After reading about the “suicide” of yet another whistleblower, it got me thinking.
When working at large enough company, it’s entirely possible that at some point you will get across some information the company does not want to be made public, but your ethics mandate you blow the whistle. So, I was wondering if I were in that position how I would approach creating a dead man’s switch in order to protect myself.
From wikipedia:
A dead man’s switch is a switch that is designed to be activated or deactivated if the human operator becomes incapacitated, such as through death, loss of consciousness, or being bodily removed from control. Originally applied to switches on a vehicle or machine, it has since come to be used to describe other intangible uses, as in computer software.
In this context, a dead man’s switch would trigger the release of information. Some additional requirements could include:
- No single point of failure. (aka a usb can be stolen, your family can be killed, etc)
- Make the existence of the switch public. (aka make sure people know of your mutually assured destruction)
- Secrets should be safe until you die, disappear, or otherwise choose to make them public.
Anyway, how would you go about it?
The most non-intrusive foolproof method I can think of is spite-induced action:
- Get a pacemaker with Zigbee mesh network connectivity
- Implant a small device into your wrist that vibrates if your pacemaker is ever disconnected from the network (in which case, run NOW to your nearest safehouse)
- Should the vibration continue for longer than 5 minutes, a vial of cyanide from a hollow tooth explodes into your mouth allowing you to spit it at your nearest enemy (should one be around)
- The bursting of the hollow tooth sends a signal to a remote server, which triggers the
ejectcommand on a server, causing the CD tray to come out. - A confused sysadmin will bitterly get off his chair, and go inspect the server, whereupon he will see the paper instructions embedded in the CD tray, and read them.
- Assuming his latvian is good, and that he’s familiar with caesar cyphers, he will decode the message that will lead him to a youtube URL where he will post the following comment “Jose I slept with your mother.”
- One of the subscribers to the youtube channel is your friend Jose, who will read the comment, spit out his coffee, and then immediately call you.
- After about a week of no response, he uploads the contents of that USB stick you gave him with the instructions to “never upload this ever under any circumstance” out of sheer spite.
Edit: Here, I made a diagram of the whole thing
State Diagram
(with mermaid source)
stateDiagram-v2 direction TB state Internet { state "Wider Zigbee Network" as WiderZigbeeNetwork -- state "Youtube" as youtube{ state "MuckBang <small>Wasabi Challenge</small>" as video1 state "A Cat's Guide to Vomit <small>By Remington Steel</small>" as video2 } state "Remote Server" as server { state "Server <small>CD-Tray</small>" as cdtray state "SysAdmin <small>Some Latvian Dude</small>" as terry } -- state "brazzers.org" as brazzers } state People { state "Jose" as jose { state "Youtube Subscriptions" as subs state "Phone" as josephone state "Coffee" as cuppajoe state "USB Stick" as usb2 } state "You" as you { state "Pacemaker" as pmaker state "Wrist Implant" as wrimplant state "Hollow Tooth" as htooth state "USB Stick" as usb1 state "Phone" as youphone } state "Enemy" as enemy { state "Random Person" as rando } } [*] --> pmaker : Insert next to heart pmaker --> WiderZigbeeNetwork : Maintain connection WiderZigbeeNetwork --> wrimplant : Vibrate for 5 mins if connection lost wrimplant --> htooth: Explode after 5 mins vibrating htooth --> cdtray: Send "eject" htooth --> enemy: Spit cyanide cdtray --> terry : Decode the paper in the CD tray terry --> video1 : Comment about Jose's mother video1 --> subs : subscribed to video2 --> subs : subscribed to subs --> cuppajoe : Spit out when reading insulting comment cuppajoe --> usb2 cuppajoe --> josephone usb1 --> usb2 : Years ago - Give USB stick with instructions to never upload josephone --> youphone : Call to complain but get no response usb2 --> brazzers : Upload USB contents out of spiteThis reads like a modern day SysAdmin Rube Goldberg machine; I love it
LEMMY GOLD ahahahaha
Woa, I was reading this as the Edit federated in and it refreshed. Trippy.
I love it!
The real answer: hire a law firm, entrust them with your documents, write into your will what you want to happen with them, and then go on about your business.
Maybe, add a clause what should happen if you disappear for more than x days. For most jurisdictions you are considered dead if you disappear for a few years.
The question assumes that you family could be killed. Why the law firm is protected against such violence in that case?
A dead man’s switch doesn’t quite protect you from garden hose cryptanalysis though. Nothing stops them from asking you to tell them if he got a dead man’s switch.
Only correct answer here.
If you really have secrets, you shouldn’t have a dead man’s switch.
You should have released it all on day one.
“What makes them keep you alive then?”
It’s not like corporations are going to get punished for killing you regardless.
The problem with releasing them on day one is that you then can’t gather more. If you’ve only just exposed the edges of the malfeasance you need time to get the rest before exposing it. Go too early and the rest of the evidence can be destroyed, covered up or those holding it coearsed into silence.
Having a dead man’s switch is a way to ensure whatever you’ve gathered gets released if you’re no longer in a position to gather more. As such I disagree with the poster about making it public knowledge before release. Keep it secret until you have everything, then release it.
Another thing to consider is that you won’t know immediately that the information you stumbles upon is incriminating. Sometimes it may take years until you have all the pieces of the puzzle.
Fwiw I’ve actually thought about a dead man’s switch for a while now. When my partner and I were going through end-of-life stuff, having the ability to delete or open things as needed after you’re dead can be important.
I have a rough design in my head where you register various monitors (e.g. checking email, logging into Lemmy, etc) and so long as you reach a specified threshold you’re considered alive.
Build in a duress code or dead code that can be entered by your next of kin, then you got something workable.
For a dead drop like you described in your OP, I agree that instructions to an attorney is probably your best bet. But in the scenario you’re describing, it sounds like having this code won’t be valuable.
The fuck kind of information you sitting on there!?
He knows the real identity of the Hamburgler
Nothing atm, but you never know what you may find. I would assume that most whistleblowers didn’t know they joined a shady organisation until years down the line…
This one works if you are an inbox-zero sort of person. Write a script to send yourself an email daily. Have another utility look for your reply. If you go too long without replying, have it trigger whatever other emails/actions you would like to happen.
they can just smash the computer with the scripts running
Anyone with less capabilities of a medium sized nation-state will not be able to “just smash” an AWS datacenter.
that’s right, they can just ask amazon to shut it down
How will they even know it exists until the switch is triggered?
4, 8, 15, 16, 23, 42
Give the encrypted file to one person, the key to another and do not keep either yourself. They exchange them if you die.
Why not keep a copy?
Also, both people are single point of failures. Maybe, 5-6 people where each has an encrypted payload and the keys to decrypt everyone else’s payload.
IIRC Julian Assange had something like that set up. There used to be a file you could download from WikiLeaks that was encrypted and supposedly contained something very spicy, and if anything happened to him the password would be released somehow.
No idea if that’s still a thing or not though.
Making the existence of the switch public is often something you don’t want. It allows others to do troubleshooting in advance. It also destroys your reputation with many people who might otherwise work with you.
If you are content to keep things secret, share the documents with several different friends or law firms in several different countries along with conditions for release. Don’t tell them or everyone who all has the documents. That sounds relatively simple.
Making the existence of something public means you’d need to give away at least some details of who or what it concerned, at which point you’re in the situation of either being a target or a blackmailer.
I agree with all of the above, except I’d add encryption to the data.
That way you are not putting your life in their hands, at least until it doesn’t matter / you want the data released. Encryption keys are super lightweight vs data; taken to an unreasonable extreme, a KB could unlock TBs.
Though you’d probably want something more like a passphrase. Anyway, that basic idea is sound but I dunno about the exact delivery/delay mechanism. Gun to my head and I have seconds to decide… scheduled send from a major cloud email provider, pay way in advance, and an increasing flood of calendar events/reminders up to the day it sends. The message would include enough information about the encryption used and formats within that any tier 1 helpdesk level IT person could access the data.
Not perfect, but a good enough balance of simple and robust to start with.
The whole point in being a whistleblower is to release the documents. Why would you tell everyone what’s happening and not provide the evidence? After you release it, there’s less chance of being harmed, and your job is done besides showing up to court.
Maybe he wants to release a censored version of the documents and have the dead man switch release the uncensored version.
The hardest part would be how to trigger the kill-switch periodically without showing it to your adversary whilst keeping it easy. Having your device queried directly would be a dead giveaway. My idea without involving people would be as follows:
- Set up a program that syncs files to a remote third-party cloud
- Sync it to a directory that frequently changes when you use your device (your docs, for example)
- Have a server that queries the third-party drive for that synchronised directory
- If there are no changes, trigget the alarm
But since this plan relies on the secrecy, it’s kind of ruined now. That, and I think your threat model is a bit too extreme.
It doesn’t make any sense. If you are a whistleblower is because you already published the information. They are not killing you so the information does not get revealed. They are killing because you already did.
Well, you’d need to send a message to some people that you know would care, when you die or are kidnapped.
There are plenty of services for sending any sort of message.
You’ll send the data with a private key and hand out the paired public key before you die. That way any tampering with the data will be obvious to the receiver.
I’d just send a link to the data. For example store the data on Proton drive with a share link.
Now you’d need to detect that you’re dead or kidnapped. You could have a timer of say a week or a month, and whenever an email or message is received it resets it. You could also send a warning message to yourself before it goes off, so you have a chance to deal with errors such as an email not arriving.
You’d need a 2nd service to check if the main service is running. Or perhaps it just replies once you send it a message once a day or week or month.
You’d also have to make sure that your reset message to the service is secured. Most likely it will be as long as it isn’t absolutely obvious, like you japping on about it at work. But one idea would be to use a proton mail address and keep a pin lock on the app. If you want to go the extra mile the email should also contain something only you can know.
Quite frankly I don’t think they’d even expect you to have any such system set up and they wouldn’t hack you before you’re dead. But maybe I’m wrong. If you really suspect that you’d need someone who is specialized in infosec.
I’d say go look for an existing service that can do this entirely via email, I’d bet it exists already. Otherwise you need to be able to code a bit or find a coder.
I’d say go look for an existing service that can do this entirely via email, I’d bet it exists already.
I think any official service that offers this could be immediately captured or bribed to suppress signalling by a larger more powerful entity, since it would be an easy goto that they could trap for.
I reckon implementing it as chaotically and as distributed as possible, might be the only viable solution, albeit with multiple fault entry points.
A whistleblower doesn’t need a dead man’s switch as they’d just release the document.
A muckracker does.
A whistleblower is likely to have access to sensitive data or other forms of leverage not directly linked to whatever they’re whistleblowing on. Of course this sort of insurance policy would be useful to them.
I think its useful for situation where I’m in process of collecting evidence, so I can keep tge switch just in case I get caught in the process but at least the evidence so far can be public
I don’t know what’s скороварка on English, I guess it’s an easy rice cooking and heating device that can be set on timer. Buy one, then disassemble it and see where heating elements of that thing are. Tape them on you hard drives, better if they are SSDs, set the timer, put it into a wall socket and leave. If you are of adventurous kind, do the same with microwave’s transmitter, pointing it out of the box, but be cautious as fuck because this shit can cook your balls or head in seconds.
or, better yet
You know that most MBs have special contacts for power\reset buttons? You can do two circles to them, one is for you to power up the system normally from some secret button and one from a normal button is to trigger some funsies with things easily triggered by current or heat, like dry gunpowder. So when some ABC agent would try to power up your machine, some funny thing occurs.
and if you are worried about it being disassembled in their lab, print big stickers that stick components to their slots, like OEM fuckers do, and then put cheap razorblades under them near the edge of said stickers. That’s a lifehack nazis and then punks used to deny their posters from getting easily ripped off.
- An automated SMS message to activate something or something
- As Back-up, automated email that is checked if received or not (in cases where no mobile connection but there is internet)
- Final Back-up, none of the two maybe, radio that disables the mechanism for 48 hours just incase
