←back to thread

Show HN: Open-source private home security camera system (end-to-end encryption)

(github.com)
551 points arrdalan | 1 comments | 30 Nov 24 22:13 UTC | HN request time: 0.302s | source

I needed a security camera inside my house, one that would send motion notifications to my smartphone and would allow me to livestream remotely. However, I could not find one that I could trust due to privacy concerns. Many of them upload the plaintext of videos to their servers and none is fully open-source as far as I know. Therefore, I decided to use my spare time to build one from scratch. Called Privastead (as in Private Homestead), it uses OpenMLS for end-to-end encryption (between the camera local hub and the smartphone) and is mostly implemented in Rust (except for part of the Android app that is implemented in Kotlin). The system is functional now and I've been using it in my own house for the past couple of weeks.

Based on some of the discussions I've seen online, it seems like there are other users who are also concerned with the privacy implications of home security cameras. Therefore, I decided to open source my solution for everyone to use. If you need a privacy-preserving home security camera, please give it a try and provide feedback. Note that trying out the system requires you to have a supported IP camera, a local machine connected to the IP camera, a server, and an Android smartphone. I have put together detailed instructions on setting up the system, which I hope makes it easier for others to get the system up and running.

In addition, consider contributing to the project. The prototype currently has a lot of limitations: mainly that it has only been tested with one IP camera, only allows the use of one camera, and only supports Android. I'll continue to improve the prototype as time permits, but progress will be much faster if there are other contributors as well.

Show context
dylan604 ◴[01 Dec 24 02:09 UTC] No.42285585[source]
"Privastead uses the Google Firebase Cloud Messaging (FCM)"

I'm am totally unfamiliar with this, but what level of concern that theGoogs pulls the plug on this service about the time you gain traction?

replies(2): >>42285796 #>>42287204 #
arrdalan ◴[01 Dec 24 02:56 UTC] No.42285796[source]
I'm not too concerned with that. As far as I know, almost all Android apps that need to send notifications to the device use FCM. If Google pulls the plug on it, many apps will stop working as intended.
replies(1): >>42288122 #
SushiHippie ◴[01 Dec 24 12:34 UTC] No.42288122[source]
The open source/degoogled alternative to that is UnifiedPush, did you take a look at this?

https://unifiedpush.org/

https://ntfy.sh/

replies(1): >>42288698 #
arrdalan ◴[01 Dec 24 14:48 UTC] No.42288698[source]
I did not, but I will. I would just point out that Privastead assumes the the push notification infrastructure is untrusted anyway.
replies(2): >>42288745 #>>42290072 #
1. SushiHippie ◴[01 Dec 24 19:17 UTC] No.42290072[source]
Sure, just wanted to tell you about it, as this seems to be defacto standard for foss android apps, for example most if not all https://matrix.org clients use it for push notifications (when you use their de googled build, or don't have play services) available. I also use a Signal fork with UnifiedPush and have some server alert scripts which post to my self-hosted ntfy instance, and the ntfy app itself will display them (otherwise for the Messengers, the Notifications will be from the messenger app itself, as these apps get "notified" aboout a notification and then do their own thing).