Open Source Cadavers

Written by @Willow Brugh, with feedback and general awesomeness from John Willbanks, Sam Klein, and Michael Stone. Additional props to Adrienne and Sands for edits, and to Fin and Matt for kicking my butt into delivery.

In loving memory of my crypto-loving, open-access enthusiast, and occasionally suicidal friends. We will build more open worlds with our corpses. I just wish you would have held off for more unavoidable causes.

Early this year, yet another friend of mine up and died. There was of course a mess of things that had to be figured out. It wasn’t just the traditional things of cleaning out her house (I wasn’t around for that part) or figuring out the funeral (Viking in variety). It was new and interesting technical and moral turmoil of getting into her hard drive, questions of “should we even?”- her prolific music and authoring contributions rivaled by her extreme privacy. It was seeking the edges of her far-flung pockets of internet community to notify them personally, racing the deluge of social media notifications, not wanting them to find out about her the same way I found out about my grandmother – before the familial phone tree had reached me, a peripheral friend calling me based on a facebook post from my sister. A morbid seismic wave.

While I don’t have any control over how others plan for (or don’t) their demise, I have a say over my own. I can show my care for people dear to me my own compulsive, facilitating way by being sure they find each other as they find out, and in making sure information and knowledge I have to offer continues to be released under open access, even if I’m not there to do it. From doing humanitarian and disaster response (and just a general “awareness of the abyss,” as my mother used to tell my vast and angry younger self), I have had to face the looming possibility of my own death head-on. The networked reality that brought those strange new questions and moral quandaries for my friends’ deaths can instead be used to carry forward care and knowledge. This is a sort of guide for the bits of postmortem planning the internet and most lawyers have missed. It’s not complete – I’ve run into some interesting blocks and quirks, around which I’m eager to collaborate with others.

This post is less about things like wills (what happens to material possessions, who doles it out, and the like) and living wills (if you want to be kept on life support etc) – although I’ve added the templates I used to the wiki associated with this post as it includes digital artifacts and more awareness of gendered pronouns than other bits of the internet. This write-up focuses on specific aspects for Open Access and encryption enthusiasts. Brace yourselves for a morbid entry. Know I’m peachy keen, and being an adult about things, not in danger of harming myself or others. If you are in danger of harming yourself, please say as such directly, and get help, rather than indirectly through things like estate planning. It should be possible to speak about death without fear – that’s what I’m doing here. I hope you can hear it (and act) from a similar place.

I’ve divided components up into documents, accounts, notifications, and people. Documents are centralized with accounts, which are propagated via notifications to people, as triggered by a notification from a person. This means I only have to worry about keeping something up to date in one place — a change to a will or to a website password simply happens in the place of storage, without needing to notify everyone involved. As people become close to me, or exhibit destructive behavior, they can be added or removed from the notification pool. The notification mechanism is the one thing that has to remain consistent in this set up.

Digital artifacts

Executing wills can be a complicated thing, and there are additional snafus and hoops to jump through in granting digital rights postmortem, especially as most courts lack basic understanding of our home The Internet. I’ve thus set up both mechanisms to get access to passwords outside a court of law as well as making that access legitimate through bequeathing to individuals in my will.

I devise, bequeath, and give my technology to my [[relationship]], [[name]]. If [[name]] is unable or unwilling to accept, I bequeath the technology to my [[relationship]], [[second name]].
I devise, bequeath, and give my online profiles and digital assets, as primarily found in 1Password, to my [[relationship]], [[name]]. If [[name]] is unable or unwilling to accept, I bequeath my online profiles and digital assets, as found in 1Password to my [[relationship]], [[second name]].

Passwords and online accounts

I’ve taken moderate pains to ensure my online accounts are relatively secure, and so the issue of access when I’m not typing in the password is an interesting one. I like this writeup from Cory about the tension of secured privacy and passing things on after death. I’ve riffed on it accordingly, splitting the password for decrypting my 1Password in two, and giving each half to two people. These four folk don’t know who the others are, and they honestly have no reason to talk to each other, except in case of my death.

The encrypted aggregated passwords file is stored in a place accessible remotely. It auto-updates when I change things on my end, so I don’t have to think about keeping it up to date. 1Password can store encrypted notes, in which I included instructions (also found in templates) and reminders of each of the tasks I’ve requested of people.

But how will people know the time to act in that capacity has come, and how will they find each other? A mailing list, of course!

A mailing list

I’ve set up a mailing list for people who simply need to know (like my childhood friend who lives on a small farm on the Oregon coast and has no connection to my parts of the internet) as well as those who have agreed to take on certain responsibilities at the time of my death or incapacitation. These responsibilities include things like letting the hacker and maker space folk know, or telling the academics with whom I have ongoing projects, or getting into my stuff and taking care of the *ahem* sensitive material before we go into open access mode (there are things my mother has a right not to know). There’s a set of people tasked with tending to the online accounts. The ideal is a closed notice of death to people I’m close to, before it hits the rest of the internet. This eases the burden on any one person, while also providing a support network.

I sent each of these people a request for involvement, and then (if they agree to be on the list) instructions on how to use mailing lists in general and this one specifically. Then I set up an auto-responder to a mail posted to the list with instructions on what first steps are, and reminders of how to access information. In a continuing trend, templates for each of these things can be found in the template section of the wiki.

Failure Modes

Control Systems are Delicate

This is essentially setting up a control system for information dispensation and action upon my demise. Control systems are delicate – single points of failure (like that mailing list not working) or weakest links (unclear directions for action) have to be considered and accounted for. As the point of this exercise is to 1) ease burdens on my loved ones and 2) ensure open access intentions carry through past death, the two main issue I worry about in my set up is people getting falsely spooked and subsequently either a) leaking passwords / freaking out the internet or b) becoming jaded and inactive. As an example, a family member who had not been fully informed as to how the system set-up works posted to my mortality-based-mailing list early on with a “hey how does this work?” which could have cascaded a call to action followed by damage control and head-petting. Thankfully only three people were on it at this early stage. To mitigate this and things like it, a part of the auto-response template to a post to the email list is a “can you trust the message that triggered this?” prompt.

Threat Model

In infosec, considering what could go wrong in life as well as to the structures built to respond to those incidents would be called a “threat model.” What are anticipated complications, where do those come from, and what can be done to mitigate? My system is set up, as my dear friend Michael pointed out, as “more Murphy, less Mallory.” Meaning it’s anticipating death and issues with the deployment (accidental or otherwise) of the postmortem setup as occurring by accident, not malice. I’m not worrying about someone intentionally cracking my password vault (or setting up a spoof one for me to load passwords into). Some people do need to worry about these things, and it should be a part of their consideration when setting up a system which takes care of their digital assets postmortem. Of course there’s space on the wiki to document those cases and resulting structures as well.

an otter floating peacefully in water

This is serious. Here’s a picture of a cute animal from WikiCommons user Tm

Using this model, I’ve compared unintended consequences (mid to low probability false alarm and associated cognitive load in damage control; a vanishingly small likelihood of a scenario in which people I love and trust are secretly horrible people who seek out the other password holders who also end up being horrible and sneaky, and together they unlock all my passwords, and the falsehoods they post on social media are actually believed by people (thanks, anxiety-brain, for that worst-case-scenario!)) with non-action (the amazing set of people I am honored to have in my life have emotional and chaotic things to deal with which I could have avoided for them; work I find worthwhile but unpolished is not released into the world for others to make use of) and decided the how to act (or not). I’ve then built in mitigation and fall-backs into the structure of this control system. Here’s one example:

Yearly Test

I have a reminder set up to email The List once a year, as a test. Do all the mechanisms still work? Do people know where to find files, and can they gain access? If you’re prone to changing the password on your vault, this is a good time to be sure your halves-holders have the newest version. It’s also a good time to get assurance that people want to be on the list, and are willing to perform their tasks – do they respond to a yearly message? If not, you might not want to include them on the eventually dire actuality.

A body

If this so far has been within tolerable morbidity and dedication to loved ones, Open Access, and encryption, let’s push that just a bit further. I want to donate my body to science. Always have. (Imagine a wake involving everyone toasting “to science!”). But as with everything I do, I want whatever I have a hand in (ha!) to be Open Access.

Why is this so important? While I don’t think I’ll be a special snowflake for medical research (although visiting the far-flung reaches of the globe might embed some interesting things into my biology worth digging out and putting under high-powered microscopes), it’s possible that, if enough people sign up for this, someone involved will be a Henrietta Lacks. As it’s almost statistically impossible that any one of us would be that profitable to an organization, it’s likely to be a risk worth taking on the receiving organization’s end. But it’s a downstream obligation that, especially if it becomes common practice, opens up the benefits of medical research to a much wider part of the population (and external to the capitalistic models to which we’re subservient).

This downstream obligation could get tricky because I won’t have authority to uphold the obligations. I’ll be dead. So I made sure to give someone else that authority in my living will and will via power of attorney. Ideally, the organization receiving the cadaver will voluntarily comply — especially likely if the org is federally funded, because they’ll be under the federal open access mandate. Combining these two things manifests as WILLING my body, as the body becomes an object after death, and attaching obligations accordingly.

Using this template, I’ve started contacting places to see how amicable they are to Open Access of medical research, and to edx-style recording of medical practice in regards to the cadaver I’d be bequeathing them. The full list of cadaver-using medical organizations in the US can be found here, with the overview of willingness to work with the open access obligation here. If you hear back from one, please update the wiki or send an email. Similarly, please contribute additional country listings. Because it is vital that the accepting organization get the cadaver within a very short timeline, geographic proximity is a priority.

Here’s what I’ve gotten back so far:

“We don’t release any reports.”
“We never record anything having to do with bodies.” x 3

So the search continues… and I’m hoping for help in finding places that are willing to accept cadavers under these conditions. I’m also assuming that if enough interest is shown, pressure to accept the obligations in exchange for an influx of research material will encourage more programs to be flexible.


Please remember, my dear geek friends – understanding the theory of this is NOT the same as ACTUALLY doing it. OSC sets up mechanisms for granting digital rights, for passing on passwords, for slow-release information, and for open access to information possible from your death. Seeing the importance and care of fulfilling these steps means doing it. I’ve removed every possible barrier I can to showing care for loved ones, and commitments to causes even postmortem. All it takes is a little premortem planning.

You can help me, and this initiative, be more complete by contributing in the following ways:

Comment with Feedback

So far as I can tell, we’re in uncharted territory. I’m sure to have missed things in places, the language isn’t completely clear, and there must be interesting legal loopholes for Open Access donation obligations as well as for profiteers to be considered. Let’s make it better, together. Comment here or (preferably) edit the wiki.

Research Possible Organizations

Will organizations take cadavers with these obligations? Add to the list of possible organizations or update that same list with their level of willing compliance. We’ve made templates (surprising no one) – to be used and improved!


Be a part of open source cadavers by pledging to donate your body or by donating money to OSC. Donations will be used first cover hosting and registration costs for 10 years, then split halvsies between those maintaining it and continuing hosting and registration, all to be tracked on the wiki.