A loosely moderated place to ask open-ended questions
Search asklemmy π
If your post meets the following criteria, it's welcome here!
Looking for support?
Looking for a community?
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
Making the existence of the switch public is often something you don't want. It allows others to do troubleshooting in advance. It also destroys your reputation with many people who might otherwise work with you.
If you are content to keep things secret, share the documents with several different friends or law firms in several different countries along with conditions for release. Don't tell them or everyone who all has the documents. That sounds relatively simple.
Making the existence of something public means you'd need to give away at least some details of who or what it concerned, at which point you're in the situation of either being a target or a blackmailer.
I agree with all of the above, except Iβd add encryption to the data.
That way you are not putting your life in their hands, at least until it doesnβt matter / you want the data released. Encryption keys are super lightweight vs data; taken to an unreasonable extreme, a KB could unlock TBs.
Though youβd probably want something more like a passphrase. Anyway, that basic idea is sound but I dunno about the exact delivery/delay mechanism. Gun to my head and I have seconds to decideβ¦ scheduled send from a major cloud email provider, pay way in advance, and an increasing flood of calendar events/reminders up to the day it sends. The message would include enough information about the encryption used and formats within that any tier 1 helpdesk level IT person could access the data.
Not perfect, but a good enough balance of simple and robust to start with.
It doesn't make any sense. If you are a whistleblower is because you already published the information. They are not killing you so the information does not get revealed. They are killing because you already did.
you just need more information and then you need to prove that you have more information so they can kill you anyways
Set up several solar powered raspberry pies with cheap iot SIM cards, each will check a vm in the cloud or at home for a key. If the key isnβt present or canβt be reached they release the info. Could have several servers to store keys to check. Everyday you enter a code to prevent the key from being removed.
You would need to account for temporary connection issues to make sure it doesn't send it after a network outage or something.
I used to build automation tools (shudderVBAshudder) that the "proper" technology wouldn't be bothered to make. Over 15 years I had over 200 tools built out. I had tied all my code to a single file that I would use to keep everything updated. I had imagined in so many ways of setting up a dead man's switch to start slowly corrupting and degrading everything or to just implode everything... Would have worked except our company got bought out and everything became useless and I got laid off lol. Got a nice pay check out of it
You wanted to ruin your company? Why?
Ha well it was more of a "oh crap we need to bring him back ASAP" kinda thing to get my job back. And as others said this was all mainly for fun thinking about it. The intrusive thoughts
When did they say they wanted to ruin their company?
The slowly corrupting and degrading everything part.
But when did they say they wanted to do that? They just said they imagined it. I've imagined ways to screw over my workplace as well, it doesn't mean I want to
I think you are being needlessly pedantic.
I'm not being pedantic at all. The entire premise of your question was them "wanting" to ruin their company. There's no other way to interpret that
If you want to rephrase what you said to clear up the confusion, I'm all ears
A whistleblower doesn't need a dead man's switch as they'd just release the document.
A muckracker does.
You may not be able to collect more if you publish everything at the start
True that...
A whistleblower is likely to have access to sensitive data or other forms of leverage not directly linked to whatever they're whistleblowing on. Of course this sort of insurance policy would be useful to them.
I think its useful for situation where I'm in process of collecting evidence, so I can keep tge switch just in case I get caught in the process but at least the evidence so far can be public
The most non-intrusive foolproof method I can think of is spite-induced action:
eject command on a server, causing the CD tray to come out.Edit: Here, I made a diagram of the whole thing
State Diagram
spoiler (with mermaid source)
stateDiagram-v2
direction TB
state Internet {
state "Wider Zigbee Network" as WiderZigbeeNetwork
--
state "Youtube" as youtube{
state "MuckBang
<small>Wasabi Challenge</small>" as video1
state "A Cat's Guide to Vomit
<small>By Remington Steel</small>" as video2
}
state "Remote Server" as server {
state "Server
<small>CD-Tray</small>" as cdtray
state "SysAdmin
<small>Some Latvian Dude</small>" as terry
}
--
state "brazzers.org" as brazzers
}
state People {
state "Jose" as jose {
state "Youtube Subscriptions" as subs
state "Phone" as josephone
state "Coffee" as cuppajoe
state "USB Stick" as usb2
}
state "You" as you {
state "Pacemaker" as pmaker
state "Wrist Implant" as wrimplant
state "Hollow Tooth" as htooth
state "USB Stick" as usb1
state "Phone" as youphone
}
state "Enemy" as enemy {
state "Random Person" as rando
}
}
[*] --> pmaker : Insert next to heart
pmaker --> WiderZigbeeNetwork : Maintain connection
WiderZigbeeNetwork --> wrimplant : Vibrate for 5 mins if connection lost
wrimplant --> htooth: Explode after 5 mins vibrating
htooth --> cdtray: Send "eject"
htooth --> enemy: Spit cyanide
cdtray --> terry : Decode the paper in the CD tray
terry --> video1 : Comment about Jose's mother
video1 --> subs : subscribed to
video2 --> subs : subscribed to
subs --> cuppajoe : Spit out when reading insulting comment
cuppajoe --> usb2
cuppajoe --> josephone
usb1 --> usb2 : Years ago - Give USB stick with instructions to never upload
josephone --> youphone : Call to complain but get no response
usb2 --> brazzers : Upload USB contents out of spite
:::
This reads like a modern day SysAdmin Rube Goldberg machine; I love it
Worthy of being submitted to The Register as a sysadmin story
LEMMY GOLD ahahahaha
The real answer: hire a law firm, entrust them with your documents, write into your will what you want to happen with them, and then go on about your business.
Maybe, add a clause what should happen if you disappear for more than x days. For most jurisdictions you are considered dead if you disappear for a few years.
The question assumes that you family could be killed. Why the law firm is protected against such violence in that case?
A dead man's switch doesn't quite protect you from garden hose cryptanalysis though. Nothing stops them from asking you to tell them if he got a dead man's switch.
Encrypt secret. Post it publicly. Configure a web server to email the private key to any number of addresses if you donβt log in every week.
going to have to be careful with the timing, though. A week can easily be reached if you are ever in an (actual) accident.
Also, note that having a publicly known dead mans switch can be exploited and cause the opposite of what you want: Imagine a competitor (be it idustrial or nation state) wants the secret to leak. Why not speed it up?
There are very few situations where a dead man's switch would have helped these whistleblowers.
Once they have gone public and are at risk of being "suicided" they should have already released everything they knew. Sitting on it after already going public in any way only helps if the goal is to blackmail or extort the company, rather than to expose the company or protect others.
A lot of people have latched onto the idea of a dead man's switch (and I get it, technical solutions are fun to create), but the only part of the scenario it would help is before the whistleblower goes public, while they are still gathering information and haven't yet been discovered by the company. Even then, it wouldn't protect them from being killed, it would only ensure that the partial work is released in case they were discovered and prevented from finishing it.
A "live-man's switch" might be a better idea. If you're in such a high profile situation and you're scared enough that you think you need a dead man's switch, make frequent unprompted public declarations that you're healthy and not suicidal, and that should anything happen to you, you blame the company.
If you really have secrets, you shouldn't have a dead man's switch.
You should have released it all on day one.
"What makes them keep you alive then?"
It's not like corporations are going to get punished for killing you regardless.
The problem with releasing them on day one is that you then can't gather more. If you've only just exposed the edges of the malfeasance you need time to get the rest before exposing it. Go too early and the rest of the evidence can be destroyed, covered up or those holding it coearsed into silence.
Having a dead man's switch is a way to ensure whatever you've gathered gets released if you're no longer in a position to gather more. As such I disagree with the poster about making it public knowledge before release. Keep it secret until you have everything, then release it.
Another thing to consider is that you won't know immediately that the information you stumbles upon is incriminating. Sometimes it may take years until you have all the pieces of the puzzle.