If someone was to restart Haven in 2025...
Opened this issue · 33 comments
@n8fr8 what are the good choices Haven made? Which frameworks are still good and maintained?
I found those:
- OpenCV: OpenCV is a library of programming functions mainly aimed at real-time computer vision. OpenCV can help you process images and videos from your phone's camera, and perform tasks such as face detection, object tracking, motion analysis, and more.
- AudioRecord: AudioRecord is a class in Android that allows you to record audio from the microphone. AudioRecord can help you capture sound from your phone's environment, and perform tasks such as noise reduction, speech recognition, audio analysis, and more.
- SensorManager: SensorManager is a class in Android that allows you to access the sensors on your phone. SensorManager can help you monitor the physical conditions of your phone, such as acceleration, orientation, temperature, light, and more.
- NetCipher: NetCipher is a library that provides a simple way to use Tor network on Android. NetCipher can help you create a Tor hidden service for your app, and protect your data and identity from network surveillance and traffic analysis.
: How to use OpenCV
: How to use AudioRecord
: How to use SensorManager
: How to use NetCipher
If not, just update the frameworks and replace Signal integration to Matrix.
Here is what Bing would do (haven't validated):
If I dive into the code, I would propose the following plan for developers to replace Signal to Matrix Android SDK:
- First, I would fork the Haven repository on GitHub and clone it to my local machine. I would also install the required dependencies, such as Android Studio, Gradle, and NDK.
- Second, I would remove the Signal integration from the app by deleting the relevant classes, methods, and resources that use the Signal protocol or service. I would also remove any references to Signal from the app's manifest, build files, and settings. Some of the files that I would delete or modify are:
- `SignalSender.java`: This is the class that handles sending alerts via Signal. I would delete this file and its references from other classes.
- `SignalReceiver.java`: This is the class that handles receiving commands via Signal. I would delete this file and its references from other classes.
- `SignalHelper.java`: This is the class that handles initializing and registering Signal. I would delete this file and its references from other classes.
- `SignalService.java`: This is the class that runs as a background service to listen for Signal messages. I would delete this file and its references from other classes.
- `SignalPreferencesFragment.java`: This is the class that displays the Signal settings in the app. I would delete this file and its references from other classes.
- `strings.xml`: This is the file that contains the string resources for the app. I would remove any strings related to Signal, such as "Enable Signal", "Signal Phone Number", "Signal Verification Code", etc.
- `build.gradle`: This is the file that defines the app's dependencies and configurations. I would remove any dependencies related to Signal, such as "org.whispersystems:signal-service-android:2.15.3".
- `AndroidManifest.xml`: This is the file that declares the app's components and permissions. I would remove any components or permissions related to Signal, such as "org.thoughtcrime.securesms.service.RegistrationService", "org.thoughtcrime.securesms.permissions.SEND_MESSAGES", etc.
- Third, I would add the Matrix integration to the app by using the Matrix Android SDK, which provides a high-level interface to interact with the Matrix client-server API. I would create a new class that implements the MatrixService interface and handles the initialization, authentication, and synchronization of the Matrix client. I would also create a new class that implements the MatrixEventListener interface and handles the events related to messages, rooms, and commands. I would then register these classes with the Haven app and add them to the app's manifest and build files. Some of the files that I would create or modify are:
- `MatrixSender.java`: This is the class that handles sending alerts via Matrix. I would create this file and use methods from the Matrix Android SDK to send encrypted messages, photos, videos, and audio clips to a specified room.
- `MatrixReceiver.java`: This is the class that handles receiving commands via Matrix. I would create this file and use methods from the Matrix Android SDK to listen for messages in a specified room and execute commands accordingly.
- `MatrixHelper.java`: This is the class that handles initializing and registering Matrix. I would create this file and use methods from the Matrix Android SDK to create a Matrix client instance, log in with a username and password, and sync with a server. `MatrixSender.java`: This is the class that handles sending alerts via Matrix. I would create this file and use methods from the Matrix Android SDK to send encrypted messages, photos, videos, and audio clips to a specified room.
- `MatrixReceiver.java`: This is the class that handles receiving commands via Matrix. I would create this file and use methods from the Matrix Android SDK to listen for messages in a specified room and execute commands accordingly.
- `MatrixHelper.java`: This is the class that handles initializing and registering Matrix. I would create this file and use methods from the Matrix Android SDK to create a Matrix client instance, log in with a username and password, and sync with a server.
- `MatrixService.java`: This is the class that runs as a background service to listen for Matrix events. I would create this file and use methods from the Matrix Android SDK to register a MatrixEventListener and start a MatrixService.
- `MatrixPreferencesFragment.java`: This is the class that displays the Matrix settings in the app. I would create this file and use methods from the Android Jetpack library to create a preference screen where the user can enter their Matrix username, password, and room name.
- `strings.xml`: This is the file that contains the string resources for the app. I would add some strings related to Matrix, such as "Enable Matrix", "Matrix Username", "Matrix Password", "Matrix Room Name", etc.
- `build.gradle`: This is the file that defines the app's dependencies and configurations. I would add a dependency related to Matrix, such as "org.matrix.android:matrix-android-sdk:1.1.6".
- `AndroidManifest.xml`: This is the file that declares the app's components and permissions. I would add a component related to Matrix, such as "org.matrix.androidsdk.services.MatrixService".
- Fourth, I would modify the app's logic and UI to use the Matrix integration instead of the Signal integration. I would replace the Signal settings with Matrix settings, where the user can enter their Matrix username, password, and room name. I would also replace the Signal alerts with Matrix alerts, where the app can send encrypted messages, photos, videos, and audio clips to the Matrix room. I would also add a feature that allows the user to remotely access the sensor data and camera feed from the Matrix room by sending commands to the app.
- Fifth, I would test the app's functionality and performance on various devices and scenarios. I would also debug any errors or issues that might arise during the development process. I would also document the code and write unit tests for it.
This is how I would adapt the current codebase of Haven to use Matrix instead of Signal for encrypted alerts. If you have any other questions, please feel free to ask me. 😊
@harlo @n8fr8 : no more money from FPF? So sad. If I was an android devel....
Edit: no there could be some #460.
Contacting you
Please fork this and apply your changes then report back. You’ll need to host your own server for Matrix so a solid understanding of networking is required.
Please fork this and apply your changes then report back. You’ll need to host your own server for Matrix so a solid understanding of networking is required.
Why someone trying to replace signal with matrix would need to host his own server? This will require to use two accounts here, and to log one in into the phone and the room where to send the alarms. That's it.
@lukeswitz i won't start this project. I have not enough knowledge in android development unfortunately. I just try to draft what it would take for someone having the knowledge, having some funds, to entice that person to do it.
I can’t speak for who takes this over; but money is not the issue or incentive. Sorry for the confusion. I’d love to see this done from scratch and I’d help make that happen. Thanks for the motivation
As for your own server, that was for signal as it exists now. Sure you can use existing matrix instances and just create a callback in python or even in native Android Java, or so AI thinks:
from nio import AsyncClient, RoomMessageText
async def message_callback(room, event):
if isinstance(event, RoomMessageText):
if event.body == "alarm":
await client.room_send(
room.room_id,
"m.room.message",
{"msgtype": "m.text", "body": "Alarm triggered!"},
)
async def main():
global client
client = AsyncClient("https://your-matrix-server.org", "username")
client.add_event_callback(message_callback, RoomMessageText)
await client.login("password")
await client.sync_forever()
if __name__ == "__main__":
import asyncio
asyncio.get_event_loop().run_until_complete(main())
# Java too, because AI right?
Add Dependencies
First, add the Matrix Android SDK to your build.gradle:
gradle
Copy code
dependencies {
implementation 'org.matrix.android:matrix-android-sdk:0.9.29'
}
Initialize Matrix Client
Initialize the Matrix client in your MainActivity.java:
import org.matrix.androidsdk.HomeServerConnectionConfig;
import org.matrix.androidsdk.MXSession;
import org.matrix.androidsdk.RestClient;
import org.matrix.androidsdk.listeners.IMXEventListener;
import org.matrix.androidsdk.data.Room;
import org.matrix.androidsdk.rest.model.Event;
HomeServerConnectionConfig hsConfig = new HomeServerConnectionConfig.Builder()
.withHomeServerUri(Uri.parse("https://your-matrix-server.org"))
.build();
MXSession session = new MXSession.Builder(hsConfig, this)
.build();
session.startEventStream(null);
Listen for Messages and Send Alarm
Implement an event listener to listen for messages in a room
IMXEventListener eventListener = new IMXEventListener() {
@Override
public void onLiveEventReceived(String fromRoomId, Event event) {
if (Event.EVENT_TYPE_MESSAGE.equals(event.type)) {
String messageBody = JsonUtils.toMessage(event.content.getAsJsonObject()).body;
if ("alarm".equals(messageBody)) {
Room room = session.getDataHandler().getRoom(fromRoomId);
room.sendTextMessage("Alarm triggered!");
}
}
}
};
Room room = session.getDataHandler().getRoom("your-room-id");
room.addEventListener(eventListener);
Security Considerations
Matrix: Make sure to enable end-to-end encryption in the room settings.
Authentication: This example doesn't cover authentication. You'll need to implement that based on your needs.
This is a simplified example to get you started. You'll need to add error handling, authentication, and other features for a complete implementation.
At least that’s what AI says 😆 none of this code works.
Instead of matrix, maybe update w/the cDc's https://veilid.com/ ? I haven't looked into it too far (or built haven for a long, long time) but it might be worth considering.
I don't fully understand, what is the main problem that prevents from integrating other platforms, beside Signal, Matrix, etc... lets say telegram. There could be an option. Not everyone and every user is equal. Whoever needs Signal/Matrix, they can use, but there are definitely part of user base, who need to use Telegram, so why not add it?
it is as easy as just sending POST data:
{
'chat_id': chat_id, // channel id where user's bot is added as administrator (more at: https://stackoverflow.com/a/56546442/2377343 )
'text': content,
...
}
to:
https://api.telegram.org/bot' +bot_key + '/sendMessage;
I understand there are more security concerns about it, but you can still add it as an option, but somewhat under "warning" message or whatever.
I think @fat-tire is right. cDc Velid is a type of guardian project in and of itself. Their defcon talk this year gave me hope. With that came their code and an android app even. Lots to go off of for a reboot.
To that end, a rebuild could be quite easy and beneficial. The project was always an adaptation, a fresh start is easier than addressing each sensor problem, etc.
Granular settings overhaul, minimal UI and intuitive notifications; including the option for webhooks like @ttodua points out above. Definitely possible.
but what is the current main problem with Haven, to continue its life? ( at least, before a reboot becomes a reality)
but what is the current main problem with Haven, to continue its life? ( at least, before a reboot becomes a reality)
Seems an agreement on notifications, and a dev(s) with the time to take on said integration.
I have found this application quite interesting and would like to contribute.Are PR still accepted?. I have already forked and start upgrading things and fixing minor issues. @lukeswitz Telegram support will be the next feature I will try to include
I've just discovered this so will be actively hunting forks :) for anyone else following this thread
https://github.com/caronc/apprise for notifications and alerts, will simplify instead of having to make each messaging service, or integrate web hooks so things like ntfy mattermost etc work, also it says local only recordings, I'd install syncthing from fdroid, could backup/ sync to a server at home etc with no app changes here, and a script there could alert on new files to any service you like.
The Linux mentality, kiss, let this app do the android and the recording stuff, let other apps handle the rest, keep this simple to maintain and active :)
hiii @lazee486 I was not aware of this library, thanks. I guess as you said we may use it to simplify the notification/alert system. I am still struggling now updating/replacing old/deprecated libraries and fixing some of those bugs listed.
I'm more of a sys admin and just use self hosted apps, but if theres something I can help message me, I think this app seems like something worth keeping around, I'm thinking for just around my home :)
@lukeswitz Telegram support will be the next feature I will try to include
I would avoid any app for evil maid attack mitigation that’s not using encryption. Risk appetites vary, not a chance I’d put my personal space on Telegram servers but that’s me.
“Telegram is a steaming hot mess of bad to no encryption” - someone much smarter than I in the cryptography community.
I have it working with Signal now that a linked phone number isn’t required. Ironing out the rest of the bugs vs. full rebuild is where I’m at now.
I would really vouch for matrix. You open and control a channel that is encrypted. Invite guardians if you will. Use it as a baby monitor as well. Tweak the app to detect pitch of your dogs fighting only and warn just on that.
We just need to stick with proper technologies that don't require necessarily a phone number to use. That's it.
matrix would be better than telegram - can be self hosted or even use a public instance, and can use ntfy etc so you can get notifications on even degoogled devices.
Looking into a veilid chat integration. Rebuild might be iOS & Android. All depends on time constraints. Happy for any help. Cheers all
matrix would be better than telegram - can be self hosted or even use a public instance, and can use ntfy etc so you can get notifications on even degoogled devices.
This is and has been a great idea, we just never made it happen.
have to say many thanks for restarting and renewing the project!
..just wanted to mention, ..about Telegram and Matrix support(and m.b. some others messagers or nets):
they really needed only just to grab ip adresses one to another app copy and it’s all !!!
after that - two copies of Haven will know ip’s of each other and will be in posible communicate together by a net, like it works thrue by a Tor net!
So, in theory, not needed any bots in Telegram/Matrix, i mean - could be possible to have a strait communication, not by a messagers protocol, but ip-to-ip, btw.
But, in the hard way, over a nat for example, yes, should be posible to use a messager protocol, like was with the Signal. For the Telegram, a.y.k. there is a MTproto opensourced libs for handling that!
For fun, I wanted to see if I could build haven w/modern tools (Android Studio 2024.2.1 Canary 6, Java 17, updated all libraries (that still exist), Gradle 8.10, Kotlin 2.0.10, ndkVersion '27.0.12077973', etc.), targeting SDK 35.
Here it is running in the emulator, using the android 15 image w/pixel fold avd:
Had to migrate a lot of stuff to newer versions, especially in the manifest. Lots of permissions have changed (ie storage), new things have to be declared. A few of the 3rd-party libraries don't really exist any more, I had to target x86_64 for the emulator, BetterVideoPlayer is deprecated and read-only, renderscript is deprecated and even jcenter is deprecated, etc. But I went on a take-no-prisoners-just-get-it-to-build slash and burn campaign, ignoring most recommendations to replace old stuff for new, but it does build now and runs in the emulator with a min sdk of 21 and a target sdk of 35. Also updated to the latest material components library, though I didn't go through all the xml to use the material elements or anything. There's a SDK 31+ PendingIntent requiring FLAG_IMMUTABLE error, some camera weirdness (though the emulator did show that sample camera input grid thing), and I think the background AlarmManager and background task stuff should be using WorkManager (?). IOW it would be a decent amount of work to get it back up to date, but it's probably possible, especially for someone familiar with the program already. The basic functionality and flow seems to be there in terms of navigating between all the menus-- didn't try flipping every setting or anything or even trying basic functionality. I know that the media player won't work cuz I ripped it out. I just confirmed the shell of it still builds.
Was a lot easier than I'd thought it might be, for @lukeswitz or anyone who's thinking of reviving this.
Cheers,
ft
@n8fr8 what funds are available for someone to work on this?
What are guidelines to follow up on this and move away of signal? Someone to tag directly from guardian?
Thanks @fat-tire! Cool to see it build. I’m working on a ground up build for both iOS and Android. A more streamlined build with a lot of granular features like ability to choose between Matrix/Signal/Veilid etc.
Best of luck @tlaurion getting paid for FOSS work- by an organization who provides free tools. They’re very kind individuals and will respond better than I. But, if money is your only incentive I believe you’re missing the point of FOSS.
Thanks @fat-tire! Cool to see it build. I’m working on a ground up build for both iOS and Android. A more streamlined build with a lot of granular features like ability to choose between Matrix/Signal/Veilid etc.
Best of luck @tlaurion getting paid for FOSS work- by an organization who provides free tools. They’re very kind individuals and will respond better than I. But, if money is your only incentive I believe you’re missing the point of FOSS.
Rude and without proper background check from you on my FOSS work, for which I apply for grant applications needed for the projects I depend on to thrive. Haven would be dependable if it was still maintained.
I won't do this work since I lack expertise to do so, but still want this project to thrive for its user bases, some of which intersects with the ones I FOSS about. IE: https://www.anarsec.guide/posts/qubes/
QubesOS, Heads coreboot. Anybody not wanting to rely on bootguard would depend on this project for their physical security needs. That's my claim and only claim.
Reason I poke @n8fr8 is because it was said that guidance/funding (not a lot left) was possible
Follow white rabbit:
- #460
- Leading to @n8fr8 post at #456 (comment)
I opened this issue as a follow-up to tackle the work needing to be done for this project to continue to be maintained from FPF(Freedom of Press Foundation + Guardian) prior of this being worked as a fork under 3rdparty repo.
Why this project was dropped is still unanswered AFAIK. It was promising, was used but went unmaintained. Why?
Being a maintainer myself, those are legitimate questions needing answers if the goal is to have a thriving project or if we accept it to die again sooner then later.
Not sure I understand your argument. You want it working, you want to be paid for it, but you have no understanding of how or why? Ok then!
Not sure I understand your argument. You want it working, you want to be paid for it, but you have no understanding of how or why? Ok then!
No. This is becoming personal for no understood reason. Please reread #465 (comment)
For fun, I wanted to see if I could build haven w/modern tools (Android Studio 2024.2.1 Canary 6, Java 17, updated all libraries (that still exist), Gradle 8.10, Kotlin 2.0.10, ndkVersion '27.0.12077973', etc.), targeting SDK 35.
Here it is running in the emulator, using the android 15 image w/pixel fold avd:
Had to migrate a lot of stuff to newer versions, especially in the manifest. Lots of permissions have changed (ie storage), new things have to be declared. A few of the 3rd-party libraries don't really exist any more, I had to target x86_64 for the emulator, BetterVideoPlayer is deprecated and read-only, renderscript is deprecated and even jcenter is deprecated, etc. But I went on a take-no-prisoners-just-get-it-to-build slash and burn campaign, ignoring most recommendations to replace old stuff for new, but it does build now and runs in the emulator with a min sdk of 21 and a target sdk of 35. Also updated to the latest material components library, though I didn't go through all the xml to use the material elements or anything. There's a SDK 31+ PendingIntent requiring FLAG_IMMUTABLE error, some camera weirdness (though the emulator did show that sample camera input grid thing), and I think the background AlarmManager and background task stuff should be using WorkManager (?). IOW it would be a decent amount of work to get it back up to date, but it's probably possible, especially for someone familiar with the program already. The basic functionality and flow seems to be there in terms of navigating between all the menus-- didn't try flipping every setting or anything or even trying basic functionality. I know that the media player won't work cuz I ripped it out. I just confirmed the shell of it still builds.
Was a lot easier than I'd thought it might be, for @lukeswitz or anyone who's thinking of reviving this.
Cheers, ft
Hi can you upload all those changes to some repo folk? I would like to try it.
Hi can you upload all those changes to some repo folk? I would like to try it.
Sure. See here. I just took my massive free-for-all .diff and split it up. Unfortunately Android Studio automatically reformatted a bunch of files I didn't touch, including src and xml files, so I tried to keep these commits to the non-cosmetic changes that I did by-hand. If I missed something, hopefully it will be easy to figure out what to change to complete the build. "if in doubt, comment it out!"
A few other things:
- I tried to split it into a few bite-sized commits that would highlight groups of things that went together.
- I did a quick replacement from
com.stfalcon.frescoimageviewer.ImageViewer,tocom.stfalcon.imageviewer.StfalconImageViewer, but didn't do the actual work-- just moved from the old repo to the new one and then commented it out pretty much as I didn't need to fix it to finish the build. - As mentioned
BetterVideoPlayeris completely commented out. - I dont' think the abiFilters for the ndk are actually needed because they were used for the "easyrs" library that worked w/renderscript, which itself is deprecated and would need to be replaced/ignored now.
- The permission in
AndroidStudio.xmlfor MonitorService is dubious and now that I think about it there was a background service I turned off because it was crashy. Hopefully that's in the code somewhere and I didn't skip it, but if it's still there, look at logcat and turn off whatever's crashing. - I also didn't include some files that changed with the gradle update like
gradle-wrapper.jar,gradlew,gradlew.bat, etc. I think this will update itself, or at least it did in my case, so I didn't see any point in including them. - I did this really quick on request so don't expect anything good, proper, or complete here, and I'd hope that anyone doing an actual update would re-do what is needed the "right way"(tm) rather than the way I did it. (But you DID ask for this heheh)
ft
It needs a full rebuild. This is reliant on incredibly outdated third party libraries and frameworks.
A user back in 2018 contacted me about why it doesn’t work consistently, as they had something awful happen and relied on Haven to capture it. Redundancy aside, they’d have been better off with simple & stealth usb charger camera. I was crushed, they got in trouble for an app that didn’t even work to protect them.
My point, which some take as an insult, is that this needs stability to be an offering for physical security- otherwise it’s a false sense of it at best. Forget notifications choices for a minute and get core functionality done. When it’s working locally then add more features.
There’s so many good libraries for media playback etc. now. Or doing it natively ourselves is very simple. Reworking what’s there is an option, but a bandaid fix at best.
Sacrificing quality for time is not a shortcut I’ll take when it’s at the cost of freedom & safety. So I’m doing what I can with what I have.
CEOs and their money can do as they do. While it would be a shame to see Haven go the way of a paid service like @tlaurion is pushing, it’s likely given the constraints on devs today.
Privacy over profits. End rant.
CEOs and their money can do as they do. While it would be a shame to see Haven go the way of a paid service like @tlaurion is pushing, it’s likely given the constraints on devs today.
This is not what I'm promoting.
What I'm saying here is this project failed to be maintained. And we need to understand what happened to not have this happen again.
I linked to past funding possibilities. And said there are other grant opportunities to assist this project to do things correctly.
This needs a reboot. How about it's made correctly this time? Your points are valid. Why can't you consider mine just for what they are? I'm not suggesting this becomes a paid service, I'm stating that developers need to be paid to do things correctly and funding sources need to be existing for this to become a physical security platform as it was promoted to be and then failed its own promises.
What about to tell protomail team to own the project ,,😁
Anyway, imo need to start just with renew the old build, based with only Tor Net, it was and is VERY workable for using!!!
And only after will to look into not linked with tel.no. Nets, i hope, will be the best choice!
@fat-tire already attempted this effort in the past at #458 and did it again at #465 (comment)
It's a good start and I do not intent to stop any effort here in moving this forward but this needs leadership change is what i'm saying and a clear plan to act upon, which leadership will state where the merging bar will be for this repo or a new repository and a new home for this project.
Who needs to be talked into this? I do not know. Who knows?
@n8fr8 : who is the maintainer of this project?
@n8fr8 said in 2022 under #456 (comment) and I repeat, once more:
I've definitely been challenged finding a home for it within all of our other work at Guardian Project, and thus making time in my schedule to be an active maintainer. It is a tricky project to keep supporting even with interest from activist and human rights communities.
I'm open to identify you or someone else to be the lead maintainer, and given the authority to make decisions about issues as needed. There may even be some small amount of funding or compensation that could be figured out, if there was overlap with our work on tor (integrate tor-android directly), proofmode (add proofmode library for signing of media evidence) and matrix (replace signal with matrix as secure messaging channel) related work. We also have some new funding related to IPFS that could be integrated here, if someone was interested in thinking about decentralized storage of Haven generated media.
Find me on matrix @n8fr8:matrix.org or nathan@guardianproject.info if anyone wants to talk in realtime about this.
I do still love this app, and find ways to use it now and then.
The person willing to take leadership of rebooting Haven needs to talk to @n8fr8 first.