←back to thread

Show HN: Open-source private home security camera system (end-to-end encryption)

(github.com)
551 points arrdalan | 8 comments | 30 Nov 24 22:13 UTC | HN request time: 0.669s | source | bottom

I needed a security camera inside my house, one that would send motion notifications to my smartphone and would allow me to livestream remotely. However, I could not find one that I could trust due to privacy concerns. Many of them upload the plaintext of videos to their servers and none is fully open-source as far as I know. Therefore, I decided to use my spare time to build one from scratch. Called Privastead (as in Private Homestead), it uses OpenMLS for end-to-end encryption (between the camera local hub and the smartphone) and is mostly implemented in Rust (except for part of the Android app that is implemented in Kotlin). The system is functional now and I've been using it in my own house for the past couple of weeks.

Based on some of the discussions I've seen online, it seems like there are other users who are also concerned with the privacy implications of home security cameras. Therefore, I decided to open source my solution for everyone to use. If you need a privacy-preserving home security camera, please give it a try and provide feedback. Note that trying out the system requires you to have a supported IP camera, a local machine connected to the IP camera, a server, and an Android smartphone. I have put together detailed instructions on setting up the system, which I hope makes it easier for others to get the system up and running.

In addition, consider contributing to the project. The prototype currently has a lot of limitations: mainly that it has only been tested with one IP camera, only allows the use of one camera, and only supports Android. I'll continue to improve the prototype as time permits, but progress will be much faster if there are other contributors as well.

1. EthicalSimilar ◴[01 Dec 24 01:16 UTC] No.42285356[source]
Did you look into Scrypted? It is OSS. With HomeKit (which is how I use it) it is also E2EE. I’m not sure if their app is E2EE though, I only use HomeKit.

It’s pretty good and has an extensive ecosystem. The dev can be a bit… feisty though.

It’s very performant and easy to setup. I don’t use the NVR features as I already have an NVR, I essentially just use it for HomeKit integration of my cameras + doorbell.

https://github.com/koush/scrypted

replies(3): >>42285983 #>>42286051 #>>42290357 #
2. amluto ◴[01 Dec 24 03:37 UTC] No.42285983[source]
> It is OSS.

Barely. A lot of functionality is gated behind the NVR plugin, which is closed-source and fairly expensive.

> easy to setup

In my experience, it’s easy to set up. But it’s extremely configurable in all the wrong ways and quite difficult to configure in the ways that one might actually want to configure. And the front end is not fantastic IMO: event filtering is extremely weak and scrubbing is bizarre.

replies(1): >>42289206 #
3. arrdalan ◴[01 Dec 24 03:53 UTC] No.42286051[source]
I'm not familiar with Scrypted unfortunately. But thanks for the pointer. I'll have to study it to understand its security and privacy implications. I skimmed the docs very quickly but couldn't find info on their use of encryption.

About HomeKit: yes, HomeKit uses iCloud end-to-end encryption (https://support.apple.com/en-us/102651) and is certainly superior to those systems that don't use encryption at all or just use encryption between the device and their servers. But Privastead has two advantages:

1) Privastead uses MLS for end-to-end encryption, which provides forward secrecy and post-compromise security. iCloud's end-to-end encryption does not. So what does that mean? This is from the link I included earlier:

"If you lose access to your account, only you can recover this data, using your device passcode or password, recovery contact, or recovery key."

If an attacker manages to access your password, recovery key, etc., they'll be able to decrypt all your videos (assuming they have recorded all your encrypted videos). Such an attack is not possible in MLS. Similar to the Signal protocol, MLS uses double ratchet and there is not a single password, recovery code, key, etc. that can decrypt everything.

2) The HomeKit framework and iCloud end-to-end encryption are not fully open source as far as I know. Therefore, we simply have to trust what Apple says about their security and privacy implications. That might be okay for some users, but not others. Privastead is and intends to remain fully open source. IMO, being open source is a critical component of any security/privacy solution that would like to gain users' trust.

replies(1): >>42289423 #
4. corytheboyd ◴[01 Dec 24 16:35 UTC] No.42289206[source]
> But it’s extremely configurable in all the wrong ways

Damn that feels exactly like my experience with Zoneminder. I’m sure it is decent software under the hood, but the UX is downright hostile to anyone who just wants to get IP cameras to do very basic motion detection to record some full resolution footage, which feels like the major, obvious use case that should be optimized for.

I am thankful for OSS existing in this realm, but why do so many solutions make the same mistakes? Am I crazy in thinking that a good out of the box experience is important? Is some critical part of the formula locked behind private walls? Something else? Genuinely curious.

replies(1): >>42290488 #
5. cvwright ◴[01 Dec 24 17:15 UTC] No.42289423[source]
I’m not sure that 1) is such a win for MLS here.

If I lose my phone, I want to get all my security footage back by entering my passphrase etc on my new phone.

In other words, I want the “encrypted cloud storage” security model from [1], not the encrypted messaging security model from Signal etc.

[1] https://eprint.iacr.org/2024/989

replies(1): >>42292991 #
6. ◴[01 Dec 24 20:02 UTC] No.42290357[source]
7. amluto ◴[01 Dec 24 20:24 UTC] No.42290488{3}[source]
I suspect there’s a tendency by the kind of developers who make fancy open source projects to expose all the awesome nerdy power of their software. Have three different motion detectors? Expose all of them! Make them plugins! Have “extensions”! Have components provide “things!” Make a UI for all of that! It’s especially nifty when the UI looks just like the code structure.

But making a good UI for defining object detection zones is hard, so the very first thing that works at all sticks. Or, once you’ve carefully optimized by using the camera’s built in motion detection and having all the streams you could want, supporting software motion detection is an afterthought, and making it configurable in any useful manner is even more of an afterthought. After all, all the cameras you actually use personally have built in detection that works well and also have so many built-in RTSP streams that you never actually had to optimize for the experience of using a camera with a single stream, a somewhat defective implementation of ONVIF, and entirely unusable motion detection. So you make it work, but only using plugins and extensions, and it never becomes pleasant.

8. arrdalan ◴[02 Dec 24 04:01 UTC] No.42292991{3}[source]
Interesting. I think the usage model provided by Privastead is reliable enough (at least for me). I have access to my videos on my phone. If losing the phone is a concern (which should be rare), we can easily add a feature that keeps a copy of the files in the hub too.