What I Found
The Problem by the Numbers
I wanted to understand the state of digital succession — what happens to your accounts, domains, crypto, and infrastructure when you die. Every claim below is verified against primary sources.
| Fact | Number | Source |
|---|---|---|
| Americans who died in 2024 | 3,072,666 | CDC NCHS Data Brief No. 548 |
| Average online accounts per person | ~168 | NordPass 2024 study |
| People with any digital succession plan | Very few | No authoritative study exists; industry estimates vary |
| Domain registrars with a beneficiary field | 0 | ICANN Transfer Policy review |
| SSA Death Master File capture rate | 16% | The Berwyn Group |
| Living people deliberately classified as dead (April 2025) | 6,000+ | Washington Post / CBS News |
| Bitcoin permanently lost | 2.3–3.7M BTC | Chainalysis (2018 methodology) |
| npm packages with no release in 12 months | 61% | Snyk research (2019) |
| QuadrigaCX funds owed when CEO died | $215M USD | Ontario Securities Commission |
The death verification infrastructure in the US is broken. The SSA Death Master File — the government's primary system — went from broad coverage to capturing only 16% of deaths. Access was restricted after identity theft concerns and never recovered. There is no public, machine-readable, real-time death verification API anywhere in the world.
When someone dies today, their domains expire and get squatted. Their private repos die with them. Their AWS accounts run up bills behind MFA locks. Their self-custodied crypto becomes unrecoverable. Most digital assets are just lost.
The Legal Landscape
I'm a sysadmin reading statutes, not an attorney drafting briefs. Nothing here is legal advice. But I read every word of RUFADAA and its state adoptions, and this is what I found.
RUFADAA: The Law Nobody Knows About
The Revised Uniform Fiduciary Access to Digital Assets Act has been adopted by 48 US states and the District of Columbia. It establishes a three-tier priority for digital asset succession:
- Tier 1 (highest priority): Directions given through an "online tool provided by a custodian"
- Tier 2: Directions in wills, trusts, powers of attorney
- Tier 3 (lowest priority): Platform terms of service
That Tier 1 provision is interesting. If a platform offers a succession tool and you use it, your directions through that tool override your will, your trust, and the platform's own terms of service. It's the strongest legal standing available under current US law.
The Untested Question
RUFADAA defines an "online tool" as "an electronic service provided by a custodian that allows the user, in an agreement distinct from the terms-of-service agreement, to provide directions for disclosure or nondisclosure of digital assets to a third person."
The question is: would a third-party protocol (like 0xDEAD) integrated by a platform qualify as an "online tool provided by the custodian"? The statute says "provided by," not "created by." If a platform offers the tool through its own interface, the language seems to fit — same way platforms "provide" Plaid or Stripe without building them.
No court has tested this. No published appellate decisions on the "online tool" tier across any of the adopting states, over more than a decade. That's both the biggest risk and the biggest opening for any technical solution here.
Coverage Gaps
- Delaware retains the original UFADAA (no three-tier system)
- Louisiana has neither version
- Oklahoma enacted RUFADAA in November 2024
International
Germany's BGH Facebook ruling (2018, BGH III ZR 183/17) is the strongest international precedent — digital account contracts pass to heirs by operation of law. GDPR Recital 27 explicitly excludes deceased persons' data. EU eIDAS 2.0 Digital Identity Wallets (due by November 2026) could become an integration path. France has specific digital death provisions via the Loi pour une République numérique (2016). Nordic countries have the best death registration infrastructure globally.
What Exists Today (And Why It's Not Enough)
Platform Tools
Google's Inactive Account Manager, Apple Legacy Contact, Facebook Legacy Contact, and GitHub Account Successors all exist — but they're siloed, all different, and limited.
- Google IAM lets you designate contacts but only for data download — not account access
- Apple Legacy Contact requires both a death certificate and a pre-generated access key
- Facebook's legacy contact can pin posts but can't read messages or log in
- GitHub Account Successors — exists in settings, but only covers public repos
- Domain registrars? Nothing. Zero. Across the entire ICANN ecosystem.
Consumer Estate Planning
Trust & Will ($75M raised, 1M+ users), FreeWill ($30M+, 1M wills), Empathy ($162M raised) — there's real money flowing into death-tech. But these companies build vaults and document generators, not transfer protocols. They solve the inventory problem ("here's a list of my accounts") but not the transfer problem ("actually move control to my successor in a way platforms can verify").
Crypto Inheritance
Casa, Unchained ($106M+), Sarcophagus ($5.47M), Safe Haven, Bron — the crypto space has purpose-built inheritance tools. But they only speak crypto. They can't tell a domain registrar to transfer a domain.
The Gap
Nobody occupies the protocol layer. A standardized, cross-platform succession protocol — where "transfer my domain to my partner when I die" is as machine-readable as "transfer $100 to this account" — doesn't exist.
Case Studies: When Maintainers Disappear
When a maintainer dies, burns out, or walks away, the namespaces they controlled — package names, usernames, domains — don't gracefully retire. They decay into attack vectors. The security community calls it namespace recycling: an adversary claims the abandoned namespace and every project that depended on the original now silently pulls from the attacker.
Seven major incidents are documented below — from npm's event-stream handoff to GitHub's 9-million-repo RepoJacking exposure to the silent rot of expired maintainer email domains. The pattern is always the same: one person, no succession plan, catastrophic blast radius.
Read the full case study: Dead Maintainers, Hijacked Packages →
What a Solution Could Look Like
The AT Protocol — the protocol behind Bluesky — already solved a structurally identical problem. Account portability lets you move your identity to a new provider. Succession is moving your identity to a new person. Same architecture, different destination.
The 0xDEAD protocol extends ATProto with an inverted liveness model: instead of you periodically proving you're alive, multiple independent entities passively attest to your liveness — service logins, professional contacts, family, automated signals. Each heartbeat is recorded as a privacy-preserving blinded hash. When those heartbeats go silent, the protocol escalates. When designated verifiers confirm death, DID PLC key rotation transfers your identity to your successor.
Two custom lexicons. Five protocol steps. Real infrastructure running in production today.
The building blocks:
- AT Protocol — identity (DIDs), signed data repos (Merkle trees), relay network, labeler services. On track to become an IETF Internet Standard.
- did:plc — key rotation with priority hierarchy. The succession primitive — higher-priority keys can override lower ones within 72 hours.
- COSE / SCITT — signing formats and transparency logging. Complementary to ATProto's self-authenticating repos.
- Sigstore — OIDC-bound identity signing. In production at Python, npm, Maven, Kubernetes.
Nobody has extended ATProto beyond social media applications. The RFC draft is a sketch of what succession could look like on this infrastructure — a starting point, not a standard.
Key People & Further Reading
If you want to go deeper, these are the names and specs worth knowing:
People: - Suzanne Brown Walsh (Harris Beach Murtha) — Chaired the ULC committee that drafted RUFADAA, currently ULC Secretary. Her opinion on the "online tool" interpretation would be authoritative. - Dan Lorenc — Creator of Sigstore, CEO of Chainguard. Sigstore is the identity-signing infrastructure that a succession protocol would build on. - Filippo Valsorda — Independent cryptography maintainer (Geomys). Maintains Go's crypto libraries. Writes extensively about software supply chain security. - Santiago Torres-Arias — SCITT contributor, Purdue University. Works on supply chain transparency and integrity.
Standards: - Sigstore — Keyless code signing using OIDC identity - SCITT — Supply Chain Integrity, Transparency, and Trust (IETF) - COSE / CBOR — CBOR Object Signing and Encryption (RFC 9052) - RUFADAA text — Uniform Law Commission
Validation signal: - Demumu / "Are You Dead?" — A Chinese liveness check-in app that went viral in January 2026 with 10M+ downloads, becoming the #1 paid app in China. It validates that people want the concept of "checking if someone is alive" at consumer scale.