On Sun, Jul 20, 2014 at 02:13:03PM +0100, Andy Bennett wrote:
Hi,
Forgive me if this is a little off-topic, but
this list seems like the
(rare) kind of forum read by people who might have already thought
about this problem and maybe even come up with solutions:
How do you ensure that your online data is handled correctly if you die?
The same way you do when you're alive: you can't.
:-(
;-)
That's the quick, pessimistic answer.
It has been known for people to prepay for a service or to entrust
things to a friend or family member.
https://ifidie.org/ is free and looks fairly promising, but the notes
are encrypted using an AES public/private keypair which is generated
server-side and thus untrustable by nature:
https://ifidie.org/faq#security_details
Even though they provide an option whereby the keypair is never
stored, there is no way to be sure that this is really the case. Even
in the likely case that the code is bona fide / trustworthy and
intentionally deletes the generated keypair, it could accidentally
leave traces in RAM (say) which could theoretically be retrieved if
the server was compromised by an undiscovered attacker. And with the
likes of heartbleed recently discovered, this does not seem too
far-fetched.
I guess this could be worked around by PGP-encrypting notes to the
intended recipient on my local machine *prior* to uploading them to
ifidie. In fact, coupled with ifidie's SafeGuards mechanism, that
sounds pretty bullet-proof to me:
https://ifidie.org/faq#dontdie
Thoughts?