Socialize & Email After Death

May 24, 2013 by GADI007

Social networking has become an integral part of our lives. Through social networking, we are connected to friends and family; sharing photos, gossiping, tagging photos, sharing ideas, and meeting new people across the globe. Your social networking profile can become a spot where your friends and family can share memories of you. People who might not otherwise hear of your passing may learn of it through your profile page. We are opening our lives to a whole new world.

Have you ever imagined:

  • What happens to your social life or your personal mail after death?
  • What happens to your online presence after you die?
  • What these social networks do to your data after you die?

Would your data be in safe hands after you die? What would happen to your mails, posts, photos, personal information?

The answer to this varies from site to site. Each company has its own policies for handling data / profiles of the deceased ones. Some, like MySpace, do so on a case-by-case basis. Others, like Facebook, establish rules that allow friends and relatives to transform a normal profile into a memorial one.

In this article, we look at the features provided by various social networking sites to secure or handle our social life after we die.


Facebook is the most popular social networking site to date. Every kid born wants to be on Facebook 😉

Using Facebook, we make friends, like comments, share thoughts, tag photos, play games, and socialize in many other ways.

Facebook after death:

Facebook has a policy to handle the profiles of deceased individuals. Family members could choose one of two options:

  1. Memorializing the account: Facebook provides a policy to memorialize the account of a deceased person. In order to protect the privacy of the deceased person, Facebook does not provide login information for the account. However, once it has been memorialized, Facebook takes measures to secure the account.Facebook provides a memorialization request form as shown below:After memorializing the users account, Facebook ensures to protect their privacy. Here are some of the key features of memorialized accounts:
    • No one can log into a memorialized account and no new friends can be accepted
    • Depending on the privacy settings of the deceased person’s account, friends can share memories on the memorialized timeline
    • Anyone can send private messages to the deceased person.
    • Shared content of the deceased person (ex: photos, posts) remains on Facebook and is visible to the audiences it was shared with.

    Memorialized timelines don’t appear in People You May Know and other suggestions.

    Creating a timeline in remembrance of an already deceased person is not allowed. However Facebook encourages you to create a separate page to do this.

    Facebook is only able to consider requests for account contents of a deceased person from an authorized representative. The application to obtain account content is a lengthy process and will require you to obtain a court order.

  2. Removing the Facebook Account: Facebook will delete an account permanently upon the family’s request.Facebook will process certain special requests for verified immediate family members, including requests to remove a loved one’s account. This will completely remove the timeline and all associated content from Facebook so no one can view it.For all special requests, Facebook requires verification that you are an immediate family member or executor. Requests will not be processed if Facebook is unable to verify your relationship to the deceased.Examples of documentation that they will accept include:
    • The deceased’s birth certificate.
    • The deceased’s death certificate.
    • Proof of authority under local law that you are the lawful representative of the deceased or his/her estate.


Google provides a lot of free services to its users like Gmail, Orkut, Picasa, Google Drive, Youtube, etc.

Google has recently introduced a service to let people control what happens to their email, online photos and blog posts saved in its accounts, as concern grows over what happens to users’ digital life when they die.

What should happen to your photos, emails and documents when you stop using your account? Google puts you in control.

You might want your data to be shared with a trusted friend or family member, or, you might want your account to be deleted entirely. There are many situations that might prevent you from accessing or using your Google account. Whatever the reason, Google gives you the option of deciding what happens to your data.

Using Inactive Account Manager feature of Google, you can decide if and when your account is treated as inactive, what happens with your data and who is notified.

The features provided by the Inactive Account Manager are as follows:

  1. Timeout period: You set a timeout period after which your account can be classed as inactive. The timeout period starts with your last sign-in to your Google account. The timeout period can be selected and ranges from 3 months to 18 months.
  2. Alert me: The Inactive Account Manager will alert you via email or text message before the timeout period ends. You can add a mobile phone number or an email address to the list.
  3. Notify contacts and share data: Add trusted contacts who should be made aware that you are no longer using your account. You can also share data with them if you like. Google allows you to add up to 10 trusted friends or family members who should be notified that your account is inactive.The survivors could receive all the pages where you clicked the “+1” buttons, any blog posts and comments from the Blogger service, your Google contacts and the members of your Google+ Circles, the files in your Google Drive, your Gmail email, Google+ Profiles, Picasa photo albums, Google Voice phone data and YouTube viewing.
  4. Optionally delete account: If you wish, instruct Google to delete your account once all requested actions have been completed.
    All data associated with your products will be deleted; this includes your publicly shared data like YouTube videos, Google+ posts or blogs on Blogger.


Twitter is an online social networking service and microblogging service that enables its users to send and read text-based messages, known as “tweets.”

On similar lines of Facebook, Twitter also provides policies for deactivating the account of the deceased user.

An authorized person can act on the behalf of the estate or with a verified immediate family member of the deceased can get in touch with Twitter to have an account deactivated.

In order for Twitter to process an account deactivation, it requires a family member of the deceased user to provide all of the following information:

  1. The username of the deceased user’s Twitter account (e.g., @username or twitter.com/username)
  2. A copy of the deceased user’s death certificate
  3. A copy of your government-issued ID (e.g., driver’s license)
  4. A signed statement including:
  • Your first and last name
  • Your email address
  • Your current contact information
  • Your relationship to the deceased user or their estate
  • Action requested (e.g., ‘please deactivate the Twitter account’)
  • A brief description of the details that evidence this account belongs to the deceased, if the name on the account does not match the name on death certificate.
  • A link to an online obituary or a copy of the obituary from a local newspaper (optional)


LinkedIn is a social networking website for professionals. It allows registered members to establish networks of people they know and trust professionally.

LinkedIn provides a form called Verification of Death – Deceased Member for removing the LinkedIn account of the deceased ones.

If a family member/colleague/classmate comes across a profile of the deceased member, they can notify the customer service to remove the LinkedIn profile of the member by completing a form.

In the above article, we have seen that all the popular social networking sites provide the user the option to handle / secure their data after death.

Let’s look at preparing your online life for death.

Imagine that you die with the computer passwords in your head, leaving your family members, co-workers without access to your critical files, bank accounts, or that you die with a secret that you longed to reveal during your lifetime.

A user may have multiple bank accounts, social networking account and other critical data stored online. Not all websites have policies to deal with your account after your death.

One of the best ways is to designate someone to be in charge of your online accounts after you die. You’ll need to create a list of your user names and passwords and put it in a safe place. A few companies will store that information for you.

Let us look at few of the websites that provide you with these features for storing your confidential data online and hand over these details to your family members in a safe and secure manner.


Legacy Locker is an online website that provides a secure way to pass your access to online accounts to friends and families. The user can store their passwords of online accounts (emails, bank details, networking sites and other online accounts) in it.

Legacy Locker provides the following features:

  • Provides a digital safety box for storing the user credentials
  • Provides online encrypted storage of critical documents (agreements, contracts, wills, trusts, deeds, etc.)
  • Assign beneficiaries; people who will receive your digital assets or login information of all the accounts created online
  • Provides features for storing Legacy Letters; a note for someone which can be mailed automatically to them in the unfortunate event of passing.
  • Uses 256-bit encryption based on multiple 512-bit hash keys on all information being passed through 256-bit encrypted secure socket layers (SSL), which is encrypted over a thousand times before being stored in their maximum security databases in its encrypted format.

Legacy Locker provides a multiple stage verification process for securely delivering information upon a user’s passing requiring human intervention. Verifiers are contacted via email to confirm a death, and they require the receipt of a physical, printed death certificate prior to releasing any sensitive information.

Other websites that provide similar features:

However some of the users are not comfortable or may not trust these third party websites for storing their sensitive credentials / data. There also might be a chance of these sites being hacked.

In such cases, the user could encrypt their data or store their password in an encrypted drive and give the decrypting key to the people they trust.

In this article we see that companies are acknowledging the problem of what to do with your data once you die. Most of the responsibility falls to you and your family. We need to take care of the data and passwords which can save our loved ones from experiencing hours of frustration on top of the grief.


Posted: May 24, 2013
View Profile

GADI007 is an Information Security Professional with experience in network and Web application penetration testing. He is currently a security researcher at Infosec Institute and works for a leading IT company.