Kushal Das

FOSS and life. Kushal Das talks here.

kushal76uaid62oup5774umh654scnu5dwzh4u2534qxhcbi4wbab3ad.onion

Using Haven app to secure your belongings

On 22nd December, Edward Snowden (President, board of Freedom of the Press Foundation) announced a new project called Haven, which is built in collaboration between The Guardian Project and Freedom of the Press Foundation. Haven is an Android app which will turn any Android phone into a monitoring system to watch over your laptop, or your house.

The problem Haven is trying to solve is an old one. How do you make sure that no one is tampering with your hardware (or secretly searching your house) while you are away? There is no easy and 100% secure solution, but Haven enables us to see and record what is happening. It uses all the available sensors including microphones (generally there are 3 of them), accelerometer, and camera.

How to install Haven on your phone?

I’ve been wanting to try this app for some time, but I didn’t have any old Android phones. So yesterday, as part of new year celebration, I went and bought a new Android phone (around $100) to install Haven. But, remember that Haven can be installed on cheap $50 burner Android phones too (and this is one of the goal of the project). So, feel free to use whatever is available to you.

The project is still in Beta state, and it is available on Google Play Store, and F-Droid store (nightly beta builds). Remember that now there are fake Haven apps in the Google Play Store, so check twice before you install. The original app is published by The Guardian Project.

If you want to use F-Droid like me, add this new a new repository with the following URL.You can do this from F-Droid settings, in the repositories section.

https://guardianproject.github.io/haven-nightly/fdroid/repo/

After adding the repository, refresh all the repositories by clicking the refresh button, then you can install the latest Haven. I have installed the version mentioned in the following screenshot. Remember that Haven can use another app called Orbot to provide remote access to the logs over Tor, but the Orbot from the Play store kept crashing for me, so I installed the latest Orbot (15.5.1-RC-2-multi-SDK23) from the F-Droid store. I am using the 0.1.0-beta-7 version of Haven.

Configuring Haven

You start Haven, a greeter window will welcome you. Swipe left to move to the next windows of the configuration wizard.

In the first configuration window, you will have to setup which noise level should fire up an alert. This totally depends on where you want to keep your phone (on watch). You can start with the default value and then tweak it from there if you’re not getting the alerts you want.

Then you will have to set the motion level. This will detect if someone moves the phone. For example, if you keep the phone on top your laptop, or a document file, there is no easy way to access the laptop or document without moving the phone first.

Next, you can provide a phone number where you may want to receive notifications, either over SMS or Signal messenger.

After the initial configuration wizard, you can click on the settings button in the application. The first thing to do here is to set which number Haven should use to send Signal notifications.

You will need two phone numbers with Signal enabled. One is your primary number, where you will receive the notifications. You will put this number in the Notification Number (Remote). The second number is which Haven will use to send notifications. Put this number to the Signal Number (Local). Best way is to put the second SIM into the same phone of Haven.

Next, click on the REGISTER button. The Signal app on that number will receive a verification code over SMS, you will have to enter that after clicking the VERIFY button.

You can also enable remote access over Tor, just click on the checkbox. This will open the Orbot app, and then come back to the settings screen after Orbot connects to the Tor network.

Remember, you can always come back to the settings and change the values as required. Soon you will find that you will have to do that so that app can adjust to various environmental noises etc.

How to use the app?

By default the app has a 30 second timer so you can make sure that the phone is in a stable place, and then click on the START NOW button. When the timer runs out, the app will start monitoring for any noise, light, movement or vibration to trigger the alarm.

I kept trying to open the door of my office room without any noise, but the motion detector always found me entering the room. I kept the Haven activated and went to sleep in the afternoon. But, first a very loud helicopter, and then a few super bikes and finally some dogs made sure that the system triggered on noise in every other minute. So, I had to increase the noise level in the settings. Though it was fun to hear the recordings on my iPhone, which Haven sent to me over Signal.

Next time if you start the app, you will find the log entries, and you can click on the play button at the right-bottom corner to start it again. Below is a photo taken by the app while I tired to enter the office room.

Can Haven solve all of my physical security issues?

No, but it will record whatever it sees or hears. There are ways to block radio signals (to make sure that Haven can not send out any notification), but that is an expensive step for an attacker to make. You can keep the phone inside of your hotel locker to record if anyone opens up the locker or make it watch your hallway at the house. Government agencies love to see what is inside of our computers/house(s), but they don’t like get recorded while doing so.

How can I help?

Haven is an Open Source application, the source code is hosted on Github. Feel free to submit issues, write blog posts, make people aware about the application. If you can write Android code, you are most welcome to submit patches to the project. Every form of contribution counts, so don’t hesitate.

You can read more about the project in this post from Micah Lee.

  • Update 2018/01/03: Screenshot of configuration window updated for beta7 release
comments powered by Disqus