Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Android Privacy Security

Snowden's New App Haven Uses Your Smartphone To Physically Guard Your Laptop (theintercept.com) 134

An anonymous reader shares a report: The NSA whistleblower and a team of collaborators have been working on a new open source Android app called Haven that you install on a spare smartphone, turning the device into a sort of sentry to watch over your laptop. Haven uses the smartphone's many sensors -- microphone, motion detector, light detector, and cameras -- to monitor the room for changes, and it logs everything it notices. The first public beta version of Haven has officially been released; it's available in the Play Store and on F-Droid, an open source app store for Android.
This discussion has been archived. No new comments can be posted.

Snowden's New App Haven Uses Your Smartphone To Physically Guard Your Laptop

Comments Filter:
  • the "bad guys" have to steal your phone AND your laptop now to get away with their cunning plan?

    • Does this cunning plan involve some feathers, a dress, some oil, an easel, some sleeping draught, lots of paper, a prostitute and the best portrait-painter in England?
    • by AmiMoJo ( 196126 )

      The idea is you use a spare phone and put it somewhere that it hopefully won't be taken.

      • Re:so... (Score:5, Interesting)

        by networkBoy ( 774728 ) on Friday December 22, 2017 @11:38AM (#55789887) Journal

        nah, the phone can be taken. The example given is phone placed on top of lappy in safe. Once phone sees evidence of tampering (movement, light level change, etc.) it starts taking pics and audio, and sends them to you over a Signal channel, SMS, or .onion host.

        This isn't to prevent access to your devices (hard), it is to tattle tale that access has happened (easy).

    • by Anonymous Coward

      Nah. Ole Pootin will have a direct backdoor to the app.

    • or just wait for the battery to die

    • by gweihir ( 88907 )

      That is not what this is about. Common thieves steal the laptop. Actual "bad guys" do _not_ steal it, they tamper with it.

  • Very interesting use case and development, but this is somewhat amusing to see that Snowden is posting his privacy apps to Google Play (in addition to F-droid)... It's not a good message sent to people in my opinion.

    I think it's time that we get something alternative to Google and Apple, like project eelo.io seems to be starting [kickstarter.com].

  • Collaborators? (Score:2, Interesting)

    by Headw1nd ( 829599 )
    Who are these collaborators, and where are they located? If they are from Snowden's new digs I would be concerned about giving their program access to my phone's sensors. In a perfect world, the open source community will drag a fine tooth comb through the code and we could be sure there was nothing malicious, but I don't believe in that world yet.
    • Re: (Score:2, Interesting)

      by cold fjord ( 826450 )

      In a perfect world, the open source community will drag a fine tooth comb through the code and we could be sure there was nothing malicious, but I don't believe in that world yet.

      I think you are wise not to. [ioccc.org]

      Over the years that contest has produced some stunning entries, including some that had as many as three different unrelated major functions contained in the same body of code. There is more than one way to hide secondary functionality of a program, some of which you would have to be quite clever to detect. The fact that Snowden is involved would serve to cause many people to drop their guard even if they had the skill and mindset to detect such obfuscated functionality.

      • by Anonymous Coward

        You're wise not to, but not for the stupidity you posted. It's wise not to believe it simply by the fact that the open source community has already shown that almost no code gets regularly audited and most members don't have the ability to audit code even if they were doing so on a regular basis. OpenSSL isn't an IOCCC entry and yet was chock full of security holes despite the supposed "many eyes" constantly looking over the source code.

        • True, but...
          OpenSSL was full of [assumed] accidental holes.
          IOCCC proves it's trivially possible to make those accidental holes intentionally.

    • You give them access to the sensors on an old phone that you're not using anymore. It repurposes the phone as a security device.

    • by Anonymous Coward

      In a perfect world, the open source community will drag a fine tooth comb through the code and we could be sure there was nothing malicious, but I don't believe in that world yet.

      The open source community can't even do that for libraries already known to not be malicious. In fact, the open source community lazily introduces bugs and then doesn't fix them for years. [schneier.com]

    • I doubt anyone in the "open source community" ever analyzed an piece of open source and combed over the source code.

      I don't even compile stuff myself, but download the binaries.

      The last thing I cloned from github was the source code of the groovy language. Close to 270k files ... who will ever review them?

  • I'm sure that after requiring full access to all your phone's sensors, the app would never share that data with Russian hackers.

  • DA! (Score:3, Insightful)

    by Templer421 ( 4988421 ) on Friday December 22, 2017 @09:25AM (#55789017)

    KGB Phone!

  • Do the security services really need to enter your room and the open safe?
    They know the room the interesting person is in due to the hotel, CC, ID used.
    Everything networked in the room can be set to collect it all during your stay.
    Sooner or later that secure laptop on average under the cell phone is going to be online again.
    Having a need to use such software just makes the security services more sure the person is worth collecting on.
    Once the security service know a person has such software their hotel
  • Here, have another one! [google.com]

  • So Snowden releases a 'spy app' on the same day the scope of Fancy Bear operations against journalism are exposed.

    Um, no connection here, nothing to see, move on.

  • My disk is encrypted, but all it takes to bypass this protection is for an attacker — a malicious hotel housekeeper, or “evil maid”, for example — to spend a few minutes physically tampering with it without my knowledge.

    If that's the case, you're not doing "encrypted" properly.

  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Friday December 22, 2017 @11:09AM (#55789647)
    Comment removed based on user account deletion
    • check wikipedia or the guardian project to figure out what this man actually did and who he worked for.

      That's really good advice. I believed the original reports about Snowden and let's just say that they ended up being very far from the truth. Some time ago I did exactly what you suggest and I was very surprised to find out that Snowden's life was actually quite different from what some reports claimed.

  • he should make an app that detects activities that we like to keep private and alert the user whenever they are detected to make them more aware of the privacy implications of have a computer with so many sensors in your pocket all the time.

  • Yes, where are they living? And on what are they living?

    I know, they are living in a freedom loving country that offered asylum because of its long standing commitment to open culture, citizen privacy, and free speech, so they felt it was important to protect the noble whistleblower. A country that leads the world in its protection of open journalism and has for centuries, well decades anyway, led the struggle against state surveillance of citizens.

    Apparently they were so impressed with Snowden's nobili

No spitting on the Bus! Thank you, The Mgt.

Working...