Technology & Security
6 mins ago |
By C. Edward Kelso – |
Edward Snowden Launches Open Source Safe Room App
Smartphones aren’t just about basic communication. They hold intensely personal information, financial records, hordes of cryptocurrencies. As valuable as they are to owners, they’re at least that or more to those who might do harm. Dissident Edward Snowden is helping to launch Haven, an open source project designed to help protect investigative journalists, human rights defenders, and government corruption whistleblowers.
SNOWDEN OFFERS PEACE OF MIND APPLICATION IN PUBLIC BETA
“Haven is for people who need a way to protect their personal spaces and possessions without compromising their own privacy,” the project’s Github explains. “It is an Android application that leverages on-device sensors to provide monitoring and protection of physical spaces. Haven turns any Android phone into a motion, sound, vibration and light detector, watching for unexpected guests and unwanted intruders.”
It’s the pet project of noted US government whistleblower Edward Snowden. He’s best known for having run afoul of the one hundred year old Espionage Act and stealing government documents. As a CIA contractor, he evidently obtained unauthorized access to previously publicly unknown surveillance nets used by governments and telecommunication giants. The sensitivity of the information he nabbed meant immediate efforts to seek asylum, and he eventually was accepted by Russia in 2013. Excerpts from Mr. Snowden’s documents were published in The Guardian, Washington Post, New York Times, Le Monde, and Der Spiegel.
The open source, beta release was initially meant for “investigative journalists, human rights defenders, and people at risk of forced disappearance to create a new kind of herd immunity. By combining the array of sensors found in any smartphone, with the world’s most secure communications technologies, like Signal and Tor, Haven prevents the worst kind of people from silencing citizens without getting caught in the act,” the site claims.
The application came about through funding from the Freedom of the Press Foundation (FPF), an organization designed to give support to whistleblowers like Mr. Snowden and in the tradition of Daniel Ellsberg, not to mention journalists such as Glenn Greenwald. FPF was instrumental in developing Secure Drop, originally conceived by Aaron Swartz, assisting as a go-around for Wikileaks, thwarting the cabal to block its funding.
INTERCEPT JOURNALIST GIVES IT A WHIRL
Investigative journalist Micah Lee of The Intercept notes his entire professional livelihood is contained on his laptop and other devices. He follows encryption protocols, but that wouldn’t prevent tampering without his knowing. “If I come back and continue to use my compromised computer, the attacker could gain access to everything,” he writes.
The application “only saves images and sound when triggered by motion or volume, and stores everything locally on the device,” according to the site. “You can position the device’s camera to capture visible motion, or set your phone somewhere discreet to just listen for noises. Get secure notifications of intrusion events instantly and access the logs remotely or anytime later.”
Mr. Lee, who helped in developing Haven, points to its potential limitations. False positives are probably the easiest example. Having settings designed to be extra sensitive would capture routine goings-on, taking up valuable space and possibly contributing to undue paranoia. “You definitely need a separate Android device to use Haven effectively,” he warns. “A clever attacker who knows that you’re using Haven could jam the wifi, mobile data, and SMS wireless frequencies, preventing Haven from sending you notifications. The attacker could then attempt to access the phone to delete the local evidence logs from the device as well,” he points out.
Less obviously, “If an attacker can both jam your Haven phone’s radio signals and also hack into it to delete the evidence of intrusion,” Mr. Lee continues, “it’s possible for them to then still do an evil maid attack on your laptop without getting caught.” There also a lot of little steps to make a so-called safe room. A couple of times Mr. Lee “positioned my Haven phone in the right place, made sure it was connected to wifi so I could get notifications, and plugged in so the battery wouldn’t die, but then forgot to actually activate the app. Several hours later when I returned to my room and found the Haven phone deactivated, I had no way of knowing if an intrusion occurred or not.”
As with any beta rollout, there are bugs to be found, and that’s why the code has been released open source. Everyone is encouraged to contribute to making the application that much more secure and usable, rather than just a way to pick up loud noises.
For now, it’s only available through Google Play. Apple users will have to wait for a direct application, the project insists, but in the meantime can snag an Android burner phone, and then if “you run Signal on your iPhone, you can configure Haven on Android to send encrypted notifications, with photos and audio, directly to you. If you enable the Tor Onion Service feature in Haven (requires installing Orbot app as well), you can remotely access all Haven log data from your iPhone, using the Onion Browser app,” they urge.