←back to thread

Show HN: Open-source private home security camera system (end-to-end encryption)

(github.com)
551 points arrdalan | 7 comments | 30 Nov 24 22:13 UTC | HN request time: 0.907s | source | bottom

I needed a security camera inside my house, one that would send motion notifications to my smartphone and would allow me to livestream remotely. However, I could not find one that I could trust due to privacy concerns. Many of them upload the plaintext of videos to their servers and none is fully open-source as far as I know. Therefore, I decided to use my spare time to build one from scratch. Called Privastead (as in Private Homestead), it uses OpenMLS for end-to-end encryption (between the camera local hub and the smartphone) and is mostly implemented in Rust (except for part of the Android app that is implemented in Kotlin). The system is functional now and I've been using it in my own house for the past couple of weeks.

Based on some of the discussions I've seen online, it seems like there are other users who are also concerned with the privacy implications of home security cameras. Therefore, I decided to open source my solution for everyone to use. If you need a privacy-preserving home security camera, please give it a try and provide feedback. Note that trying out the system requires you to have a supported IP camera, a local machine connected to the IP camera, a server, and an Android smartphone. I have put together detailed instructions on setting up the system, which I hope makes it easier for others to get the system up and running.

In addition, consider contributing to the project. The prototype currently has a lot of limitations: mainly that it has only been tested with one IP camera, only allows the use of one camera, and only supports Android. I'll continue to improve the prototype as time permits, but progress will be much faster if there are other contributors as well.

Show context
INTPenis ◴[01 Dec 24 08:11 UTC] No.42287023[source]
Seeing all this focus on security I thought you might be interested in the fact that there are cameras out there with Secure Boot, Axis is one manufacturer I know of that focuses on this feature.
replies(1): >>42287190 #
1. goodpoint ◴[01 Dec 24 08:56 UTC] No.42287190[source]
What's a realistic use-case for secure boot on a camera? It's such a corner case...
replies(2): >>42288143 #>>42288922 #
2. stragies ◴[01 Dec 24 12:38 UTC] No.42288143[source]
One use-case I see (for the Vendor) is avoiding the possibility of users to extend the useful life of their device by loading an aftermarket Firmware like OpenIPCam, OpenMiko, or OpenWrt when the Vendor decides it want's the user to buy a new device instead of continuing to use the existing device for more years.

Of course, Axis will say, that they do this to protect the world from terrorism, CP, and human trafficking.

3. INTPenis ◴[01 Dec 24 15:37 UTC] No.42288922[source]
A friend discovered it when he was wanting to monitor his datacenter and considering local security. A situation where someone has access to your DC and could theoretically erase images of them being there since they also have local access to your cameras.
replies(2): >>42296322 #>>42301798 #
4. goodpoint ◴[02 Dec 24 14:06 UTC] No.42296322[source]
secure boot does not solve such problem.
replies(1): >>42297776 #
5. INTPenis ◴[02 Dec 24 16:34 UTC] No.42297776{3}[source]
Don't leave me hanging there, you have to elaborate.
6. KetoManx64 ◴[03 Dec 24 00:13 UTC] No.42301798[source]
So someone is going to access your camera, power it off, flash a custom firmware to it that they have themselves written that gives them backdoor access to the camera, somehow set it up so that it also has network access that you cannot see on your firewall or network monitoring tools? Then they login to your servers and hope that you don't have any logs enabled that automatically get sent off to a cloud server somewhere. Sounds like your friend has some three letter agency enemies.
replies(1): >>42321040 #
7. INTPenis ◴[04 Dec 24 19:26 UTC] No.42321040{3}[source]
Maybe it's not about your enemies but rather wanting to provide a certain level of security to your clients.