Micr0byteOct 15

I made a thing called Wellness Ping because someone I care about went silent and it took too long for anyone to notice.

You get regular check-ins via email. If you don't respond, your emergency contacts get notified.

Built it for anyone who might go missing and needs someone to notice: activists, journalists, researchers, solo folks.

I paid for premium hosting (high-reliability VPS in Sweden) and a quality email provider because uptime actually matters for something like this. Also paying extra for minimal data retention (7 days email activity, working toward zero content storage).

Free forever (as long as I'm alive) and open source.

https://wellness-p.ing

Wellness Ping

Show threaddatenwolfOct 15
@micr0 cool project. It should have some way to sign the PONGs, though, otherwise obtaining control over the email address the PINGs go to would negate it. I'm thinking using some PBKDF to derive the key from a passphrase. Signing the PONG verification code should happen client side though, so maybe bite that sour apple and have a tiny bit of JS to talk to the Web Crypto APIs https://developer.mozilla.org/en-US/docs/Web/API/Crypto
Crypto - Web APIs | MDN

The Crypto interface represents basic cryptography features available in the current context. It allows access to a cryptographically strong random number generator and to cryptographic primitives.

MDN Web Docs
Show threadJayson SmithOct 15
@datenwolf @micr0 It's funny, I was thinking this exactly! I don't live/work in such circles, but if someone were deliberately disappeared, and their government or whomever got control of their Email account and devices, this would be rendered meaningless since they could just keep responding, then the intended emergency contacts are none the wiser. I was thinking of a solution (sorry I'm not much of a programmer) where each pong must be accompanied by a secret passphrase known only to the user, and ideally stored as plaintext only in their mind. Of course this rules out responding by Email, since even if you're careful to always delete your pong from your Sent folder, fragments probably still remain.
Show threaddatenwolf

@jaybird110127 @micr0

Replay attacks are one of the most basic cryptographic protocol weaknesses. Hence my suggestion to use PBKDF derived asymmetric signatures for signing the reply to the random verification token.

By randomizing the verification token replay attack is mitigated, and by signing with PBKDF derived signature impersonation is mitigated.

Oct 15 at 2:37pmWeb
Show threadJayson SmithOct 15
@datenwolf @micr0 Still, if an adversary has access to the user's devices, they could potentially respond to the ping in exactly the same way as the user would have, thus failing to communicate that anything is in fact wrong. What would really be needed is some form of biometric authentication which cannot be replicated or bypassed, but of course not every user is going to have a fingerprint sensor, etc. on their devices. Even my idea of a passphrase is susceptible to coercion, unless there's also a panic passphrase designed to be sacrificed, which acts just like the real thing, but in fact sends a panic notice to emergency contacts. I've never actually been in such a situation, but I've always been fascinated by systems intended to deal with such situations.
Show threadMicr0byteOct 15
@jaybird110127 @datenwolf I was gonna add a pin in the next version (and a durress pin) so for those who need the greater security, they go to the link and enter their pin to do the check-in. and if someone forces you to check in you can enter your duress pin which will imedetly alert yoir contacts.
Show threaddatenwolfOct 16

@jaybird110127 @micr0 Biometrics suck for this kind of purpose, since any cheap-enough-for-the-consumer-market technology lacks the sophistication to not be fooled by easily copied features.

Passphrases can be stored in muscle memory. If you'd ask me to write down my passwords (with a pen on paper) I honestly couldn't do it. I have them stored in muscle memory (which also means that I have very hard time, i.e. impossible) to punchem them in on touchscreens.