After reading about the “suicide” of yet another whistleblower, it got me thinking.
When working at large enough company, it’s entirely possible that at some point you will get across some information the company does not want to be made public, but your ethics mandate you blow the whistle. So, I was wondering if I were in that position how I would approach creating a dead man’s switch in order to protect myself.
From wikipedia:
A dead man’s switch is a switch that is designed to be activated or deactivated if the human operator becomes incapacitated, such as through death, loss of consciousness, or being bodily removed from control. Originally applied to switches on a vehicle or machine, it has since come to be used to describe other intangible uses, as in computer software.
In this context, a dead man’s switch would trigger the release of information. Some additional requirements could include:
- No single point of failure. (aka a usb can be stolen, your family can be killed, etc)
- Make the existence of the switch public. (aka make sure people know of your mutually assured destruction)
- Secrets should be safe until you die, disappear, or otherwise choose to make them public.
Anyway, how would you go about it?
Set up several solar powered raspberry pies with cheap iot SIM cards, each will check a vm in the cloud or at home for a key. If the key isn’t present or can’t be reached they release the info. Could have several servers to store keys to check. Everyday you enter a code to prevent the key from being removed.
You would need to account for temporary connection issues to make sure it doesn’t send it after a network outage or something.
Just a scheduled email that you need to cancel every 24 hours.
That more like coalmine canary than dead man switch. Also, if you happen to be arrested on a weekend or get tangled/hooked up then you will have no way of cancelling it. Then all hell breaks loose.
It doesn’t make any sense. If you are a whistleblower is because you already published the information. They are not killing you so the information does not get revealed. They are killing because you already did.
you just need more information and then you need to prove that you have more information so they can kill you anyways
One issue from a legal/prosecutorial point of view (even assuming there is a willingness for the government to prosecute) is that the rules of evidence require authentication of documents. In the case of a whistleblower, they are themselves a witness and can authenticate (that is, attest to the genuine nature of) any supporting documents they bring in. If a whistleblower is killed, even if the government has the documents the whistleblower intended to authenticate, it becomes a lot trickier to use.
The fuck kind of information you sitting on there!?
He knows the real identity of the Hamburgler
The McDonald’s CEO? He’s a criminal after all
Nothing atm, but you never know what you may find. I would assume that most whistleblowers didn’t know they joined a shady organisation until years down the line…
Pretty easy if you don’t work for google.
- Upload everything to a google drive.
- setup inactive account manager
- add all the news agencies you can get a hold of, government offices, police etc.
- make sure it’s read only access.
If they want to silence you they have to 1. Know about your account. 2. Keep it active.
It relies on the news agencies and such actually caring.
As someone who’s been fighting a huge fight against a casino threatening my performance home, lemme tell you that most don’t give a single shit
Everything relies on someone caring, in this context.
The real answer: hire a law firm, entrust them with your documents, write into your will what you want to happen with them, and then go on about your business.
The question assumes that you family could be killed. Why the law firm is protected against such violence in that case?
A dead man’s switch doesn’t quite protect you from garden hose cryptanalysis though. Nothing stops them from asking you to tell them if he got a dead man’s switch.
Maybe, add a clause what should happen if you disappear for more than x days. For most jurisdictions you are considered dead if you disappear for a few years.
This is only partially true in the situation the poster named. What if your secrets are from the government or governmental organization? What if you live under a repressive regime where the law firms are either corrupt or that the law is not in your favor?
That being said, I have a will and a bank safe deposit box. It is filed with the state that I have a will and the will is (also) in the safe deposit box along with stuff that I’d prefer not be released until my death. There’s also a clause in the will that says something to the effect that if somebody sues to invalidate the will, they are automatically excluded from any benefit (or responsibilities). Also, if an individual is found to be somehow responsible or had an intentional involvement in my death, then they are also excluded.
It’s not air tight, but works for my needs. By the way, I don’t have any company or government secrets, it’s just normal family drama, so please don’t kill me.
Only correct answer here.
The hardest part would be how to trigger the kill-switch periodically without showing it to your adversary whilst keeping it easy. Having your device queried directly would be a dead giveaway. My idea without involving people would be as follows:
- Set up a program that syncs files to a remote third-party cloud
- Sync it to a directory that frequently changes when you use your device (your docs, for example)
- Have a server that queries the third-party drive for that synchronised directory
- If there are no changes, trigget the alarm
But since this plan relies on the secrecy, it’s kind of ruined now. That, and I think your threat model is a bit too extreme.
Depends on your background and industry.
If you work in IT, and are technically adept, you can…
- Store said files on a proton drive or mega.nz drive set to be only accessible to read by those who have the unique URL.
- Create a small server with a cron job that every 24 hours sends you a text message to a Google Voice number accessible anywhere with internet connectivity and you have 60 seconds to reply otherwise the cron job will craft a premade email to all international news agencies as well as government agencies responsible for the control of this issue, along with links to download the information.
60 seconds in 24 hours seems too prone to the possibility of a false positive. What if you forget and take a nap? What if there’s a power outage? What if your phone breaks unexpectedly?
All good points, however the purpose of a deadman’s switch is that you fear for your life, taking a nap might not be as easy under those circumstances. Also, if you know at what time the SMS is set to arrive you can plan ahead to make sure you have Internet in order to respond, but OK maybe 60 seconds is too short of a time so let’s make it 5 minutes. Being that this is using Google Voice, you can receive the SMS over a tablet or laptop so a backup would be a must have.
Even 5 minutes seems short. You’re already dead, what’s the rush?
You don’t want to give the people chasing you time to identify and disable the deadmans switch
That’s why you create a backup deadman’s switch.
Well, you’d need to send a message to some people that you know would care, when you die or are kidnapped.
There are plenty of services for sending any sort of message.
You’ll send the data with a private key and hand out the paired public key before you die. That way any tampering with the data will be obvious to the receiver.
I’d just send a link to the data. For example store the data on Proton drive with a share link.
Now you’d need to detect that you’re dead or kidnapped. You could have a timer of say a week or a month, and whenever an email or message is received it resets it. You could also send a warning message to yourself before it goes off, so you have a chance to deal with errors such as an email not arriving.
You’d need a 2nd service to check if the main service is running. Or perhaps it just replies once you send it a message once a day or week or month.
You’d also have to make sure that your reset message to the service is secured. Most likely it will be as long as it isn’t absolutely obvious, like you japping on about it at work. But one idea would be to use a proton mail address and keep a pin lock on the app. If you want to go the extra mile the email should also contain something only you can know.
Quite frankly I don’t think they’d even expect you to have any such system set up and they wouldn’t hack you before you’re dead. But maybe I’m wrong. If you really suspect that you’d need someone who is specialized in infosec.
I’d say go look for an existing service that can do this entirely via email, I’d bet it exists already. Otherwise you need to be able to code a bit or find a coder.
I’d say go look for an existing service that can do this entirely via email, I’d bet it exists already.
I think any official service that offers this could be immediately captured or bribed to suppress signalling by a larger more powerful entity, since it would be an easy goto that they could trap for.
I reckon implementing it as chaotically and as distributed as possible, might be the only viable solution, albeit with multiple fault entry points.
Give the encrypted file to one person, the key to another and do not keep either yourself. They exchange them if you die.
Why not keep a copy?
Also, both people are single point of failures. Maybe, 5-6 people where each has an encrypted payload and the keys to decrypt everyone else’s payload.
IIRC Julian Assange had something like that set up. There used to be a file you could download from WikiLeaks that was encrypted and supposedly contained something very spicy, and if anything happened to him the password would be released somehow.
No idea if that’s still a thing or not though.
If you really have secrets, you shouldn’t have a dead man’s switch.
You should have released it all on day one.
“What makes them keep you alive then?”
It’s not like corporations are going to get punished for killing you regardless.
Another thing to consider is that you won’t know immediately that the information you stumbles upon is incriminating. Sometimes it may take years until you have all the pieces of the puzzle.
Fwiw I’ve actually thought about a dead man’s switch for a while now. When my partner and I were going through end-of-life stuff, having the ability to delete or open things as needed after you’re dead can be important.
I have a rough design in my head where you register various monitors (e.g. checking email, logging into Lemmy, etc) and so long as you reach a specified threshold you’re considered alive.
Build in a duress code or dead code that can be entered by your next of kin, then you got something workable.
For a dead drop like you described in your OP, I agree that instructions to an attorney is probably your best bet. But in the scenario you’re describing, it sounds like having this code won’t be valuable.
The problem with releasing them on day one is that you then can’t gather more. If you’ve only just exposed the edges of the malfeasance you need time to get the rest before exposing it. Go too early and the rest of the evidence can be destroyed, covered up or those holding it coearsed into silence.
Having a dead man’s switch is a way to ensure whatever you’ve gathered gets released if you’re no longer in a position to gather more. As such I disagree with the poster about making it public knowledge before release. Keep it secret until you have everything, then release it.
The whole point in being a whistleblower is to release the documents. Why would you tell everyone what’s happening and not provide the evidence? After you release it, there’s less chance of being harmed, and your job is done besides showing up to court.
Maybe he wants to release a censored version of the documents and have the dead man switch release the uncensored version.
Well there are various services that let you disclose info to certain people upon death. examples: https://www.pcmag.com/how-to/how-to-prepare-your-digital-life-accounts-for-your-death
So you could create those and send them to various journalists or whoever you think would be interested. Then ensure in your will that they are notified of your death. Will them a small object or something.
Tbh I think the concept of a dead man switch is fantasy. You always hear about them in place but then nothing happens when the person dies.
Has there EVER been a dead man switch that worked?
Didn’t Epstein have one? I think if something that incriminating can be eliminated, the concept as you said doesn’t work.
Epstein has been dead for years… what did his switch trigger?
That’s what I mean. Maybe I’m misremembering, but didn’t he have one that was supposed to put out a list of names online or some shit? And then he died and nothing happened, likely because feds got to it.
4, 8, 15, 16, 23, 42
