{"id":1015,"date":"2009-04-18T10:56:51","date_gmt":"2009-04-18T00:56:51","guid":{"rendered":"http:\/\/www.somethinkodd.com\/oddthinking\/?p=1015"},"modified":"2009-04-18T10:56:51","modified_gmt":"2009-04-18T00:56:51","slug":"time-delay-password-safe","status":"publish","type":"post","link":"https:\/\/www.somethinkodd.com\/oddthinking\/2009\/04\/18\/time-delay-password-safe\/","title":{"rendered":"Time-Delay Password Safe"},"content":{"rendered":"<p>Here is the main-use case for a morbid new security tool for handling deceased estates, straight from my morning shower of ideas that I will never implement.<\/p>\n<h3>Use Case Name<\/h3>\n<p>Death of Computer User<\/p>\n<h3>Trigger<\/h3>\n<p>Computer User dies, presumed Executor reads will.<\/p>\n<h3>Basic Flow<\/h3>\n<ul>\n<li>Will states: I would like my Facebook status updated to &#8220;has shuffled off this mortal coil.&#8221; I would like my web-host to be paid up-front for a period of 5 years to continue hosting my photos. I would like a post announcing my death to be posted to my blog. I would like the executor to appoint someone to monitor the spam for 3 months and then close all comments. In order to achieve this, you will need my passwords. Here are the steps and details you need&#8230;&#8221;<\/li>\n<li>Executor visits the first URL provided and downloads an recent backup of the password file (e.g. the output of <a href=\"http:\/\/passwordsafe.sourceforge.net\/\">Password Safe<\/a>). This file is encrypted with a password, and cannot be read.<\/li>\n<li>Executor notes the first half of the password, which is written in the will. This is useless by itself.<\/li>\n<li>Executor visits the second URL provided, which points to the Time-Delay Password Safe (TDPS).<\/li>\n<li>TDPS prompts for a password.<\/li>\n<li>Executor types second password.<\/li>\n<li>TDPS prompts for an email address.<\/li>\n<li>Executor types their own email address.<\/li>\n<li>TDPS sends out emails, SMS messages and faxes to a large list of trusted people, including to the (presumed deceased) computer user&#8217;s email and mobile phone. The message states: I regret to inform you that [Computer User&#8217;s Name] may have died recently. Alternatively, someone has misappropriated his will and is trying to conduct identity theft. Please check with his family and other primary sources on the truth of this claim. Please check with his executor, [Real Executor &#8216;s Name &#8211; pre-entered by Computer User], that they have triggered this message by visiting the Time-Delayed Password Safe. If you know that this person has not died, that the Executor has not triggered this, the probate of the will is in doubt, or that the Executor doesn&#8217;t have access to the email address [Presumed Executor&#8217;s email], please click on this link and type in this (unique) password. On the other hand, if this is legitimate, sorry for your loss.<\/li>\n<li>The TDPS waits for a pre-determined period &#8211; probably approaching a week, listening for responses.<\/li>\n<li>If no responses are received, the TDPS sends a message to the Executor with the second half of the encrypted password file&#8217;s password.<\/li>\n<\/ul>\n<h3>Alternative Flow<\/h3>\n<ul>\n<li>If someone responds to the broadcast message, the second half of the password is not sent. Instead, it informs the executor (or rather, presumed fake) of the contact details of the person who refuted the claim, so they can discuss the issue and perhaps trigger the TDPS a second time.<\/li>\n<li>If the Computer User opted for the free version of the service, rather than paying for the Pro subscription, then the broadcast email will include adverts for bereavement counselling services and local florists; there&#8217;s no reason not to make a profit from the suffering of others.<\/li>\n<\/ul>\n<hr \/>\n<p>So, can anyone see any security holes? Is it a tool that people need?<\/p>\n","protected":false},"excerpt":{"rendered":"<h3>Use Case Name<\/h3>\n<p>Death of Computer User<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_s2mail":"","footnotes":""},"categories":[21,34,27],"tags":[334,96,69,333],"class_list":["post-1015","post","type-post","status-publish","format-standard","hentry","category-observation","category-software-development","category-thoughts-from-the-shower","tag-estate","tag-legal","tag-software","tag-will"],"_links":{"self":[{"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/posts\/1015","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/comments?post=1015"}],"version-history":[{"count":7,"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/posts\/1015\/revisions"}],"predecessor-version":[{"id":1022,"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/posts\/1015\/revisions\/1022"}],"wp:attachment":[{"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/media?parent=1015"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/categories?post=1015"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/tags?post=1015"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}