hckrnws
Been working through the accounts of a deceased family member over the past few years. They left a password file that made its way to me so I’m able to log in to most things “as them.” My goal is to harvest anything the family might want as a memory: messages, photos, etc., and to clean up (close) all their accounts to prevent identity theft.
A few notes of interesting things I’ve found:
Observing inbound mail for over a year is by far the best way to learn where a person has accounts. I found a ton of services that weren’t listed in the password file by seeing “year end summary” or “we’ve updated our terms” emails. And then of course email access is useful to reset the password and get in.
No one sends more fucking email than politicians. It’s honestly insane how many emails came in daily to this account from all sorts of a candidates, from all over the country. The email list sharing is blatant and rampant. And without regular pruning (unsubscribing, marking as spam), the volume just grows and grows.
Some companies have very handy “close and delete this account” features. Some let you end a paid subscription, but there’s no way to remove the account. In one case I killed a subscription to a paper and then was able to log in as the deceased 4 years later! But many services do prune: in many cases, trying to log in years later failed.
When there was not a “delete account” feature, I filed a support request to delete, explaining that the account holder had passed away. When that did not work I filed a legal request to delete personal data, citing the data privacy law of the state in which the deceased resided. That worked well.
I ended up paying to keep the deceased’s phone number active for a while because I kept finding accounts that were set to send SMS codes to permit login. The deceased was good about security, which ended up costing me, ha. Notably, the mobile provider never cut off the number or seemed to notice that a dead person’s phone was still active. As long as the bill gets paid, they don’t look too closely I guess.
> keep the deceased’s phone number active for a while
I wish I had known this. After my father passed away a few years ago, I had a password list but some accounts required 2FA, and unfortunately I didn't have access to his phone. It locked me out of some services where I would have liked to have archived the data, like photos and posts.
At some point though, data is similar to material possessions - someone has to spend the effort of keeping it archived and accessible. Eventually people move on and the data is either forgotten or lost. And it's OK to let it go, nothing lasts forever.
I wonder if there's a service provider who can help manage all these - akin to your lawyer or "will contract"
Good argument against 2FA.
Against SMS as the only second factor, for sure!
> No one sends more fucking email than politicians.
Isn’t it nice how politicians excluded themselves from most of the rules regulating businesses regarding spam and email laws.
In the US, I guess. Here in France we never get emails from any candidates, this is against the law (not specifically for politicians, for everything)
In France it's totally fine to send spam emails during elections, maybe you just got lucky ?
There are even auto-calls https://www.ouest-france.fr/elections/presidentielle/preside...
"Hello this is Eric Zemmour"
> Soit vous avez indiqué votre numéro de téléphone sur un formulaire à destination du parti ou du candidat, soit il s’est procuré votre numéro en achetant ou en louant une base de données – contenant votre numéro – auprès d’une société privée.
So it can be basically any source.
> In France it's totally fine to send spam emails during elections, maybe you just got lucky ?
In the US, when are things not in 'election mode'?
> I ended up paying to keep the deceased’s phone number active for a while
I've ported a few numbers that I wanted to keep for a bit without needing the cell plan any longer to a Google Voice account. Then I just forward the number to my own cell phone.
Not having a proper account deletion method for deceased persons was one of my big pet peeves when sorting out accounts of a family member.
>No one sends more fucking email than politicians.
LinkedIn enters the chat. I have given up trying to turn off email notifications from LinkedIn. One of the last acts I did with my FB account was to finally get it to stop sending emails, yet LI refuses to stop.
LinkedIn mobile app adds new notification classes and assumes you opt in, even if you’ve opted out of all the other spam.
However, email from LinkedIn is not something I’ve had an issue with, personally.
I’m in the UK and I managed to end up on trumps subscription list begging for money
And just another example of how systems aren't really designed with death in mind
A side note about closing accounts.
I keep a list of services I closed or asked for my account to be removed and forgot. Today you even often have to make an account to take a look at a tech demo, because the author tries to avoid abuse of their AI service key they used for such demo.
After about two years many of these services start sending me messages again. Sometimes it turns out that the account is active again.
Recently a recruiter send me an email with a standard cold call: "I have a position that will be a perfect fit for you". I asked where she got my contact and how's that position be a perfect fit, trying to get a feel what she actually knows about me. She said she got the my profile from LinkedIn. When I asked her to post me a link to my profile it turned out the profile was closed. Somehow LI kept the profile and shared my details when she used some recruiter features. ;)
I ensured that my LinkedIn email was set to private and set it to a unique address not used anywhere else.
I still get emails from recruiters a couple of times a month.
LinkedIn leaks your private data even if instructed not to do so.
LinkedIn also starts spamming you after X months/years since you last clicked "unsubscribe" (at least twice that I can recall, so probably "years")
They are absolute trash, scum of the earth, when it comes to respecting users (Nextdoor does the same, they did it more often at first, I think every six months).
I still remember when I first signed up for LinkedIn years ago on my phone. Following the default flow and not paying much attention, it sent connection invitations to seemingly everyone I'd ever had gmail correspondence with.
Sure it's my fault for not paying attention, but what kind of default is that?
> what kind of default is that?
The Microsoft kind
LinkedIn was doing this long before MS bought them. Abusing your contact list is their specialty and one of the ways they grew so quickly.
This is why the LinkedIn app is and will always be banned from my phone.
I was in the "archive/hoard everything" camp for several years and lately I've taken a very nihilistic approach at life.
I die tomorrow, I don’t think you really MUST save my stuff, especially anything digital. If I haven't already shared it with you, it's not yours to have.
Anything important like bank accounts can already be accessed by family with a death certificate; everything else, doesn't matter.
What happens to my online accounts after I die? None of my business, I'm dead.
There's a certain argument that accounts can haunt friends and family after you've passed- things like seeing you still there in their friends / contacts / feed / whatever.
I think it's worth talking about. There are far bigger problems facing many societies, but it doesn't hurt to think about this one too.
Comment was deleted :(
Well, same here, but I still wouldn't want to loose data until the point of my death. So I'm still hoarding and archiving everything, but it's all encrypted, nobody else than me has the master password, so at the point of my death, it's all gone, and I don't care
A guy I worked with at a former employer died around 2015. Every year, for almost a decade, I get a notification from LinkedIn to congratulate him on his work anniversary.
My Steam friends list is slowly turning into a memorial.
I'm sorry to hear that.
On the topic of Steam, according to their terms of service, you buy non-transferable licenses for access, and they will argue you can't inherit the games of a deceased person: https://arstechnica.com/gaming/2024/05/after-you-die-your-st... . This follows a tradition of digital media providers asserting deep control over things that you might think you "own" : https://www.nytimes.com/2009/07/18/technology/companies/18am...
(I had a hard time fitting this thread into the blog post and eventually cut it)
At the risk of possibly sounding crass, the practical solution is to simply never tell them of the decedent's passing.
Unless the matter of concern is a legal or financial one (eg: bank accounts, pensions, insurance, etc.), quite literally nothing and nobody else requires knowledge that the account holder passed away.
Never tell Valve that your gamer dad passed away and they will be none the wiser and noone will have any problems as you "inherit" his account and its associated games. You're not trying to defraud Social Security as a 150 year old, after all (...right?).
This might work for the first generation of steam users for now, but eventually they might require some kind of verification for old Steam accounts. Also remember that Steam is providing two things - a license for the games and a service to download them. I wouldn't expect a court to agree that a relatively low one-time fee obliges Steam to provide your or your heirs a service in perpetuity.
Why take the chance for games that you can get DRM-free and transfer independently from some live service.
Yes that is a claim they have made, but unless they show up in probate court to defend that position, they will do what the judge orders them to in a default judgement.
Have you gotten a probate court to order Steam to transfer games, which they then followed?
I am still alive, so no, I have not.
Hopefully your family won't have to test it for a long time then :-)
Please don't state something as a matter-of-fact if you don't know it to be true but just merely believe it to be true. Otherwise please link to an instance where a probate court has ordered it with a successful outcome.
It seems like a novel idea and I hope someone tries it and posts about it.
Sadly true. I don't scroll through the offline friends because sometimes I don't want a reminder of THAT many people who I can no longer message or play games with. One old friend, him having not responded about the game key I sent him on Steam was how I started to wonder, searched his name, and found his obituary :(
It's weird how something as simple as a friends list can turn into a memorial over time
Oddly in the same boat.
Damn that’s sad.
My password manager has an emergency access feature[0] which allows my spouse to gain access to the vault (and all the passwords, passkeys, PINs, etc. in there) after 7 days. I also set this feature up with my parents so I will be able to handle their digital legacy too.
> Are the bits and bytes that make up our book reviews, photos, and short-form shouts into the void really so important? I say yes. These digital ephemera are part of our legacy.
Death and grief are challenging experiences and I certainly don't want to diminish anyone's suffering. That said, I prefer to take the opposite approach and acknowledge that digital ephemera are truly not very important, with the small exception of a relatively short period (<10 years) after your death. I don't exactly have a "solution" in mind, but I reject the notion that we should preserve online artifacts forever as part of an individual's legacy.
I don't think the author was necessarily suggesting that online artifacts should be preserved forever, but this line stuck out to me and I felt that I didn't agree with the sentiment.
My son gets my 1pw master password and yubikey and inherits all my online accounts.
That is my plan as well --- there's an envelope in the safe which has my e-mail password which should allow taking over the accounts, and maintain access to my GOG.com game library, my Amazon Kindle books, and my Amazon Music --- curious if there will be any case law in-between now and then.
For GOG the safer solution would be to download and backup the offline installers. Might even become useful in your own lifetime.
An old friend passed away a few years ago, and sadly all of our Facebook messages have disappeared forever. I really wish that I could read them again. It’s very sad.
Oh well.
You might be able to find them in your account's data dump. I have a friend who deleted their Facebook account, but their messages still show up in the dump as "Facebook User". Check <zip file>/your_facebook_activity/messages/inbox.
Get into the habit of saving web pages that contain interesting or useful information. Browser addons like SingleFile and WebScrapBook do a fair job of this.
There is an ex coworker who died about 10 years ago. People on LinkedIn still congratulate him annually with his work anniversaries.
I intend to make sure people know how to use my email. With that, and my phone, they should have access to all accounts indirectly via password resets through that email address. I won't bother with a long digital will or handing over a password manager or anything like that, this sounds like way too much complexity. One account - the email.
I kind of wish there was an inactive account setting as default, where every account was disabled after 1 year of inactivity (but keept the user name to prevent squatting), then sent a yearly reminder and deleted them after 10 years or something.
This article really resonated with me. A few years ago, I lost a friend, and their dormant social media accounts became these strange digital echoes... like finding an old voicemail you forgot existed.
presumably there are a great and growing number of people who will have no one to clean up there online presence, and depending on how things are set up, and how much money is floating there, possibly earning, then itd hard to say how long things might last. where things will get tricky is with personal AI, that could in such a case, become imortal if so instructed, or rather, given the scale and general wierdness of things, there must be something like that happening now so one more trueism is gone, you CAN take it with you when you die
I wonder if the sites will do something internally to see that the provided DOB for the account is now > 100 years old, and just start silently deactivating those accounts. Then again, why would they care? If deceased person's account becomes hacked and then taken use by some identity theft type situation, why would that platform care? It's just a user to them and continues to be potential revenue generating.
Nothing, I still get random notifications from folks that sadly aren't around anylonger, but no one has disabled their social accounts.
You are going to die at some point. Some one I know died not that long ago and the church for his funeral was packed-full and there were people outside - now his grave is a forgotten mound of dirt. Do something that will help the human race, it is the only thing we can do
Not to be too morbid, but, does phone face recognition work on a stiff ?
I made arrangements for my family to have access to my accounts and instructions on deleting most of them, with special emphasis on linked-in.
Comment was deleted :(
I can't even guess at the number of accounts I haven't touched in 10+ years.
Does it matter? I am still alive!
For how long?
Part of this discussion is making it easier for those that come after us. So if you care about others, than this might matter to you. If you only care about yourself, then it truly does not matter.
All will go to my daughter
My brother passed a few years ago. I was able to "memorialize" his Facebook account, or whatever they call that term. Found a link on their web site, uploaded a scanned copy of the death certificate, and within a day or so the title to his page was changed to something like "Remembering Joe Blow..." People could still post on his page, but nobody could log in under his name (just in case his account got hacked or something). It was pretty easy to do.
My mother recently passed away after a long battle with dementia. Apparently when she would forget an account existed or she could not log in she would create another account. She had multiple email addresses and Facebook profiles that I know of.
I’ve been able to get Facebook to close a couple of her profiles but for the rest they keep asking for the same documentation over and over again (death certificate and funeral booklet) but will not take any action.
Wouldn't it be fairly easy to fake a certificate? I wonder what process they have in place to avoid false flagging.
Yeah, and Facebook is the least of your concerns.
Defcon talk about the security of death certificates, and what happens to your life if you are targeted by this attack.
[dead]
[flagged]
When posting snark it's always wise to make sure your post doesn't have any embarrassing grammatical mistakes or spelling errors.
I don’t care
but thanks for making me smile.
Crafted by Rajat
Source Code