Whitepaper
v1.0 — April 2026
A technical overview of the Deadswitch platform — its purpose, cryptographic architecture, threat model, and design principles.
Abstract
Deadswitch is a cryptographic dead man's switch designed to protect journalists, whistleblowers, and dissidents. If the data owner fails to check in within a user-defined timeframe, the system automatically triggers and releases their encrypted data to designated recipients.
The platform employs a dual-layer encryption model using open-source OpenPGP cryptography. All encryption is performed client-side in the user's browser — Deadswitch never has access to unencrypted user data. The system is designed to be censorship-resistant, fault-tolerant, and to function even if the Deadswitch infrastructure itself is compromised or destroyed.
"No custodian of the truth should have to fear their deliverance of the facts."
Jacob Riggs, Founder
The Problem
Journalists, whistleblowers, and dissidents who possess material that exposes wrongdoing face an asymmetric threat. The subjects of their disclosures — governments, corporations, criminal organisations — often have vastly superior resources and a willingness to use intimidation, imprisonment, or violence to suppress information.
Traditional safeguards rely on trust in third parties: a lawyer, a colleague, a secure drop. Each introduces a single point of failure. A lawyer can be served with a court order. A colleague can be intimidated. A secure drop can be seized.
The core problem is one of deterrence. If a powerful adversary knows that silencing the data owner will prevent disclosure, there is an incentive to use force. The data owner needs a mechanism that inverts this dynamic — one where the use of force guarantees disclosure rather than prevents it.
The Solution
Deadswitch provides a digital dead man's switch — a system that requires periodic, deliberate action from the data owner to prevent the release of their data. Any action that prevents the data owner from checking in — detention, disappearance, death — directly causes the very disclosure the adversary sought to prevent.
The mechanism is mathematically enforced through cryptography, not through trust in any individual or institution.
Zero-Knowledge
All encryption occurs in the user's browser. Deadswitch never sees or stores unencrypted data.
Deterrence by Design
Interference with the data owner triggers disclosure — it does not prevent it.
Censorship-Resistant
Even the destruction of the platform cannot prevent data from reaching its recipients.
Open-Source Cryptography
Built on OpenPGP — an open standard with decades of peer review. No proprietary algorithms.
Dual-Layer Encryption
Deadswitch uses OpenPGP.js to encrypt files twice in the user's browser. Each switch generates a unique ECC (Curve25519) key pair with a random passphrase. For each file, for each recipient:
Outer Layer
Deadswitch Key
Inner Layer
Recipient Key
Core
Original File
Encrypted inside-out — decrypted outside-in
The inner layer encrypts the file to the recipient's PGP public key. Only the intended recipient can ever decrypt this layer — even Deadswitch cannot read the data.
The outer layer acts as a time lock. The private key is published on the switch page at creation, but the passphrase is withheld until trigger. Without the passphrase, the key is useless.
Only the doubly-encrypted ciphertext is uploaded to the server. If a switch has multiple recipients, each file is encrypted separately for each recipient's key, ensuring no recipient can access another's data.
Switch Lifecycle
A switch progresses through a defined series of states, from creation through to either trigger or termination.
Confirmed: The switch is active and the countdown is running. The encrypted files and the Deadswitch private key are publicly visible on the switch page. The passphrase remains hidden.
Triggered: The deadline has passed without a check-in, or the owner has manually triggered. The passphrase is revealed, recipients are notified by email, and a notification is published to Twitter.
Terminated: The data owner has checked in by authenticating with their termination password — a dedicated credential set during switch creation, separate from their account password.
What Happens on Trigger
The trigger mechanism is automatic. A process runs every minute checking for switches whose deadline has passed. When a switch triggers:
Deadline Passes
Passphrase Revealed
Recipients Notified
Client-Side Decrypt
No decryption occurs on the server. The recipient's browser uses the now-available passphrase and private key to remove the outer layer via OpenPGP.js. The inner layer remains — only the recipient's own PGP private key can unlock it.
Resilience & Fault Tolerance
A dead man's switch that can be silenced by attacking the platform is not a dead man's switch. From the moment a switch is confirmed, the encrypted files and private key are publicly accessible. The passphrase is the only piece withheld.
Any member of the public can download and cache the encrypted data before trigger. When the passphrase is released — on the switch page, via email, and on Twitter — these individuals become volunteer couriers, able to remove the outer encryption layer and deliver the still-recipient-encrypted files to the intended journalists, even if Deadswitch has been taken offline.
Platform DDoS
Files and key already cached by the public. Passphrase published to Twitter. The public decrypts and delivers independently.
Server Seizure
Seized servers contain only ciphertext. If the passphrase was already published, the public completes delivery from cached copies.
Court Order
Deadswitch holds no unencrypted data and cannot decrypt the inner layer. Compliance yields nothing of value.
Insider Compromise
A compromised operator can access the outer key but not the inner layer. Files remain encrypted to recipients whose keys are held externally.
The passphrase is a short string — easily transmitted via social media, messaging apps, or word of mouth. It is the dead man's switch within the dead man's switch: the one piece of information whose release triggers a cascade that no infrastructure attack can prevent.
Threat Model
Deadswitch is designed to protect against adversaries with significant resources, including state actors.
Detention or disappearance: If the data owner cannot check in, the switch triggers automatically. The adversary's action directly causes the disclosure they sought to prevent.
Coerced termination: The data owner can submit the trigger password under duress to immediately release the data, or provide the termination password to appear compliant while maintaining other switches or taking alternative action.
Legal compulsion: The platform holds only ciphertext and cannot decrypt the inner encryption layer. Deadswitch cannot be compelled to produce data it does not possess.
Cryptographic compromise: The system uses well-established, peer-reviewed cryptography (OpenPGP, ECC Curve25519). A fundamental break in these algorithms would affect global infrastructure far beyond Deadswitch.
"There is a salient and undeniable truth to cryptography which I've always found appealing — that no measure of violence or proscriptive legislation will ever solve a math problem."
Jacob Riggs
Design Principles
The following principles guide every design and engineering decision in the development of Deadswitch.
Zero Knowledge
The platform must never have access to unencrypted user data. All encryption occurs client-side; the server only stores ciphertext.
No Single Point of Failure
The destruction of any single component — including the entire platform — must not prevent data from reaching its recipients.
Public as Infrastructure
By making encrypted files and keys publicly available, the public becomes a decentralised, censorship-resistant delivery network.
Deterrence Over Defence
The goal is not to hide data, but to make its release inevitable. The value lies in the credible guarantee that interference causes exposure.
Deliberate Action
Check-ins must be intentional. Passive authentication is insufficient. The data owner must consciously decide to extend or cancel the switch.
Open Standards
All cryptography uses open, peer-reviewed standards. No proprietary algorithms, no custom encryption, no security through obscurity.