Most active commenters
  • arrdalan(7)
  • VTimofeenko(3)

←back to thread

Show HN: Open-source private home security camera system (end-to-end encryption)

(github.com)
551 points arrdalan | 24 comments | 30 Nov 24 22:13 UTC | HN request time: 1.292s | source | bottom

I needed a security camera inside my house, one that would send motion notifications to my smartphone and would allow me to livestream remotely. However, I could not find one that I could trust due to privacy concerns. Many of them upload the plaintext of videos to their servers and none is fully open-source as far as I know. Therefore, I decided to use my spare time to build one from scratch. Called Privastead (as in Private Homestead), it uses OpenMLS for end-to-end encryption (between the camera local hub and the smartphone) and is mostly implemented in Rust (except for part of the Android app that is implemented in Kotlin). The system is functional now and I've been using it in my own house for the past couple of weeks.

Based on some of the discussions I've seen online, it seems like there are other users who are also concerned with the privacy implications of home security cameras. Therefore, I decided to open source my solution for everyone to use. If you need a privacy-preserving home security camera, please give it a try and provide feedback. Note that trying out the system requires you to have a supported IP camera, a local machine connected to the IP camera, a server, and an Android smartphone. I have put together detailed instructions on setting up the system, which I hope makes it easier for others to get the system up and running.

In addition, consider contributing to the project. The prototype currently has a lot of limitations: mainly that it has only been tested with one IP camera, only allows the use of one camera, and only supports Android. I'll continue to improve the prototype as time permits, but progress will be much faster if there are other contributors as well.

1. VTimofeenko ◴[01 Dec 24 02:04 UTC] No.42285567[source]
I've been a happy user of frigate (https://frigate.video) with fully local isolated setup: multiple poe cameras on a dedicated network, coral to supplement on-camera recognition, HA+Prometheus for alerts and smarts.

Excited to see another project, especially in Rust(not for the memes; python env management has bit me a few times when hacking).

One major gripe with frigate that I have is the way it treats detection events as pointers to video files. This makes replicating events off site a major pain.

replies(3): >>42285973 #>>42286293 #>>42287611 #
2. stevenpetryk ◴[01 Dec 24 03:35 UTC] No.42285973[source]
Have you found cameras you’re happy with? That’s the main thing holding me back is not knowing a good PoE camera to use.
replies(2): >>42286156 #>>42286279 #
3. hughesjj ◴[01 Dec 24 04:16 UTC] No.42286156[source]
Hikvision and reolink are highly rated onvif ones that support poe, but as long as the camera support ONVIF from there just compare as normal
replies(3): >>42286400 #>>42286505 #>>42287306 #
4. VTimofeenko ◴[01 Dec 24 04:51 UTC] No.42286279[source]
Reolink have not disappointed me so far. I am using a duo 2 cam watching over the front of the property and a collection of their bullet cams. There's a lot of recommendations on frigate github discussions. Some models indeed have quirks.

On top of decent cameras they also have pretty well-documented API.

5. arrdalan ◴[01 Dec 24 04:57 UTC] No.42286293[source]
A fully isolated setup on a dedicated network can certainly provide good privacy. A key benefit of Privastead is that it can send the videos to your smartphone remotely using a strong (MLS-based) end-to-end encryption.

And I share your excitement about Rust. :-)

replies(4): >>42286327 #>>42286441 #>>42287177 #>>42287432 #
6. VTimofeenko ◴[01 Dec 24 05:06 UTC] No.42286327[source]
The remote access part can be solved by wireguard or tailscale for less hands-on approach. Ntfy.sh/telegram/whatever cool kids use these days for notifications.

This and my previous comment probably amount to a full Dropbox comment now :)

Can you elaborate on the sending video part -- do you transfer the whole file or a link to the file on the server? Curious about the replication piece I mentioned

replies(1): >>42286347 #
7. arrdalan ◴[01 Dec 24 05:10 UTC] No.42286347{3}[source]
Privastead uses end-to-end encryption between the hub and the app. The hub encrypts the whole video file and sends it (through an untrusted server) to the app. The app will have a local copy of the video. The hub deletes the video upon delivery to the app. The server never has access to the unecrypted video.
replies(1): >>42286567 #
8. hunter2_ ◴[01 Dec 24 05:22 UTC] No.42286400{3}[source]
Search for "Hikvision compromised" though. The results are damning. I suppose there's not much of a concern if using a proper firewall on a managed network, however.
9. windexh8er ◴[01 Dec 24 05:33 UTC] No.42286441[source]
I've been using locally hosted NVRs going on two decades now and so I definitely appreciate another local NVR option. But given the current lack of common requirements (e.g. more than 1 camera), curious if you're seeing any usage outside of your own? As others have mentioned Frigate is filling a nice gap for many, currently. I can only connect to it via a VPN I control and I can easily get notifications via Home Assistant.

I feel as though I have protection of getting the feeds to my phone securely, already. And while I'd love to be able to trust exposing Frigate and making it more accessible, I really don't have a need nor would I as the barrier to entry is already low enough to not impose much friction.

My intent isn't to dissuade you (obviously you wrote it for yourself) but I'd be curious if implementing a more secure transport in an existing OSS NVR that has traction was something you considered?

replies(1): >>42286575 #
10. hipitihop ◴[01 Dec 24 05:54 UTC] No.42286505{3}[source]
I can second Frigate and welcome any work in this space, so nice work OP will have a look. For others asking, I have found so far Hikvision POE PTZ domes like DS-2DE2A404IW-DE3 have been reliable, depends on your budget. I have cams themselves fully locked down from internet and on a separate subnet on the local net. OPNSense is also a friend here. I would love some OSS firmware for these cams. For remote, I find ZeroTier to Frigate & Home Assistant machines is all I need. I get why others WireGuard too. YMMV
replies(1): >>42322646 #
11. tehlike ◴[01 Dec 24 06:09 UTC] No.42286567{4}[source]
WebRTC might provide a good way to handle this.
replies(1): >>42286603 #
12. arrdalan ◴[01 Dec 24 06:10 UTC] No.42286575{3}[source]
Your local setup plus VPN/wireguard is a good design. For me, port forwarding on my router was a no-go due to the increased attack surface. Therefore, I wanted to use the cloud to route the videos and hence I decided to use a strong end-to-end encryption scheme (MLS).

Regarding the limitation you mentioned: I plan to address them. The next task on my plate is to support multiple cameras. :-)

replies(1): >>42291566 #
13. arrdalan ◴[01 Dec 24 06:16 UTC] No.42286603{5}[source]
Yes, indeed. Using WebRTC and MLS together should provide good performance and privacy. In fact, Discord recently did that: https://discord.com/blog/meet-dave-e2ee-for-audio-video

It's something I plan to look into at some point.

14. hamandcheese ◴[01 Dec 24 08:52 UTC] No.42287177[source]
FWIW, e2ee is a feature that mostly matters to me when I don't own the infrastructure, and my bytes are flowing over someone else's platform.

If I do own all the infra, it seems like a lot of extra effort and complexity in the application which could be farmed out to other solutions (I.e. wireguard).

replies(1): >>42288662 #
15. nonrandomstring ◴[01 Dec 24 09:28 UTC] No.42287306{3}[source]
Aren't HikVision the ones banned by many governments because they have dodgy "call home to China" firmware?

Persoanlly I go with the Eyeball Entities Omnicam with an Omniscient Systems Xcam-REAM control centre [0].

[0] https://cybershow.uk/media/ads/cctv-ads.mp3

replies(1): >>42287414 #
16. paranoidrobot ◴[01 Dec 24 09:53 UTC] No.42287414{4}[source]
Even if it does have phone-home functions, why does the camera itself need internet access?

IMO, audit the hardware for wireless radios (PoE cameras shouldn't have them), and put them on a camera-only VLAN that can only talk to the video server.

Maybe not suitable for super secure TS locations, but in general should be fine for 99% of situations.

replies(1): >>42289824 #
17. goodpoint ◴[01 Dec 24 09:58 UTC] No.42287432[source]
How is video streamed to the apps? Push notification services are not meant for real time video streaming.
replies(2): >>42287460 #>>42288675 #
18. discordance ◴[01 Dec 24 10:06 UTC] No.42287460{3}[source]
RTSP
19. ◴[01 Dec 24 10:42 UTC] No.42287611[source]
20. arrdalan ◴[01 Dec 24 14:40 UTC] No.42288662{3}[source]
That's right. My assumption is that the server is untrusted and that's why I use end-to-end encryption. This allows me to use any server, possibly even one operated by a third-party service in the future.
21. arrdalan ◴[01 Dec 24 14:42 UTC] No.42288675{3}[source]
Push notifications are for notifying the apps of events (e.g., motion). The actual encrypted video (either motion-triggered video or livestreams) are transferred through the server.
22. nonrandomstring ◴[01 Dec 24 18:29 UTC] No.42289824{5}[source]
I think if you've got total control over them, not a problem compartmentalising. Problem is, they're like loitering munitions, next person comes along and connectes them up to a router or misconfigures a firewall... Much as I hate e-waste sadly best place is in the bin. They're cheap but, easy come easy go.
23. windexh8er ◴[01 Dec 24 23:27 UTC] No.42291566{4}[source]
I actually don't do any port forwarding for my VPN. I end up back hauling over a public termination point on existing tunnels. All tunnels originate outbound in this manner.

Looking forward to seeing your project progress!

24. hughesjj ◴[04 Dec 24 22:16 UTC] No.42322646{4}[source]
Oh wire guard is a requirement imo, regardless of NVR or camera vendor. I'm less worried about a nation on the other side of the Pacific getting a livestream of my property than I am someone social engineering some rando employee at Ring/whereever and figuring out the best time to rob me or whatever.

Also set up alerts on shodan opencve etc. If you have anything but a phone and personal computer on your home network, assume they're hacked and treat it like you would coffee shop wifi during defcon.

Because... Well they are. Zero days are a thing, and by definition by the time you learn of one it's too late.

Honestly I'm more concerned about the compromised device being an attack vector for network sniffing etc moreso than the video itself... Which is yet another reason why I try to 100% VPN even at home, but man okta doesn't play well with VPNs.