So, I’m tired of all these companies having access to my information and data. I’m also trying to limit security concerns from hackers and general lowlifes. Is this possible? Is there anyone who teaches or guides on this (preferably on YouTube as im a bit of a visual learner).
Like others have said - don’t buy Cloud based products. Don’t buy from huge marketing companies intended on World Domination.
That being said, there are lots of good options.
HomeAssistant, Homeseer, and certainly our (Allonis) myServer controller.
Speaking specifically about myServer (I think this applies to all three), there is no requirement for Internet connectivity. The only things you need Internet for is: Software updates from our cloud server, optional TVGuide data, optional Weather data updates. Remote assistance from Allonis. We have done high security installation for the government, a prison, and schools and a very popular Silicon Valley company. All require NO Internet connection for security. Some required the system to be on it’s own standalone network (not even from a managed switch).
Even our in development voice control system does not require any Internet access. Optionally you can decide to forward your “words” (not your conversations) to cloud based services that you are all very familiar with. But the core “remote control” aspects are handled by myServer in house.
We haven’t done Matter development yet (not ready for prime time) but I don’t believe there is any requirements for Internet if it’s executed with that requirement from the company that integrates it (Allonis). Feel free to raise and cite exceptions that are known.
Z-Wave and Zigbee and Lutron and DMX and hundreds of other protocols don’t require any connection to the Internet.
Make sure you have a well architected and engineered network starting with your firewall. Make sure you have modded the default password!!! That’s the number 1 gotcha.
Don’t give anyone access to your non Guest network. Ensure your Guest network has no connection to your devices or computers on your network.
Create a Control Network that is it’s own subnet independent of the rest of your casual use PCs. Ensure you use good password control of your Wifi network.
Anyway, the above items brings you into a pretty secure environment.
i’ll ask if i can teach it how to make a safe space.
if you are a tech person, definitely take a look at HomeAssistant! https://www.home-assistant.io/
get notifications to your phone and off course, remotely control the system as well. here’s an easy guide to get started for HA as an alarm system https://youtu.be/1IuYWsR5M4c
that should give u an idea of how HA works. then add lights, cams, audio, whatever as u want
You can get a fairly complicated local setup with a bunch of DIY, but you should really ask yourself whether it’s worth it.
Nobody at those companies cares what your light schedule is or wants to watch your doorbell cam. You can usually set data retention so that they have very little data either way, or potentially store some data privately, such as video, even while using cloud services.
Meanwhile, the best way to make your smart devices easy to compromise is to be responsible for your own software updates and security. This stuff needs to be looked at daily, and these cloud providers have entire teams that focus only on this.
Can be fully autonomous. No connection to internet
Outside of Alexa and Google voice control.
Use a non-ip based automation tech. ZWave, zigbee, insteon, knx and RadioRa2 are popular choices.
Pick a controller that doesn’t need the cloud. Hubitat, HomeSeer, ISY994 and HomeAssistant are likewise popular. These controllers at most need internet access for initial set up and software updates.
You can lock them down completely or open specific ports for emails, remote access, etc.
By far Apples HomeKit would be your most secure for your data privacy.
Is this possible?
Yes.
Will you have the same level of functionality and convenience? No.
Will it be easy? No.
There are tricks you can play with your firewall and other networking pieces to prevent devices from calling home. But those devices have to have local API’s exposed so you can still control them.
Consumer HA companies rolled out WiFi cloud solutions because it was easy. Consumer could get started after buying just one device. Not need for a HUB and compatibility. Then they learned that cloud data can actually be pretty useful.
Hopefully Matter will cut into this mess. Part of the standard is that all devices should have local control and cloud access should be only for added functionality.
Hey,
As someone that absolutely loves smart home / IoT, is a developer, builds my own stuff. I’m not gonna sugar coat it.
Smart vacuums with SSH backdoors that sell maps of your house to advertisers, devices where functionality you pay for gets a firmware update that removes that functionality, devices that get abandoned by the manufacturer leaving you with expensive paperweights - these are all common everyday things. For normal, non technical consumers, Smart home is an absolute minefield. To achieve a smart home that doesn’t essentially fuck you over as a consumer, it is difficult, you will need to invest significant amounts of time and money, but, it is technically possible. This is what I do.
Other posters have recommended Home Assistant, it’s great as a hub. You can set it up on a computer you control, and it generally respects your privacy. That said, if you don’t have experience with Linux, networking, etc, it is easy to make a mistake and open up yourself up to “hackers and general lowlifes”. You need to read and understand what you’re doing. I’d read the official manuals for things, folks on YouTube often give incorrect or bad advice, because ultimately everybody makes mistakes, this is complicated stuff. You can make home assistant pretty secure by using a VPN like wireguard for ingress, can’t hack it if you can’t connect to it.
Device selection is going to be hard. Lots of devices only operate via the cloud anyway, one easy solution is to dive straight into Zigbee and/or Zwave devices, these devices communicate via radio and pretty much can’t violate your privacy as they don’t have an internet connection. For WiFi devices, it’s a lot more complicated, devices generally don’t tell you upfront and will require reverse engineering to figure out how they work. Lots of stuff may say they are local only but then require the manufacturers app and an account to setup. There are some that are designed well (Shelly is a great example), but most sadly are not. As a blanket statement I would say avoid anything WiFi or Ethernet unless you are confident they are local only, and you have a networking setup that allows you to firewall their internet access. Sometimes devices are significantly more expensive, for example a ring doorbell is only £50, while my Dahua VTO2202F-P is more like £150, but at least it works fully locally.
Amusingly, I don’t much care about the privacy aspect, I just want my stuff to work when my internet is down, and I don’t want to build my smart home around devices that the manufacturer will eventually drop support for. People will ridicule you for it and tell you to go buy an Amazon echo, so no doubt enjoy that too.
Good luck, and if you have questions, feel free to ask.
I’m curious about a robot vacuum with a SSH back door. My Google Fu is failing me on this one.
Dreame, Here you go 29:41.
Home- assistant premise is to run everything locally as much as possible to avoid the dependence on cloud based devices and / or their cloud based services. There is a learning curve no doubt… and can be a bit overwhelming at first but imo worth it.
There is a huge following and literally thousands of videos on YouTube going into detail on so many specifics. Maybe look into it…
Potentially setting off a war here, but isn’t Home Assistant even in the process of adding Matter support to obviate the need for Zigbee and Z-wave in favor of Wi-Fi, Bluetooth, and Thread?
That’s honestly all I’m waiting for since all my smart devices support Matter and I’ll slowly introduce more as more become available.
Setting up with only local Integrations is the way forward. Then VLANs can help with the rest.
VLANs are not the only answer. If your smart hub on its private IoT VLAN becomes a bot farm victim and consumes all your ISP bandwidth and/or gets your IP blacklisted you’re still hooped.
Defense in depth is key, VLANs help, but also specific firewall rules, keep up patching, smart password and MFA practices, etc.