Helping your online shadow rest in peace

Give me my freedom, for as long as I be
All I ask of livin’ is to have no chains on me
All I ask I of livin’ is to have no chains on me
And all I ask of dyin’ is to go naturally
I only wanna go naturally
From And When I Die by Blood, Sweat and Tears

Recently I’ve been hammering on you, dear readers, to be aware of the utter lack of privacy on social networks. So now in the interest of being fair, balanced and keeping you completely confused let’s take a look at the opposite problem: how to make all that important private online stuff available to those who need it after you are deceased. “Oh my,” I hear you thinking (recall my telepathic abilities), “Is Security for All not long for this world? Is the author suffering from some terrible terminal disease? Has this blog suddenly taken a morbid turn?” Okay, enough questions already! The answers are: “Not that I know of ” and in the immortal words of David Stone (aka Captain X-Ploit), “We’ve been over this. I still have at least 45 years left” and “This blog was always weird, so not much of a turn“. The point is that you have a very real online shadow, that like your metaphysical ghost will not rest in peace when there is unfinished business. Seriously though, have you ever considered what happens to all of that online information you keep adding to so prodigiously when you die? And how will your grief stricken loved ones be able to access your valuable online resources? In this article by Jack Cola on entitled What Happens To Your Email and Social Networking Accounts When You Die? there is some great information about how different online services handle an account when a user dies. And in this recent Lifehacker piece by Jason Fitzpatrick entitled What Should I Do About My Virtual Life After Death? there’s great practical information on planning for the inevitable with respect to your online shadow. Here is my four step condensation of this valuable information.

1. Make a list of all your virtual accounts.

List everything from your email accounts to your social networking profiles to one-off accounts for posting on individual forums. Once you have a complete list go through the list and cross off accounts that you want to be lost and unknown to your family and friends. If you have an account that you use [only] for blowing off steam with snarky comments, consider letting [it] go dark upon your death. If [an] account is part of the social networking profile for your business make sure that information is available.

This is a great exercise to go through regardless of your eminent or otherwise demise. I’m willing to bet that your list will be considerably longer than you ever imagined. And once you start culling that list, you might as well be proactive and close those accounts of dubious value right now.

2. Create a secure database of logins for the account list.

This secure database could be a physical one, locked in a home safe or bank’s safety deposit box or it could take the form of a digital keyring. If the executors of your estate are unskilled at computers consider the physical option. A keyring is much safer, however, and there are many excellent solutions. We’d recommend a portable version of KeePass on a flash drive. You can read our guide to KeePass here.

For the record, I live by KeePass and use a portable version. So if you’re a regular reader of this blog, or just happened to take my advice on this excellent password safe idea, you might be thinking “Done! I’ll just pass on my KeePass USB key and I’m golden”. Sorry, please refer to step #1. While it’s likely that you already have an exhaustive list of online accounts in your password safe, which is a dandy starting point, there is still the matter of culling and trimming those to relevant and active accounts. If you are like me, you probably have several dozen entries in your password safe of accounts that are no longer valid or you just never use anymore. There also is the matter of your loved ones’ access to the secure database. If that is a password safe on a USB key, they will need to know the password to the password safe. If you put the list in your safe at home or a bank safety deposit box, they will need to know the combination or have the key. And in every case your loved ones will need to know that this secure database exists, where it is and how to access it.

3. Include detailed instructions for how you want the plug pulled on your virtual life.

Do you want your executors to make an announcement? Post your obituary? Activate a guestbook on your web site, photo blog, or other virtual outpost and turn it into a virtual memorial?

This is very important since in the absence of detailed instructions the default behavior will be either unceremoniously close the account or let it live on as a virtual zombie. They need to be made aware that should they opt for the latter (zombie) then they will be haunted by your online shadow if not your actual ghost. A swell place for these instructions is as part of the secure database of logins described in #2. Just attach a note to each entry explaining what to do with the account. In case you were wondering KeePass, and every other password safe I’m aware of, supports notes or comments for entries.

4. Include information about each website’s specific terms of service regarding user death.
While many websites don’t have a policy for unsubscribing/deregistering, let alone for closing down accounts after someone has died, most of the more popular sites do. Here are some of the most prominent. Note that most of these extraordinary measures and policies are for executors who do not have access to the login credentials for the account. In other words these policies are primarily procedures to allow next of kin to obtain access to accounts where the inconsiderate deceased failed to follow the previous 3 steps. If you leave behind passwords and detailed instructions then all they have to do is log in as you and do what you wanted. With the website none the wiser.


If you have a Gmail account and you pass away, your next of kin will be allowed to access your emails. The account will stay open forever, but as the next of kin, you are able to request it to be deleted. To get access to the email account, you will need to supply the following information by fax or mail to Google to be granted account access of the deceased user account.

  • Your full name (next of kin), your contact information and a verifiable email address
  • The Gmail email address of the deceased person
  • An email containing the full headers of an email message that the deceased person has emailed you with the entire contents of the email
  • Proof of death
  • Documentation to prove that you are the lawfully allowed to access their email (if the deceased is over 18). If deceased person is under 18 of age, you must provide a birth certificate

After you’ve compiled the information, Google will verify it and grant you access to the user account.


If Hotmail accounts are left inactive for a period of time, the email account along with all the information will be eventually deleted (within the year) and therefore, you will not be able to access it. If you die, your next of kin will be granted access to your account provided they supply supporting documents such as a death certificate (similar to what Google needs). Hotmail will not reset the password for the deceased person, but you have to fax or mail information to gain access to the account such as:

  • Your email address
  • Your shipping address (as they send you a package in the mail)
  • Documents to state your are the benefactor or you have power of attorney
  • Your photocopied driver’s license
  • A photocopy of the death certificate
  • Information about the account holder such as first and last name, date of birth, city, state, zip, approximate date of the account creation and the approximate date of last sign in.

If you require more information, you can get it at Windows Live Help.


Yahoo has a much stricter policy over who can get access to your account. And that is no one. If you want to ensure no one has access to your emails when you die, you would want to choose Yahoo. Yahoo will not grant permission to anyone to access a deceased user’s account. The only permission Yahoo grants is for the account to be deleted. Therefore, Yahoo does not allow anyone to access your emails. The only way someone can do this is if they reset your account password.


Facebook will not grant anyone access to a deceased user account, but if the user of the account is deceased, their page will be turned into a memorial page once reqested. By filling out the form to turn an deceased users page into a memorial page, Facebook will remove sensitive information on the account like status updates and will only allow current friends to access the page. Family members will then be allowed to customise the page of the deceased user.


MySpace deceased user policy is a bit vague, but they state that if you are the next of kin, they will not grant you access to edit, or delete any of the content or settings on the account yourself, but you can request it to be removed if you deem appropriate. You can simply email and attach appropriate documentation such as a death certificate. However, if you have access to their email account, MySpace recommends that you reset the user password.

The point here is that unless you want your loved ones to have to jump through all kinds of nasty hoops in the event of your untimely passing, follow steps #1 though #3 so as to avoid step #4.

So the main points to take away from this admittedly morbid but hopefully informative post are as follows.

  • A huge amount of money can be saved in executor costs if you make it easier for your executors to sort out your affairs
  • Nobody has the slightest idea how much money in you have in PayPal, gold you have in World of Warcraft or dividends with other websites. That is unless you tell them.
  • Nobody wants their online shadow to become a zombie.
About these ads

5 thoughts on “Helping your online shadow rest in peace

  1. Great article – it’s always morbid to talk about, but it’s really important to think all of this through while you still can. I wrote a piece on death in the digital age last year that talks about some services that can also facilitate a dead man’s switch type of scenario, if you’re interested:

    (I’m not affiliated with any of the companies – I just find it fascinating to watch the direction this particular subject is evolving in.)

    • Your post is excellent. Covers an entirely different facet of this issue than this one. For the record I’m definitely following you on Twitter (to the extent that I do anything but lurk on Twitter) and have subscribed to the blog. Thanks for the link and the intro to your work.

      • Thanks, Joseph – I’m following you back on Twitter as well. :)

        I still have yet to see any company attempt to really make a legitimate go at handling legacy content besides the most basic social network profile stuff. It’s a shame, really. If I were hit by a bus tomorrow, 15 years of writing would simply evaporate, relegated to or google’s web cache. I’m honestly a little surprised that no one is really taking this opportunity and running with it. It’s a logistical nightmare, but once you get those questions answered, it could be pretty lucrative.

        Thanks for the reminder about my WoW gold though – holy oversight batman! Better add that to the list. (I wonder if I could request my family do some gold-farming for me after I’ve died.)

        (I found your post through the Security Blogger’s Network btw, as I’m subscribed to their RSS.)

    • That is a bit surprising. Back in the day, before the internets, all of the IP produced by writers was fixed in some physical, tangible form. This provided an automatic legacy for the estate of the writer in that the existence of books or articles or record albums provided clear evidence for copyright enforcement. Not to mention that it was very unlikely that the estate would not be aware of the IP in question. Fast forward to today and I would guess that the vast majority of the IP produced by writers is fixed in strictly digital form. While that is still recognized as a tangible form by copyright statutes, it is notoriously difficult to fix it in a tangible location. As you mentioned, upon your demise your IP will still be “out there in the cloud” but once the payments stop to your web provider good luck finding it. Furthermore, even though I’ve been producing web content for years (albeit mostly under creative commons license) I’m quite certain that my spouse has no idea where most of it is located. Even the active stuff. It’s not like there are books I’ve written lying around the house. I agree that a service that handled legacy content and digital estate planning for electronic IP producers would be quite lucrative.

  2. Pingback: Who gets your email account when you die? « LAW RESOURCE INDIA

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s