🗝️ Digital identity backup for worst-case scenario
Written Feb 14, 2023. (This is a draft.)
Recently I thought about what would happen with my data in two of the worst-case scenarios:
- Loss of all my devices at the same time
Do I trust Google and Apple to help my family fully access my data in case of death? What about all those services that are dependent on my Google account?
So I started thinking about a way to safely backup
- Recoverable only by me and direct family
- Easily updatable
- Location-independent (in the cloud)
- "Gun-on-your-head" proof
- Malware-proof (ideally)
It would contain:
- Dump of my passwords and 2FA seeds
- Crypto private keys
- A breakdown of where my financial wealth is stored. Some are easy to find (bank accounts, stocks) others are less obvious.
- Will/message in case of death
Apple recovery contact
"Later, when a user needs to recover their account and iCloud data, they can request help from their recovery contact. At that time, a recovery code is generated by the recovery contact’s device, which the recovery contact then provides to the user via a different method (for example, in person or over the phone). The user then enters the recovery code on their device to establish a secure connection between devices using the SPAKE2+ protocol, the contents of which aren’t accessible by Apple. This interaction is orchestrated by Apple servers, but Apple can’t initiate the recovery process. After the secure connection is established and all required security checks are completed, the recovery contact’s device returns their portion of the keying information and the previously established authorisation secret back to the user requesting recovery. The user presents this authorisation secret to an Apple server, which grants access to the keying information Apple is keeping. Providing the authorisation secret also authorises the account password reset to restore account access. Finally, the user’s device recombines the keying information received from Apple and the Account Recovery Contact, and then uses it to decrypt and recover their iCloud data. There are safeguards in place to prevent a recovery contact from initiating recovery without the user’s consent, which include a liveness check on the user’s account. If the account is in active use, recovery using a recovery contact also requires knowledge of a recent device passcode or the iCloud Security Code."
So can't recover if you die.
Apple legacy contact
"The data may include photos, messages, notes, files, apps you've downloaded, device backups, and more. Certain information, like movies, music, books, or subscriptions you purchased with your Apple ID, and data stored in your Keychain—like payment information, passwords, and passkeys—can’t be accessed by your Legacy Contact. "
Start process there: https://digital-legacy.apple.com
To file an access request after you pass away, they'll just need: -The access key that you generate when you choose them as your contact -Your death certificate"
-> Can't request access -> Can setup inactive account manager, potentially risky
GPG encrypted tar archive with shards.