Hacker 10 – Security Hacker

Martus, the encrypted bulletin board for activists

Martus is an open source encrypted bulletin board for individuals and groups tracking human rights violations. It has been developed by Benetech, a non profit organisation pushing for social change. It is written in Java, available for Windows, Mac, Linux and Android, I downloaded the 130MB Windows version to try it out.

During installation a wizard guides you over the necessary steps to set it up, you will be forced to choose a strong password with a minimum of 8 characters and will be given tips to do it safely being told not to use dictionary words and to combine alphabet letters with special characters, everything will have to be entered twice before encrypting it in your device. If you forget your credentials nobody will be able to recover them, not even Martus staff.

Martus encrypted bulleting board Tor settings

Within the software there is the option to activate the Tor network to hide from your ISP that you are connecting to Martus servers and to get around filters if a server is blocked from your location.

The data you enter will be backed up to the server connecting to port 443 (SSL) or 997 using 3027 bit encryption, server administrators will not be able to read anything, data is encrypted with your own keys, and if you don’t wish to use the default Martus server, which during my tests resolved to an Amazon EC2 data centre in the US, any organisation can set up their own, “Advanced Settings” in Martus allow activists to enter the IP address of the specific server they would like to connect to together with the server public code and a magic word for authentication.

You will also be given a public Martus key, this is used to anonymously exchange information with your contacts, entering one of your friends access token in the address book allows you to be in touch with him and transfer encrypted data. There is no need to know any phone number, email  address or Instant Messenger, the access code alone allows you to interact with others, anonymity can be strengthened further if you both use Tor, which only requires that you tick a button in Martus.

The hard part of Martus is to securely exchange access keys with your friends in a way that can not be intercepted, Martus recommends that you to use the Off-The-Record (OTR) software or a face to face meeting to do this.

Template forms in Martus can organise data records with little effort, or you can create a custom form yourself. The last step of the installation wizard involves exporting your account key to a secure location, like an external USB thumbdrive, to restore account access in case your computer is stolen or infected by a virus. The key is exported as a .dat file and optionally can be split in three pieces for extra security, in the later case, you will need all of the parts to access your Martus account. These parts can be distributed in between various members of a group living in different countries so that if one of them is compromised, it will not be enough to access the account.

Martus server settings

Martus report layout is plain and clear, two buttons on top allow you to connect or disconnect from Martus server or Tor with a single click and the tabs on the left hand side let you switch in between the received and saved reports, the form incorporates fields with the date, author and server where data is being backed up.

The Android version of Martus requires you to have a desktop Martus account first to be able to configure it, the rest works the same, data is encrypted with your passphrase on the phone to protect you if it is seized, and any picture, audio or text you have stored will have been already backed up to the Martus server and can be retrieved later on if the phone is confiscated, another choice is to designed a second person with access to your Martus desktop account to retrieve data you have uploaded in case you are not released from custody. Other nice details are that program automatically locks and asks for your password if you leave it running in the background, and there is a PDF manual you can download in multiple languages explaining  how to operate Martus.

Martus Android phone

This is a very well thought out program, it has everything an activist needs, privacy with encryption, anonymity with Tor, no backdoor, the possibility to set up your own Martus server so that you don’t have to rely on others, and being able to share account credentials in between various people so that if something happens to one person, others will still be able to bring back any photos you have uploaded.

If anything could be improved in this program, is that there is no real time communication to sort out discrepancies, like a chatroom or IM, but you could always ask questions to your contacts adding them to a data form being shared.

Visit Martus homepage

Exit mobile version