FinalMessage - Last Resort Security For Your Crypto
What would happen to your cryptocurrency holdings if something bad happened to you? No one is protected against death, memory loss, or any other terrible accident, so Bitcoin entrepreneurs Matt Odell and Murtaza Ali have launched an elaborate "dead-mans" protection switch called FinalMessage. (Updated on June 17 with answers from Matt Oddell.)
FinalMessage is a crypto messaging service which sends a message to your trusted friend or partner in case something happens to you, and you stop engaging with the switch. In such case, you could pass one last "cryptographically secure message" to the people you care about - be it your private keys, will, or any other private information.
According to the service's creators, that is the intended use case, but the actual implications of the service are limited only by the user's creativity.
As explained on the project’s website, the service sends 1 of 3 Bitcoin multisignature keys to your recipient in the event of an emergency. The system assumes emergency event if you stop paying for the subscription.
A message uses SHA256 hash, which is used in digital signatures, message authentication codes, and is encrypted in the user’s browser together with a password before being sent to FinalMessage’s servers. The Bitcoin network acts as a trigger mechanism for the messages. It works with both Bitcoin and Bitcoin’s lightning network.
If you stop paying us, the switch expires, and the email is sent out to the designated recipient.— Matt Odell (@matt_odell) April 23, 2019
The system is built with as minimal trust as possible and works the following way:
- You create a switch through the service’s website. There are four kinds of switches currently offered: a week, a month, six months, and a year.
- The switch triggers if you fail to renew it. In such a scenario, the service automatically assumes something terrible happened to you, meaning it is the right time to send the message to your trustee.
- Every switch can be decrypted with a password. You must provide them with a password in advance; otherwise, they can’t decode it.
At the moment, the service will cost you up to USD 50 per year for a single emergency message, and there is no option to cancel your switch, so be mindful if you choose to set up one.
Matt Odell has also answered several our questions:
Cryptonews.com: How many users do you have?
Matt Odell: We have about 200 active switches currently
How do you ensure the security of the service?
We can't read the messages. Users should go a step further and construct their messages so even if the encryption were broken somehow a malicious actor still couldn't do anything. This is why I like the idea of using it with a multisig key. Even if the encryption is compromised a malicious actor can't take your funds.
What are the further development plans?
We plan to add the ability to cancel your switch using a 2FA token.
Anything else you think people should know about FinalMessage?
Be creative. Be paranoid. Use multiple methods, FinalMessage simply being one of them.