinking.

When working at large enough company, it's entirely possible that at some point you will get across some information the company does not want to be made public, but your ethics mandate you blow the whistle. So, I was wondering if I were in that position how I would approach creating a dead man's switch in order to protect myself.

From wikipedia:

A dead man's switch is a switch that is designed to be activated or deactivated if the human operator becomes incapacitated, such as through death, loss of consciousness, or being bodily removed from control. Originally applied to switches on a vehicle or machine, it has since come to be used to describe other intangible uses, as in computer software.

In this context, a dead man's switch would trigger the release of information. Some additional requirements could include:

  1. No single point of failure. (aka a usb can be stolen, your family can be killed, etc)
  2. Make the existence of the switch public. (aka make sure people know of your mutually assured destruction)
  3. Secrets should be safe until you die, disappear, or otherwise choose to make them public.

Anyway, how would you go about it?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 68 points 4 days ago (4 children)

Encrypt secret. Post it publicly. Configure a web server to email the private key to any number of addresses if you don’t log in every week.

[–] [email protected] 42 points 4 days ago (1 children)

going to have to be careful with the timing, though. A week can easily be reached if you are ever in an (actual) accident.

Also, note that having a publicly known dead mans switch can be exploited and cause the opposite of what you want: Imagine a competitor (be it idustrial or nation state) wants the secret to leak. Why not speed it up?

[–] [email protected] 11 points 4 days ago

The thought of e.g. some foreign adversary having you KILLED just so your secret leaks… that’s wild.

[–] [email protected] 10 points 4 days ago

Host the server on Tor. Have a second secret server on Tor that passively monitors the health of the first and distributes the key if it is taken down. Have a one-time pad of passwords memorised, not written down or taken from a book.

[–] [email protected] 4 points 4 days ago (2 children)

Ciphers get broken. What you save out there now can be pulled down and then saved until it can be cracked 10 years from now.

[–] [email protected] 1 points 3 days ago

On that subject makes me wonder if insurance.aes has been cracked yet

[–] [email protected] 1 points 3 days ago (1 children)

That's an optimization for just having the automated email send the secret directly.

[–] [email protected] 3 points 3 days ago* (last edited 3 days ago) (1 children)

depending on the size of the secret, it helps to have people download it ahead of time.

Also, it acts as a time stamp proving that you knew the secret at a certain time if that’s useful.

[–] [email protected] 1 points 3 days ago

Right, that's what i mean by optimization. It's accomplishing the same goal, but amortizes the transfer over more time, saving bandwidth.

The timestamp feature could also be accomplished by publicly posting a small hash of the data ahead of time, but similarly bandwidth can be optimized by distributing the encrypted blob ahead of time.