5 comments

  • ColinWright 374 days ago
    I can't see any way that I can save information on your service and have it inaccessible to the admins, especially if the note will be sent as a PDF to the registered recipients.

    So I really can't put anything sensitive in the note, including things like passwords or bank codes. That rather limits the usefulness.

    • moinism 374 days ago
      That is understandable.

      The note is stored encrypted using AES 256-bit keys. The only time it's decrypted without your credentials is when you don't login during the check-in period.

      I also want to make it end-to-end encrypted (still looking into it) but that has a UX problem. If the recipients need a key to decrypt it, a new problem of keeping the key safe and not forget about it also appears. And if we keep the key on our server then it also kills the whole point of e2e.

      I'd love to know any change I can make to make your more confident in it?

  • Mizoguchi 374 days ago
    Your family may need a lot more than just your passwords.

    There are a few things you may need to do at the county level, like filling out forms and paying fees so that your state can be executed quickly without additional costs and headaches for your relatives.

    A tool that could help you navigate this process depending on where you live and what kind of assets you have would be a lot more helpful IMO.

    Providing access to digital accounts is really not that difficult.

    I use Google's Inactive Account Manager to give two groups of relatives access to two different accounts where they can download files containing all the user accounts they need.

  • g105b 374 days ago
    Everyone on HN will have the same questions: how can you prevent data loss or snooping by admins?

    To answer this, you have written a privacy policy, which mentions the word "encryption" exactly 0 times.

    https://backupdiary.com/privacy

    • moinism 374 days ago
      You're right!

      I'll fix the privacy policy right away. Thank you for pointing it out.

      The note data is encrypted at-rest. The encryption keys are kept separate. Which means even if the whole database gets leaked/hacked, the note details won't be readable.

      I plan to pursue SOC 2 certification, to give users peace of mind regarding snooping, etc., if I get some signs of product-market-fit.

  • famahar 374 days ago
    So sketchy. Who is the team behind this? A data leak would be catastrophic and what's preventing the admins from accessing your info. I think I'll just stick with Gmail which gives access to my account after 3 months of no activity.
  • figassis 374 days ago
    The user should provide a password, that is only useful if the service emails the recipients with a link to hosted page that will decrypt the data client side.
    • moinism 374 days ago
      That is a good suggestion and doable too.

      But if the recipient forgets the password? They won't be able to reset it, in most case either, because the reset link goes to the original email which the recipient may not have access to.