For a long while since my brush with death, I have been thinking about my digital legacy as most of my stuff is digital. I know its not something most people think about but in the same way most people don’t think about their will till something major happens or its too late.
Digital legacy is in that place right now where there are companies which will do it for you but the trust model seems broken to me. Also they tend to need everything to be in one place/platform rather than the real way people use digital technology today and into the trustless/diy/open future.
With this in mind, I checked out a few different options and the one which came up consistently was Hereditas.
Hereditas, which means inheritance in Latin, is a static website generator that builds fully-trustless digital legacy boxes, where you can store information for your relatives to access in case of your sudden death or disappearance.
For example, you could use this to pass information such as passwords, cryptographic keys, cryptocurrency wallets, sensitive documents, etc.
Herditas is neat and the code is open source allowing anyone to investigate it. But as its alpha software I always felt a bit uneasy about using it for my digital legacy because it felt a bit too barebones (although I did sign up for Auth0).
I looked for alternatives such which also used the method of trustless, zero-knowledge and verification, but found little. So decided to try setting something up myself based on what I already have and use.
It was about the same time the lastpass security breach happened and although I’m not using a online password manager started thinking if there was a way to combine the both in a safe way.
So what did I do?
First I bought these secure USB drives and of course changed the passcode to something long and unique.
Then made a copy of my keepass database (my password manager) on to the USB drive along with my Letter of wishes, a readme file and other bits and bobs. The database is locked up with a very long and difficult master password. That password is stored inside another online password manager, bitwarden which includes the feature of emergency access. I have already set up family members and close friends using this feature. Meaning only a few selected people can access it once I don’t reject their access request.
Once someone gets access to the bitwarden account, they would still need access to the database file, which is on the secure keys. Then to top that, keepass has the option of a key file which can look like almost any file including ones on the secure USB stick. Its not elegant but I can’t see many flaws and it works in a simple way which was explained to my family.
I’m still experimenting with this all but been thinking a better option is to use another encrypted filesystem or Certs for the keepass 2nd authentication. Of course that file doesn’t have to even sit on the secure USB drive at all, as I’m considering buying and using more FIDO2 keys and using that instead.
Looking Herditas again, I quite like the idea of a static website on the secure website which could make a better solution that a readme file. It would be great if Herditas could actually run on/offline
Thoughts and comments are welcomed…
Is there a major flaw which I’m missing or is something which could work?
There has been some discussion on the fediverse about my post and I wanted to add some more details. Some people have asked why bother and I wanted to address some of them.
The scenario of death is a lot clearer and the death certificate will unlock a lot of things, however its worth noting some EULAs from the likes of dropbox need explicit consent before they will provide access. I’m also using the likes of Google, Facebook, etc’s legacy contact support.
The scenario I alluded to, was when I was in in ICU for 3-4 weeks and my family and friends needed to sort out my life when I was buying a new flat. I was lucky but I could have lost the flat. Yes its unique but a lot can happen when you are temporarily or even permanently out of action. Permanent disability is possible and providing access in a safe way, can make a lot of difference. I also think my thoughts still works in this case too.