[bierjunge]

I'm not saying the app is useless, I'm only saying that it's not as easy as the website states. I personally wouldn't use a mobile app for that, because it's too risky in my opinion.

Let's say we have a scenario where someone has confident information incriminating one of my theoretical adversaries and configured Zoldy with the data. What if I hire a thug to steal and destroy the phone? Will the owner be able to stop the messages which he does not want to be sent?

Can the app be restored to a functional state on a different device? If yes, then a malicious third party would be able to get access to the Google/Apple account and restore it gaining control of the sensitive information.

The website states, the data is stored in Firebase. But how does the app access it? Is there a gateway server you control? If yes, I wouldn't even bother with the previous scenarios, but attack that server and get ALL the data. Not only from one target, but from all, which would be pretty much a disaster (for you, the app and all the customers).

[vorpalhex]

Yeah, a smartphone based deadman is not great for the reasons listed. Ideally you would have key escrow running in a few places ala Shamir and then already have the data widely distributed (bittorrent, ipfs) but encrypted.

You can still handle check-in via device but you need a 2nd factor of something only you know, with false values that will trigger a dispersal.

[rmoon]

I guess we are all rightly used to seeing the dangers first, there is no deadman, there is one very important reason for me that made me see how difficult it is for some people to defend themselves when all you have is information.

[rmoon]

I reply myself, yes!, it could also be used as a Dead man's switch. Sorry, my bad!

[rmoon]

> I'm not saying the app is useless, I'm just saying it's not as easy as the website says. I personally wouldn't use a mobile app for that, because it's too risky in my opinion.

It is assumed that you are in a risky situation, or you want to have control of the information if something were to happen, I honestly think it is easy or maybe I should try harder to explain it better, you upload the files, configure the emails and activate or deactivate the different functionalities it offers which yes it is true they are varied and nonexistent in the market. I thought of this service for smartphones because it is what you carry with you almost always, I never thought, sincerely in a web service.

> Suppose we have a scenario where someone has confidential information incriminating one of my theoretical adversaries and sets up Zoldy with the data. What if I hire a thug to steal and destroy the phone? Will the owner be able to stop the messages he doesn't want sent?

I suppose in this situation a person has the phone and is being attacked to destroy it in order to stop the service so that the emails are not sent, however in the above reasoning something escapes me, you see, if I have the service activated it is because I want to use it in case something happens to me, why would I want to stop it. If the phone is destroyed without the service being Notifications On, when the service time is over everything will be automatically erased, which links to the next question...

> Can the application be restored to a functional state on another device? If so, then a malicious third party could access the Google/Apple account and restore it by gaining control of sensitive information.

No, the app only works on a single device, in fact, it is tied to it, the device is the "user". You can't move it between devices or share it.

> According to the website, the data is stored in Firebase. But how does the application access them, is there a gateway server that controls? If so, I wouldn't even bother with the above scenarios, but attack that server and get ALL the data. Not just from one target, but from all, which would be pretty much a disaster (for you, the app and all clients).

Your files go from your terminal to Firebase directly, they don't go anywhere else, the app doesn't access them just upload them, you can delete them of course, you can attach those files to any email and they stay there for the duration of the service and if the emails are sent they stay there for 15 days so the recipients can download them, then everything is automatically deleted, files, emails and messages.

That way your files go from your terminal to Firebase and if for any reason the emails were sent, only go to the recipients you have previously defined.