Slashdot Mirror
Dead? Hope You Left Someone Your Passwords
A reader writes "Looks like if you die, Yahoo won't grant access to family members. I know I've enjoyed reading my grandfather's letters from WWII, this could be a huge loss of history if other ISP's have the same policy." MJK points out that Slashdot has explored the notion of what happens to your data after you die.
They should try the password 'b00bi3s'
Anything of mine worth reading is already +5 Funny.
someone contact the BSD family and tell them to leave a post it note of their passwords!
My family members are welcome to keep all the emails I've sent them. But my personal mail? That'd incriminate way too many people still living...
don't keep anything you want to pass on stored on Yahoo! Next problem?
try { do() || do_not(); } catch (JediException err) { yoda(err); }
yet another reason to make your passwords the names of your children!
2 1337 4 u!
This is slashdot, you can trust us.
i can't imagine the shame my family would experience if i were remembered by some of my slashdot comments
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
My data is my data, and unless I stated otherwise in my will, it dies with me.
Also, if my relatives would have something to see in my email, I would let them read it.
After all the reason you use the yahoo mail is privacy.
Why should my privacy die with me ? (sounds funny, though)
I think keeping the contents private is prudent.
It is up to you to archive your emails and other e-stuff in a a spot that it can be found, if indeed you really want it found after you are "gone".
This issue is a bit more complicated than you think.
When I die, I wouldn't want any one to find my pr0n. Someone needs to create encrypted mpeg/divx.
Or maybe I should request that I be buried with it to take to the afterlife. "Please bury me with the harddrive with the folder name 'Stuff'".
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
. . . that you can read today's Email in 60 years? I doubt it very much. This is just the way things are going, hardly any letters are written by hand and even the CDs and inkjet printouts last that long.
Cheers, Nostrada
Plus think of the flaming possibilities. You could instruct your surviving loved ones to flame as much as you want, knowing full well no one can touch you in return (unless you believe you are experiencing literal flaming after death, but that's just the risk flamers take).
Seriously, put it in your will if it's important enough.
Leave the accounts and passwords in your will. Seal them in a saftey deposit box.
UNIX/Linux Consulting
Sympathize meaning couldn't care less.
Mercy was given to me by Christ...I must give the same to others.
Grandma: Oh my god, how many emails about viagra did he have?
Ohhh, I better contact this poor Mr. Mbutu and see if I can help him out. I didn't realize pop had friends in Nigeria.
Look at all these money making schemes? How come I never saw any of this money?
Oh dear, I had no idea pop was into asian porn...
My my, it looks like pop was corresponding with someone about Vicodin.
Perhaps its better he died...
This sounds like a time when lawyers would be useful. A subpeona or court order should obtain the desired results, although it's pretty bad that family members would have to go through this hassle. Still, if it was one of my family members, it would be worth it to not lose that precious data. --Jacksonai
Like Sweepstakes? Try out my service @ http://www.yourpowersweeps.com -- Free 21 day trial, no cc needed.
If it was private when I am alive, it is still private after I am dead. I might say things to a sister about my dad, that I wouldn't necessarily want him to read.
I write stuff to a girlfriend I sure the hell wouldn't want my mother reading, even after I am dead.
If I wanted them to read it, I would have cc'd them. Everyone here would sure bitch if they gave a copy of your email to your mom while you were alive, why is it OK when you are dead? I don't get the logic.
I could see them resending all my emails to everyone they originally were addressed to, if the recipients had deleted them and wanted them back, but that is as far as I would go.
- I like pudding.
All my important passwords (along with other information such as bank account numbers etc) are in a file I encrypt with my wife's public key. If we both exit together, well, hmm. Gone forever.
A lot of times it's fairly obvious, especially for family memebers - defaults are "What is your Mother's maiden name?" "What was your first pet called?" "What street did you grow up on?"
A sibling or parent should know any of those - which is why you should always make up your own, by the way.
Do privacy rights still apply? Let us say that you die in a car accident, should your medical records and all of your personal information be available to family members? Can this not, at some point be abused by providing fake information in order to gain access to an account? If I want my family members to have access to something, then I will either tell them now, or have that data in my will or other document to be distributed by my legal representative upon my death.
If this family wants to keep the messages, then they should save them from their side of the chain. I think Yahoo is in the right in that they should not be made to give out password to those that do not control the account. They would have to deal with the expense of handling a lot of requests if even a single exception was acknowledged.
Cave, wreck, and deep diver.
Yeah, I don't think Yahoo wants to get involved in ensuring that a supposedly dead person matches up to a particular account. Imagine if Yahoo announced that they would allow this -- it would probably be abused to get access to other people's accounts, and would probably expose them to lawsuits too. They're too big to do something like that.
"No one likes working in a hamster wheel, and your shop smells of cedar shavings from here." - TaleSpinner
I expect my bank, doctor, and ISP to not give my property to someone else without either 1) my permission or 2) a court order.
If I die, in order to get my money, into my safe deposit box, or access my e-mails, my estate simply needs to go get a court order.
Why is this news? It is standard practice when anyone has property of a deceased person.... the estate has to decide WHO gets what. Just because you are the relatives, doesn't mean you are THE relative that should get the access. Many families find a relatives possessions stolen by "other family members" before the estate can secure the property and decide who is actually entitled to get what.... happened at my Great-Grandmother's house when she died. Greedy bastards. We had to leave a guard at my Grandmother's house while protecting the contents while the rest of the family went to the funeral a few years ago.
i have always known that when i pass on that no one would be able to access my data.
so in order to secure that...i've left a note detailing my passwords and accts locked in a safe within my home.
it's not like i have anything secret to hide.
and the lord knows my email would be a great cure for insomnia but still i feel it necessary to give my family the ability to log me off of all apps and spam lists.
Is it 5:30 yet?
The password to the shield is....1 2 3 4 5
Let's hope the daughter was actually dead, and not simply dating a black man/pregnant/or just simply avoiding her racist/shotgun wielding/asshole of a father. (If it even was her father)
You had no right to do what you did. If you were my employee I would have fired you. Bullshit poilcy or not.
USB = Undead Serial Bus.
You have two hands and one brain, so always code twice as much as you think!
Did he provide a copy of the death certificate? How do you know who it was or wasn't?
What you did was wrong, and if it wasn't illegal, it should be.
If you didn't want it on your concience, you should've passed the call up the chain of command to someone with more integrity.
From the name I assume (I know nothing about the service) it acts as a "dead man switch". That means that you have to always do something (while alive) to let it know that you are alive. Maybe log on periodically to a given website etc. Of course, that means that you can't afford a long vacation, an extended coma or jail time where you don't have internet access...
I like my dinosaurs feathery, and my pterosaurs hairy (or is it pycnofibery?)
how do you tell it that you're dead when you're, well, dead?
I wrote a little program called dead man switch years ago, for just this purpose (and to teach myself Java). I imagine this is someone else's though since I only gave mine to a few friends. Mine just required that you log in to the server once every [variable] days. If you failed to log in it would optionally send a warning e-mail and then it would mail out a predefined message to a predefined address. I planned to expand it to include setting up accounts and storing files encrypted, but never got to it. I figured all those movies where people say, "If I die my computer will automatically send the files to the police" would be more true to life if there was such an app lying around to make it easy. (cron, yes, I know)
My guess is that like my program, and like a real dead man switch, it takes a conscious effort to keep the switch from being tripped.
I should be okay, my passwords are on a Post-It attached to my monitor.
When my best friend died in a tragic hiking accident, I spent about 30 hours trying to hack his hotmail account for his family- after they found out that Hotmail was not going to give it up for us. I never did get in.
I've been heavily into the MMORPG scene over the last few years, and some of my closest friends are folks that I don't have any other contact with. If one of them was to get hit by a bus, I'd never know what happened. That would be odd. I suppose that from my side of the monitor it would be exactly the same as if they had suddenly quit playing the game and never contacted me again. That's an odd concept.
I keep forgetting my place. Jesus is for losers. Why do I still play to the crowd?
I've got a bunch of names and social security numbers, and your customer's email, if not profitable for me, should at least be amusing.
Oh, and if I could have your direct extension too, that would be nice.
In short, you exposed all the users of your ISP to fraud by allowing anyone who called you with a sob story and some previously compramised data account access they shouldn't have. But hey, as long as your CONSCIENCE feels good....
paintball
First off, most soldiers who go to Iraq leave behind wills, letters , etc. that are to be opened in the unfortunate event that they don't make it back home. If you really want your family to have access to these kinds of things, leave your password in these documents. What if I died and didn't want my family perusing through my e-mail? Once you've passed away, you can't give consent OR deny requests. It shouldn't be assumed that everyone has no problem with their family having access to all of their stuff. I agree that reading a grandfather's letters from WWII is probably quite enjoyable and insightful, but he made a conscious decision to leave those behind. In this situation, we don't truly know what the soldier wanted. It's an easy problem to avoid. If you want people to have access, leave the passwords behind. Due to the sad nature of the topic, I will try to avoid the obvious sort of "Tell them to look under his keyboard" jokes.
If you mod me down, I shall become less powerful than you could possibly imagine.
They die. Encrypted, personal and not for others, whether I die or not. Quite frankly, those I know and love should have more than enough without my data. And for the great posterity, I imagine that either a) There's more than enough people who didn't keep their data private or b) I've gotten important enough to actually set up some sort of dead man's switch in my will.
It is not like this is just online. Many places in real life would also suddenly find me "missing", yet never actually go as far as to figure out what happened. Both on- and offline, those that are important enough to know would know. That'll do.
Kjella
Live today, because you never know what tomorrow brings
This actually happened to our family this past August. My 19 year-old sister died in a car accident. I think my mother wanted access to her email to spread the news to her friends since she was very active on the Internet and had international friends. My mother had purely altruistic motives. My sister had actually told my mother her password, but because of the trauma of the situation, my mother couldn't remember. My mother ended up remembering it a few days later when she could think clearly. I didn't realize it until it happened, but when your sister dies, you want people who loved her to know. There's this need to want people to know what happened, no matter how traumatic. We still can't reach one of her old friends. I understand the privacy issue, and I treasure my online privacy too, but I agree with other Slashdotters...when you're dead you're dead and the secrets you leave behind don't matter much anymore. There's not much use for it there. But if there's a use for the family, perhaps looking for things to hold on to even for momentary comfort, I think that's the right thing to do. I think the real issue is ownership. Yahoo owns the servers, and thus our web-based e-mail, no? When in that case, the analogy of say my father dying and me inheriting his car wouldn't work with e-mail since e-mail isn't owned like a car.
I worked at a financial services firm for many years. As most of our clients were older, we had to deal with this kind of issue fairly often (several times per year at least). Get an official copy of the death cert and a notarized copy of the will (if there is one) or living trust (even better, paperwork wise) or durable power of attorney (best of all). That would be enough for us to provide account information without upsetting the SEC, who are fairly strict about privacy issues.
Barring that, it shouldn't be terribly hard to get a court order, and we all know how eager ISP's are to comply with those when law enforcement come knocking. There's nothing of any particular interest on my machine that anyone other than me would care about (except the MP3s). My wife already knows my passwords, which makes this not a problem anyway.
this is getting old and so are you
blog
I've left my close and trusted friends with a copy of DBAN and had them swear to wipe all my boxen completely clean... I really don't want friends and family and the world to know all of my dirty little digital secrets. Frankly I agree with Yahoo's decision.
- dshaw
Now I have to change my password.
paintball
Set-up a cron job on your desktop machine that periodically queries Google and looks for your obit. If found, it connects to your bank and sends a check for $1000 to your worst enemy. It then mails said enemy a (pre-dated) message (CC'ing yourself) saying: "I'm sending you the last FINAL payment. Don't try to blackmail me again!". Next it e-mails your mail ID and password to your family and finally the script erases itself. :-)
[Insert pithy quote here]
Yeah, I'd prefer the image my family had 'before' they read my emails.
I seem to remember a skit on some comedy TV show about a service you could hire to come and get rid of all the porno mags/videos, drugs, sex toys and incriminated evidence and replace it with religious objects, awards and classical novels. Ya know, just so your family is left with a 'good' image of you. I think this falls along that line.
While there aren't many 'objects' I'm ashamed enough of I'd pay people to come hide before my relatives rummaged through my stuff, I'd definitely pay somebody to torch my computer the moment my pulse stopped.
Interestingly, without a pretty short time period on your timmer, your server, Net connection, or ISP could terminate your account due to non-payment before the script went into real action.
This is where, and I have seen these discussed on Slashdot, a service that you could pay ahead would come in handy. It would also be good to stay ahead on your web hosting and domain names for this reason as well, so your web pages would stay online for at least a couple of years after you were gone.
Usurper_ii
Ron Paul
I support Yahoo's stance in this matter. While he's dead and really doesn't have a care in the world, because nothing about him besides a pile of flesh exists..
Out of respect, what if there were things he never wanted them to know? What if he was gay and having an internet relationship with some man, and his parents were anti-gay? They would then be left thinking they never knew their own son, and all of this crap.
If you want people to have access to that sort of thing, leave them access. Put your passwords in a safe or something if you MUST write them down.
Yahoo and others should not be giving access to an individuals person email, dead or alive. I don't care if the family presents a death certificate or not. You should have a reasonable expectation of privacy and deceny even after death. Let your personal life die with you.
And that's the moment when danheskett and taustin figured out they were friends in RL. "Dude, you're on /.!"
Why are there only 19 people folding@home for slashdot?
Well, if you won't say it, then I will: What you did was wrong, both at the time and in the end. It doesn't matter if she was really dead or not. It doesn't matter if it was really her father or not. Lots of people have nothing but hateful relationships with their parents, and lots of parents are nosey and spiteful. It is her right to be protected from privacy invasions. If she is still alive, your company could be (and should be) sued. Privacy policies exist for a good reason: to keep weak, bleeding hearts like you from doing stupid things to compromise the security of people's/companies' data. I used to do customer support for Dish Network *shudders*. Until they really started implementing stupid policies (like "anyone can make any account changes they want!"), they were very strict about allowing relatives access to accounts. If they were dead, they had to send us a copy of the death certificate. If it was a divorce, they had to send in a copy of the divorce decree, etc. Only a damn fool would believe someone who simply *claimed* to be a grieving relative. In closing, let me just echo the sentiment that, were you in my employ, you would have been fired, and damn quick.
The email or other electronic records are property just as paper letters are. By default, you don't have privacy in death as your paper letters are inherited by someone unless you leave provisions in your will for them to be destroyed. If you are a famous person, your person letters are likely valuable property.
I don't see why email should be considered any different. Yahoo's position really is that your email is not personal property. They "own" in the sense of controlling the property while it's on their servers. I don't think Yahoo's objection is really about privacy. They don't want your email to be considered property because they could then be sued when they accidently lose it, not to mention the administrative costs of dealing with probate transfers. If this was really about privacy, they could give make the disposition at death user controllable when the account is created.
I doubt this issue will be fully decided by the courts until some famous author dies and the only copy of their unpublished work in on some server somewhere and worth a lot money. Then the family will sue for access to the valuable property which they've rightly inherited through the will and the courts will be forced to decide whether ISPs can destroy property on somebody's death.
Is that you think it's ok to substitute your own personal judgement for the rights and judgement of others.
You didn't have to deny the request of the father. You just had to EXCERCISE DUE DILIGENCE in making sure that the person on the other end of the line actually was the father, and that the customer in question was actually dead.
You were LAZY, not righteous.
paintball
Simple, just add a rule that if you don't log in for a week, check the obit's in the various online local newspapers. If both conditions are true (name found in obituary, and no activity), then activate.
- did everything possible to inform all of their friends and contacts, and
- wanted "things to hold on to even for momentary comfort"
In our case, email wasn't an issue, but there were certainly plenty of letters, accounts, photos, safe-deposit boxes and all that to go through.In the case of letters, whether electronic or paper the writer generally is the owner of the copyright, even if she isn't storing them at home. Ownership then goes to the next of kin as with any other possessions. Yahoo here is acting like a storage unit, but one which claims it can keep your stuff not only if you don't pay but also if you pass away. If your dad kept his car in a storage lot (or his papers in a storage unit) you'd have every right to claim it as part of his estate.
Privacy in death has to be up to the individual *before* they die. Once you're dead, you cannot dictate what people do with your posessions other than the normal process of distribution through wills and trusts. Destruction, on the other hand, isn't something you can force your estate to do (if you told it to burn the manuscripts or put down the parrot).
I think the real issue is ownership. Yahoo owns the servers, and thus our web-based e-mail, no?
NO.
Maybe Yahoo's policy, or laws say otherwise, but consider this: When you ask people, many feel that e-mail has similar function, and should have similar legal status (privacy protection and such) as snail mail.
I looked it up once how this is for postal service where I live: if mail bags are stolen, whose property was it? What I found, is this:
Law says that you are free to do with whatever you want to mail, until you drop it in a mailbox. As soon as your hand lets it go, that mail becomes the personal property of the addressee you wrote on the envelope. The postal service is never a 'temporary owner' here; all they do, is transport that mail to the addressee.
Now with e-mail, I feel you should treat that similar. You can change your mind as often as you want, but at the moment you click "send e-mail", the e-mail becomes the recipient's property, and all the ISP's do, is transport it, and keep it stored on their mail servers for a while. Remember, we're not talking about a comment on Slashdot or other public forum, but a private message from person A to person B.
So what if you mother wrote a love letter to your dad long ago, your mam & dad die, and you inherit their belongings? Right: you could read your mams letter, even if it was originally directed to your dad. But that is normal, right? Ultimately, it's just property that gets inherited. You should expect though, that 3rd parties that keep property, should check, and possibly only respond to court orders that confirm someone has died, and who inherits what (and confirm identity of people who claim belongings).
Same here with Yahoo: they should just sit on it, until they have confirmation about who inherits what, and then pass any stored info to those who are entitled to it.
Where does that leave you? Simple: just consider what you have laying around, online, things that get sent to you, and what you want to happen to that when you die. Then act accordingly. Like put some passwords in a safety deposit box in a bank. Encrypt files you don't want family to find when you're gone. Or download mail to local storage, so that family could find it on your PC after your death, but delete mail that you wouldn't want them to read.
You obviously never had a close family member die. The shit you may need to get ahold of for lawyers, the government, taxes, etc is huge, and enough of a reason for yahoo's policy to be forced to change. But these people wanted a keepsake, and because of the above sentence, should be able to get it.
Sleep is for the weak.
...while their pr0n is oft interred with their bones.
I see a lot of people advising that you leave your password in your will. This is retarted! For starters, every time you change your passwords, you have to redo your will and have it witnessed again - that's not sensible.
Rather keep your details separate to your will, but in your will advise people how to get to them. A safe deposit box at a bank, etc.