Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Can You Have A Smart Home That's Not 'In The Cloud'?

Posted by EditorDavid on from the clear-skies-initiative dept.

With the announcement of Google Home on Wednesday, one anonymous Slashdot reader asks a timely question about cloud-based "remote control" services that feed information on your activities into someone else's advertising system: In principle, this should not be the case, but it is in practice. So how hard is it, really, to do 'home automation' without sending all your data to Google, Samsung, or whoever -- just keep it to yourself and share only what you want to share?

How hard would it be, for instance, to hack a Nest thermostat so it talks to a home server rather than Google? Or is there something already out there that would do the same thing as a Nest but without 'the cloud' as part of the requirement? Yes, a standard programmable thermostat does 90% of what a Nest does, but there are certain things that it won't do like respond to your comings and goings at odd hours, or be remotely switchable to a different mode (VPN to your own server from your phone and deal with it locally, perhaps?) Fundamentally, is there a way to get the convenience and not expose my entire life and home to unknown actors who by definition (read the terms of service) do not have my best interest in mind?
Yesterday one tech company asked its readers, "What company do you trust most to always be listening inside your home?" The winner was "nobody", with 63% of the votes -- followed by Google with 16%, and Apple with 13%. (Microsoft scored just 3%, while Amazon scored 2%.) So share your alternatives in the comments. What's the best way to set up home automation without sending data into the cloud?

5 of 183 comments (clear)

  1. Yes, there is software that does just that - by Anonymous Coward · · Score: 5, Informative

    Karl Denninger, the guy who writes market-ticker, has done just that, and for the same reason subby has expressed.

    His post expressing his reasons for rolling his own -

    https://market-ticker.org/akcs-www?post=231376

    And where to get it - http://homedaemon.net

    Runs on a Raspberry PI 2

  2. Depends on the devices by Zocalo · · Score: 3, Informative
    If they need to phone home for some reason (usually vendor provided data aggregation and presentation) then you are pretty much screwed. If you are more selective about your devices and choose wisely so that all the useful functionality you need can be provided without Internet access, then it's fairly easy if you know what you are doing:
    1. Set up a dedicated LAN (wired and/or wireless, as required), with it's own IP range, SSID, etc.
    2. Put all your "smart" devices on this LAN
    3. Deny all outbound access from this LAN to any other network
    4. Allow inbound access to this LAN from specific IPs within your main network only, or a VPN termination point (higher-end home routers that terminate open standard VPN protocols are great here, otherwise look into *Nix boxes or other appliances like some NAS appliances that can do so)
    5. Access your data, reasonably sure that they are not phoning home

    Depending on the device maker, you may also be able to selectively allow outbound access for firmware patching while still blocking all the other data farming, although you may need to do a little digging into the config and/or traffic capture to do this. Devices will often use the same domain for everything though, and all too often the same hostname, so you might need something capable of URL level filtering to get this working.

    Of course, none of that does anything to really protect you from some of the abysmal security that many IoT type devices have on them; e.g. backdoors or other exploitable interfaces that are available over WLANs that enable you to access the device remotely and extract the pre-shared key for your WLAN (see above about putting all this stuff on a dedicated WLAN?), change configuration options, and so on. It's also worth noting that sites like Shodan will also let the bad actors geolocate devices that have known vulnerabilities to them so they can go for a far more targetted war-driving session than used to be the case where it was more of a "see what is out there, and maybe get lucky" exercise.

    --
    UNIX? They're not even circumcised! Savages!
  3. X10 by chiefmojorising · · Score: 4, Informative

    It's only been around since the '70s.

    https://www.x10.com/x10-home-a...

  4. Alternatives by geoskd · · Score: 4, Informative

    Or is there something already out there that would do the same thing as a Nest but without 'the cloud' as part of the requirement? Yes, a standard programmable thermostat does 90% of what a Nest does,

    There is, the company is Connexus Controls . We provide HVAC control systems for new installations and retrofit. We provide remote access similar to the way the Nest and others do, but unlike the others, there is no centralized server, your data stays in your home, and the system will function perfectly fine with or without network access. We will provide access to our control API for anyone that wants to tinker with the system, opening up a whole world of opportunity.

    --
    I wish I had a good sig, but all the good ones are copyrighted
  5. Re:No. by johanw · · Score: 4, Informative

    Removing spying background services on an open system like Android is easy: either don't install the Google stuff (or remove it), or disable it selectively:

    1. Root the phone (it is YOUR phone, you're the boss).
    2. Install a service manager like https://play.google.com/store/...
    3. Open it, go to system, open Google Play Services.
    4. Disable AdvertisingIdNotificationService, AdvertisingIdService, AnalyticsIntendService, AnalyticsService and AnalyticsUploadIntendService.

    Now open Google Settings and see that your device does not have an advertising ID anymore. The above method kills most, however some apps collect their own data and don't let it go via Google so watch out what you install.