Public Service Internet monthly newsletter (Feb 2023)

The Bank of Dave

We live in incredible times with such possibilities that is clear. Although its easily dismissed seeing last pass scramble, the royal mail cyber attack and apple’s data use.

To quote Buckminster Fuller “You never change things by fighting the existing reality. To change something, build a new model that makes the existing model obsolete.

You are seeing aspects of this with the new range of biobatteries, Mozilla planning their own instance of Mastodon and the drop in ransomware payouts.

Channel 4’s privatisation U-turn

Ian thinks: Channel 4 survives the governments privatisation plans for now, but I do wonder for how long till the plans change again?

The on-demand economy debate isn’t finished

Ian thinks: A really good summary of the debate which has gone mainly quiet since the pandemic put the whole thing on pause. There hasn’t been much discussion since and Paris highlights the need for society

Breaking out of the Crystal Prison

Ian thinks: Its great to hear Bunnie talking, as its been a long time since the xbox hacking and the controversy at the time. Its also a good relaunch of the EFF podcast which is always full of good ideas.

Encryption still a difficult debate in Europe

Ian thinks: There is a lot of great privacy laws from the EU but as this wired post with Andy Yen points out. There is a lot of tension around encryption, which could under-mind the privacy laws created by the EU.

Fooled by randomness?

Ian thinks: So many people think Tiktok is magic but as explained in this post, its relatively high emphasis on exploration is higher than others and likely fooling people. However the point about the user interface is critical to its success and something to remember.

Has China gained a foothold in the so called publicspace?

Ian thinks: The link between Twitter and China propaganda is quite striking, as talked about in this video. What happens next is a good question, Its also worth reading through the New York Times piece if you prefer text.

Mark think about your obituaries

Ian thinks: Nobel laureate Maria Ressa recently cleared of tax evasion in Philippines, has a lot to say about social media and even more to say to Mark Zuckerberg.

A business model which works for a community

Ian thinks: Its not common I mention a film in the notes but the bank of dave is actually quite a good watch. More importantly is the true story and the banking business model which has been distorted beyond its original roots.

See the archive here

Digital legacy the home made version


iStorage datAshur PRO 4GB Secure flash USB drive

For a long while since my brush with death, I have been thinking about my digital legacy as most of my stuff is digital. I know its not something most people think about but in the same way most people don’t think about their will till something major happens or its too late.

Digital legacy is in that place right now where there are companies which will do it for you but the trust model seems broken to me. Also they tend to need everything to be in one place/platform rather than the real way people use digital technology today and into the trustless/diy/open future.

With this in mind, I checked out a few different options and the one which came up consistently was Hereditas.

Hereditas, which means inheritance in Latin, is a static website generator that builds fully-trustless digital legacy boxes, where you can store information for your relatives to access in case of your sudden death or disappearance.

For example, you could use this to pass information such as passwords, cryptographic keys, cryptocurrency wallets, sensitive documents, etc.

Herditas is neat and the code is open source allowing anyone to investigate it. But as its alpha software I always felt a bit uneasy about using it for my digital legacy because it felt a bit too barebones (although I did sign up for Auth0).

I looked for alternatives such which also used the method of trustless, zero-knowledge and verification, but found little. So decided to try setting something up myself based on what I already have and use.

It was about the same time the lastpass security breach happened and although I’m not using a online password manager started thinking if there was a way to combine the both in a safe way.

So what did I do?

First I bought these secure USB drives and of course changed the passcode to something long and unique.

Then made a copy of my keepass database (my password manager) on to the USB drive along with my  Letter of wishes, a readme file and other bits and bobs. The database is locked up with a very long and difficult master password. That password is stored inside another online password manager, bitwarden which includes the feature of emergency access. I have already set up family members and close friends using this feature. Meaning only a few selected people can access it once I don’t reject their access request.

Once someone gets access to the bitwarden account, they would still need access to the database file, which is on the secure keys. Then to top that,  keepass has the option of a key file which can look like almost any file including ones on the secure USB stick. Its not elegant but I can’t see many flaws and it works in a simple way which was explained to my family.

I’m still experimenting with this all but been thinking a better option is to use another encrypted filesystem or Certs for the keepass 2nd authentication. Of course that file doesn’t have to even sit on the secure USB drive at all, as I’m considering buying and using more FIDO2 keys and using that instead.

Looking Herditas again, I quite like the idea of a static website on the secure website which could make a better solution that a readme file. It would be great if Herditas could actually run on/offline

Thoughts and comments are welcomed…

Is there a major flaw which I’m missing or is something which could work?

Update Tuesday 24th Jan

There has been some discussion on the fediverse about my post and I wanted to add some more details. Some people have asked why bother and I wanted to address some of them.

The scenario of death is a lot clearer and the death certificate will unlock a lot of things, however its worth noting some EULAs from the likes of dropbox need explicit consent before they will provide access. I’m also using the likes of Google, Facebook, etc’s legacy contact support.

The scenario I alluded to, was when I was in in ICU for 3-4 weeks and my family and friends needed to sort out my life when I was buying a new flat. I was lucky but I could have lost the flat. Yes its unique but a lot can happen when you are temporarily or even permanently out of action. Permanent disability is possible and providing access in a safe way, can make a lot of difference. I also think my thoughts still works in this case too.