Show HN: Open-source private home security camera system (end-to-end encryption)

(github.com)

551 points arrdalan | 5 comments | 30 Nov 24 22:13 UTC | HN request time: 0s | source

I needed a security camera inside my house, one that would send motion notifications to my smartphone and would allow me to livestream remotely. However, I could not find one that I could trust due to privacy concerns. Many of them upload the plaintext of videos to their servers and none is fully open-source as far as I know. Therefore, I decided to use my spare time to build one from scratch. Called Privastead (as in Private Homestead), it uses OpenMLS for end-to-end encryption (between the camera local hub and the smartphone) and is mostly implemented in Rust (except for part of the Android app that is implemented in Kotlin). The system is functional now and I've been using it in my own house for the past couple of weeks.

Based on some of the discussions I've seen online, it seems like there are other users who are also concerned with the privacy implications of home security cameras. Therefore, I decided to open source my solution for everyone to use. If you need a privacy-preserving home security camera, please give it a try and provide feedback. Note that trying out the system requires you to have a supported IP camera, a local machine connected to the IP camera, a server, and an Android smartphone. I have put together detailed instructions on setting up the system, which I hope makes it easier for others to get the system up and running.

In addition, consider contributing to the project. The prototype currently has a lot of limitations: mainly that it has only been tested with one IP camera, only allows the use of one camera, and only supports Android. I'll continue to improve the prototype as time permits, but progress will be much faster if there are other contributors as well.

Show context

mattlondon ◴[01 Dec 24 07:52 UTC] No.42286947[source]▶

>>42284412 (OP) #

Having had cameras and a couple of breakin attempts for a while now my biggest must-have for these sort of things is:

- reliable human detection (not just motion)

- integration via some sort of API or MQTT etc.

This project appears to have no "smarts" in terms of human detection nor APIs which is a shame. Just pure motion detection on its own is ok, but you're going to pick up all sorts of things that you don't care about.

E.g. I have foxes that run around my garden all night. I don't care about those. But the second a human steps into my garden and starts approaching the house in the night, all the perimeter floodlights are activated, in-house lights turn on, a fake-yet-loud barking dog MP3 starts playing and I get pushover notifications on my phone that won't stop until I ACK them etc (to wake me up).

So far, from personal experience, the most reliable way to stop an attempted burglary in-progress is for lights to switch on from inside as they are attempting to force entry.

replies(5): >>42287187 #>>42287195 #>>42288615 #>>42289334 #>>42289610 #

wkat4242 ◴[01 Dec 24 08:58 UTC] No.42287195[source]▶

>>42286947 #

For me the human detection isn't an issue. I only have cameras indoors anyway, i have one outside but it's equipped with a highly zoomed lens so it can see the faces of the people in front of my door. It won't trigger on animals because they don't get up that high.

But in your case I could recommend Frigate, it's got decent detection that can be accelerated with a Google coral TPU. It also integrates really well with home assistant, you could use it for the light triggering you mention.

I personally use Shinobi but it's not really great and constantly asking for money. Especially if you want to use the app.

replies(1): >>42287527 #

1. mattlondon ◴[01 Dec 24 10:21 UTC] No.42287527[source]▶

>>42287195 #

For me I use Nest cameras with Home Assistant.

I went through various brands of cameras and the Nest ones were the only ones that I could actually rely on. I didn't spend Megabucks but even mid-range local IP cams were very unreliable for RTSP (randomly going offline, super-sketchy partially translated apps for set up/config, frozen streams etc)

I am not concerned about Google's use of my data. I'm not important enough for anyone to want to spy on me specifically. Of all the cloud solutions/providers, I probably trust Google to have the technical know-how but also the public scrutiny pressure to do a general decent job (way more than some random rebadged Tuya service or something "in-house" thing). By that I mean things like e2e encrypted, there won't be employees with just random read access, decent engineering practices, proper security, SREs for uptime, and won't have default passwords/no passwords on some random world-readable S3 bucket etc.

And even if someone did manage infiltrate Google, they'd very likely target someone high-value before me - I doubt anyone would be able to exfiltrate all the data for practical reasons of where to put it but also someone at Google noticing additional exabytes of suddenly outbound data before getting shutdown. I'm working on the (perhaps flawed) assumption that a successful & undetected Google hack would be short-lived. You'd go for someone rich and powerful first, not video clips of me taking the rubbish out.

replies(2): >>42288396 #>>42288470 #

2. michaelt ◴[01 Dec 24 13:39 UTC] No.42288396[source]▶

>>42287527 (TP) #

> And even if someone did manage infiltrate Google, they'd very likely target someone high-value before me

The risk isn't just an evil insider infiltrating Google.

It's also that a lot of home security companies are in the business of having a friendly relationship with the authorities. So if the cops were investigating a fender-bender down the street and they ask Google for your videos? Better hope that living room camera doesn't show anything you wouldn't want the cops to see, because it's getting handed over.

replies(1): >>42288477 #

3. wkat4242 ◴[01 Dec 24 13:56 UTC] No.42288470[source]▶

>>42287527 (TP) #

Hmm I don't trust Google at all to be honest. I don't even use a Google account on my android phone anymore.

I do have some ring cameras but they're only looking at my front door and I've cut the microphones out of them (they're incredibly sensitive, I could literally hear myself word for word two rooms away).

Most of my cams are TP-Link used in local mode with internet access blocked.

4. wkat4242 ◴[01 Dec 24 13:57 UTC] No.42288477[source]▶

>>42288396 #

Yeah ring had a dirty habit of doing this too.

But they've stopped apparently: https://www.wired.com/story/ring-police-rfa-tool-shut-down/

Still, I've disabled the microphones in mine and they only see my front door anyway.

replies(1): >>42289351 #

5. ◴[01 Dec 24 17:01 UTC] No.42289351{3}[source]▶

>>42288477 #

↑