FAQ

Are you a 501(c)(3) organization?

No. A 501(c)(3) organization is a United States corporation. We are operating from the EU.

Could I not just use Twitter/X, Bluesky or Facebook for the same purpose?

Yes, and nothing is preventing you from doing that.

However, these are some if the issues we believe you should consider.

• Twitter, Bluesky, Facebook and most other social media platforms do not respect user privacy. They collect personally identifiable information about their users and shares it with third parties. This is stated in their privacy policy.
• Most social network platforms that could be used for the same purpose is profit based and can easily be bought, change ownership, or otherwise have their business conditions changed.
• aliveorwhat.com is specifically dedicated to the purpose. As such, it is run as a nonprofit privacy-focused project. We do not collect nor share users personal information with third party.
• Not everyone is comfortable sharing their personal account information to Twitter, Bluesky, Facebook, etc., even with family members.

Who is supposed to be the trusted contact?

The idea behind aliveorwhat.com is that you choose someone to be your trusted contact.

If something happens to you, your trusted contact logs in to aliveorwhat.com and change your "life status" to the status that matches your situation. Your trusted contact also has the ability to write a message to be displayed on your status page.

You need a responsible person to be your trusted contact. Ideally a family member. If you do not have any family members you trust, a good friend might be the right choice. You just have to remember that it must be someone that you are in contact with regularly such that the person will know if something happens to you.

I have lost my login token and/or password, is there a way for me to recover my account?

Sorry, no. This is for security reasons. You need to create a new account.

Why is there no "I forgot my password" feature?

Unencrypted email is inherently insecure and anyone working at the email provider, or anywhere in-between the sender email server and receiver email server, has direct access to see and read the email. This is something that has been exploited by malicious attackers many times.

The "I forgot my password" feature makes the email the single point of failure for all the accounts the user has. If attackers gain access to the user's email account, they can have password reset emails generated for all of the user's online accounts, changing every password to one known only to the attackers. This means that a compromised email account compromises the security of all other online accounts.

It is our opinion that the risk of implementing the "I forgot my password" feature outweighs the benefit due to the nature of this website.

We recommend that you write down your login credentials and store it somewhere safe or that you use a password manager, such as e.g. KeePassXC or gokey (both open source). Online password managers exist too. Some are open source, which you can host yourself, others are provided by companies which you pay for.

Why do you not have 2FA (two-factor authentication)?

There are too many problems with current so-called two-factor authentication solutions.

Most popular solutions require that you use your smartphone, but since many people with smartphones also use their smartphone for logging in, the purpose of two-factor is defeated. Furthermore, a mobile phone is not always available, it can be lost, stolen, have a dead battery, or otherwise not work. Despite the growing popularity of smartphones, many people do not own a mobile device, and take umbrage at being required to own one as a condition of using some service on their home PC.

An SMS gateway is not a trustworthy communication factor for this purpose either. Often SMS never reaches the recipient. SMS is also insecure and can intercepted by IMSI-catchers. Thus third parties can steal and use the token.

Users may also still be susceptible to phishing attacks. An attacker can send a text message that links to a spoofed website that looks identical to the actual website. The attacker can then get the authentication code, user name and password.

The ideal situation is to have an electronic dongle device (something you have), which you can use together with your log in cridentials (something you know), but most users do not want to purchase a separate unit.

We are investigating alternative solutions, but have so far found that every single solution present on the market today, whether it is PassKey, YubiKey, Everykey, TOTP or others, all have major problems, some being security related, some being a lack of proper hardware support, some being vendor lock-in and others, like PassKey, have just been a major disappointment due to how corporate interests have overruled good user experience.