Ask Slashdot: Can You Have A Smart Home That's Not 'In The Cloud'?

With the announcement of Google Home on Wednesday, one anonymous Slashdot reader asks a timely question about cloud-based "remote control" services that feed information on your activities into someone else's advertising system: In principle, this should not be the case, but it is in practice. So how hard is it, really, to do 'home automation' without sending all your data to Google, Samsung, or whoever -- just keep it to yourself and share only what you want to share?

How hard would it be, for instance, to hack a Nest thermostat so it talks to a home server rather than Google? Or is there something already out there that would do the same thing as a Nest but without 'the cloud' as part of the requirement? Yes, a standard programmable thermostat does 90% of what a Nest does, but there are certain things that it won't do like respond to your comings and goings at odd hours, or be remotely switchable to a different mode (VPN to your own server from your phone and deal with it locally, perhaps?) Fundamentally, is there a way to get the convenience and not expose my entire life and home to unknown actors who by definition (read the terms of service) do not have my best interest in mind?
Yesterday one tech company asked its readers, "What company do you trust most to always be listening inside your home?" The winner was "nobody", with 63% of the votes -- followed by Google with 16%, and Apple with 13%. (Microsoft scored just 3%, while Amazon scored 2%.) So share your alternatives in the comments. What's the best way to set up home automation without sending data into the cloud?

Some PI based projects

[tim.thawkins]

https://wolfpaulus.com/journal... https://jasperproject.github.i... Neither use Google Voice, and all processimng stays inside the PI, you can also buy RELAY boards that plug into the PI to support home automation. http://www.seeedstudio.com/dep... example above, but there are many others.

Yes, there is software that does just that -

Karl Denninger, the guy who writes market-ticker, has done just that, and for the same reason subby has expressed.

His post expressing his reasons for rolling his own -

https://market-ticker.org/akcs-www?post=231376

And where to get it - http://homedaemon.net

Runs on a Raspberry PI 2

Re:No.

B-but can the cloud be very small; on your own server in your own home?

Depends on the devices

[Zocalo]

If they need to phone home for some reason (usually vendor provided data aggregation and presentation) then you are pretty much screwed. If you are more selective about your devices and choose wisely so that all the useful functionality you need can be provided without Internet access, then it's fairly easy if you know what you are doing:

1. Set up a dedicated LAN (wired and/or wireless, as required), with it's own IP range, SSID, etc.
2. Put all your "smart" devices on this LAN
3. Deny all outbound access from this LAN to any other network
4. Allow inbound access to this LAN from specific IPs within your main network only, or a VPN termination point (higher-end home routers that terminate open standard VPN protocols are great here, otherwise look into *Nix boxes or other appliances like some NAS appliances that can do so)
5. Access your data, reasonably sure that they are not phoning home

Depending on the device maker, you may also be able to selectively allow outbound access for firmware patching while still blocking all the other data farming, although you may need to do a little digging into the config and/or traffic capture to do this. Devices will often use the same domain for everything though, and all too often the same hostname, so you might need something capable of URL level filtering to get this working.

Of course, none of that does anything to really protect you from some of the abysmal security that many IoT type devices have on them; e.g. backdoors or other exploitable interfaces that are available over WLANs that enable you to access the device remotely and extract the pre-shared key for your WLAN (see above about putting all this stuff on a dedicated WLAN?), change configuration options, and so on. It's also worth noting that sites like Shodan will also let the bad actors geolocate devices that have known vulnerabilities to them so they can go for a far more targetted war-driving session than used to be the case where it was more of a "see what is out there, and maybe get lucky" exercise.

Re: Depends on the devices

[LVSlushdat]

Lemme tell you, its NOT just iot stuff thats afflicted with requirements to use a company owned website to configure/program the device. I wanted a clock radio that was also able to play shoutcast and other streaming audio sources. I found one for a great price by Acoustic Research, I'd always thought they had good products and went ahead and bought the unit. The first one I bought I found out after going around with their tech support for a month or so, would NOT EVEN do what the product info/brochure stated it would. I raised a big stink and they wound up sending me a more expensive model, which *did* work correctly per their advertised specs.. Here's the bitch: To program the unit you had to go to a 3rd party website and select the stations you wanted to listen to, which then programmed the unit, after which you could select between those stations freely. Since you had to register to use the website, they had my email address and whaddaya know, a couple of years after I bought the damn thing, I get an email telling me that the programming website is going away.. So now, as long as the unit continues to work, I can listen to the already programmed stations, but cannot add/change them after the website goes away.. A few months after that email the fucking thing quit connecting to my wifi and became a brick.. FUCK YOU ACOUSTIC RESEARCH!

MQTT + OpenWRT-router/some other server

[Gaygirlie]

I can't say about using proprietary, premade devices like Nest, but if you're willing to use Arduinos/ESP8266/whatnot and do a bit of programming you can use an OpenWRT-based router to run an MQTT-broker, or you can use a separate device like e.g. a Raspberry Pi for that and then Arduino/ESP8266/whatever for toggling of relays or logging power-consumption or temperatures or whatever you want automated. You don't actually have to connect any of the stuff to the Internet at all, or you can use an MQTT-client over an SSH-tunnel, or write your own front-end using Apache2 and PHP or a billion different other ways if you want it reachable from the Internet, too -- you have full control over what can and what can't be done over the Internet or if any of it can be accessed from the Internet at all.

This is, however, obviously the hard, DIY way of doing it. If you want an easy plug-and-pray system I have no idea if there even exists anything that doesn't share your stuff with 3rd parties. I, not-so-surprisingly, am in favour of the hard way that doesn't share everything with random, greedy 3rd-parties.

Re:MQTT + OpenWRT-router/some other server

[JaredOfEuropa]

You can mix & match with the right selection of components. I use the following, and I won't hesitate to recommend it:

- For generic Home Automation stuff, use Z-Wave: a non-open radio protocol that has proven to be pretty robust. Z-Wave devices form a mesh network so range generally isn't a problem. And with the latest version of the standard, some security has been added as well. There are tons of items out there: switches, dimmers, thermostats, locks, sensors, remotes, and so on, from many brands, in many ranges of prices and quality.

- You need a Z-Wave hub, and again you have several choices that do not require the cloud: Homeseer (reliable but you get nickle & dimed to death for addons, and it's less accessible to tinkering), Vera (pretty reliable, and best of all it is open to tinkering. You can write your own plugins for this hub and there is an active community of plugin developers), or OpenHAB + a Z-Wave stick (Open! But using it is still somewhat reminiscent of installing Linux in its early days). I am currently using a Vera hub

- Your hub needs to be able to address non Z-wave devices. Most hubs do this with plugins, allowing you to include these in your setup: WiFi-enabled thermostats, Philips Hue bulbs, Alarm systems, anything networked that has an API, really.

- For your DYI devices, use Arduino + a NRF24L01 radio module running the MySensors libraries. MySensors is an open DYI project using Arduinos, having them form a reliable mesh radio network (way better than WiFi), and you can build pretty much anything you can imagine with it, usig the libraries and a handful of lines of code. MySensors interfaces nicely with Vera, there's a plugin that will expose MySensors devices like switches and sensors as native Vera devices, allowing you to use them in scenes. For the MySensors gateway to be used with Vera, I recommend using an Ethernet Arduino for maximum reliability.

Oh, and for anything that needs to be somewhat reliable, avoid WiFi devices. WiFi is not a very good HA platform.

What's the great thing about a "smart" home

[NotInHere]

Since this "smart" home stuff began to emerge, I've always wondered what the great thing about it was. I personally do not mind having to leave the chair to turn on the lights, or having to carry physical keys with me to unlock the door. Nor do I mind having a "dumb" fridge where I have to think of the stuff to buy myself.

As a proper slashdotter, I spend a big chunk of my time in front of a screen, so I'm no way non-digital. Still I don't see any benefits in a "smart" home.

Re:What's the great thing about a "smart" home

Next you'd have us getting up to change the channel ... blasphemy!

Re:What's the great thing about a "smart" home

[thegarbz]

You don't see any benefits because you think the "smart" home is about switching off the lights from your computer. As a proper slashdotter you should have more imagination as to what technology can do for you.

- Track power to help reduce costs.
- Track water usage.
- Track plant watering for ideal horticulture, or even automate your garden.
- The inherent selling point of the Nest is that it optimises your heating to save money, not that you can control the temperature from the PC.
- Connected security devices.
- Automatic controlling of your home to prevent pointless inefficiencies or improve comfort, or even security (lights come on at specific intervals).

And that's without even actually putting much thought into it. If you're idea of a smart home is moving the lightswitch to your mobile phone then you're doing it wrong, very very wrong.

Re:What's the great thing about a "smart" home

[Nonesuch]

Making home infrastructure smart has plenty of utility, beyond simple laziness.

A smart thermostat connected to other home automation can know when nobody is home, automatically switch to energy saving mode, and then be notified when a resident is heading home so it can enter recovery mode and be back to a comfortable temperature by the time you arrive. Same goes for water heating -- if nobody is around, water in the storage heater tank can be allowed to cool down, and then brought back up to temperature before it is needed.

Speaking of hot water, having my own "smart meter" and monitoring allowed me to detect when the water heater was failing (energy use increased significantly), long before it stopped working entirely. Keeping track of power consumption by the AC system and fan can tell you when a filter is clogged or if a pump or fan motor is failing. By monitoring water usage (flow rate), you can detect plumbing leaks as well as notice when a hose is left running.

A one-way-feed out from an alarm system can be useful. If an alarm is triggered in the basement or first floor while system is "Armed-Home", then all lights on only that floor are turned on at full brightness. If "Armed-Away", all lights on all floors go into full disco stroboscope mode, and outside lights start blinking slowly on and off in the traditional S-O-S pattern. You can literally have an air gap between your alarm and home automation by using a photodiode to read the alarm LED state if you want to be paranoid.

My next step is to install powered insulated window blinds that open on sunny winter days for passive heating, then close at night to keep the heat in, and a UV sensor that closes the blinds on really sunny days to reduce UV fading of my furnishings.

X10

[chiefmojorising]

It's only been around since the '70s.

https://www.x10.com/x10-home-a...

What about X-10?

[gatkinso]

I thought that was all locally controlled.

Alternatives

[geoskd]

Or is there something already out there that would do the same thing as a Nest but without 'the cloud' as part of the requirement? Yes, a standard programmable thermostat does 90% of what a Nest does,

There is, the company is Connexus Controls . We provide HVAC control systems for new installations and retrofit. We provide remote access similar to the way the Nest and others do, but unlike the others, there is no centralized server, your data stays in your home, and the system will function perfectly fine with or without network access. We will provide access to our control API for anyone that wants to tinker with the system, opening up a whole world of opportunity.

Interesting problem...

[kbonin]

As a developer of custom hardware and software, I'd LOVE to make products in this space. However:
1) Most people are trained to look for cheapest prices for devices, which are (for the most part) made in third-world sweatshops.
2) To provide a competitive price, you have to manufacture in volume in third-world sweatshops.
3) Due to lack of functioning IP protections in third-world countries, manufacturing there means instantly creating many competitors you cant compete with.
4) If you're willing to give up most of the world markets, you can still only compete against imports by spending lots on lawyers for ITC import games.

In their defense, "cloud" components provide a way to monetize the product in a manner somewhat resistant to third-world knockoffs and late shift runs to your competitors, as well as provide a user-friendly front end that you can tune without requiring the customers to update software, which is always a nightmare. That said, there is NO moral defense against the wholesale "all your data belongs to us, we can sell anything to anyone as long as we anonymize (sic) it" games that are played today. That said, for most modern corporations there are no such thing as morals.

I'm not aware of realistic ways to bring such products to market that are price competitive AND can provide sufficient income stream to recover initial investments, cover ongoing operating costs for a small team, and turn even a modest profit. Not in this world.

DIY shouldn't be hard

[i.r.id10t]

A duct tape and bailing wire DIY shouldn't be too hard. Tricky part will be a smooth consistent niceness.

Quick google shows X10 to be alive and well, with RF or wired access to the devices. A webserver-with-API-to-X10-controller bridge device shouldn't be too hard to do with a Pi or similar acting as the bridge hardware, so that can get you on your local network - a quick google shows you should check the Pi and a project called Heyu. Rent a Linode or similar VPS for internet based control if you can't get a static method of addressing your home network when you are away or if your service provider blocks the ports you want to use

Re:You simply don't have home automation..

There is a difference between being connected to the internet and being dependent on a 3rd party's servers for your home automation to operate. The latter is the concern here.

Re: No.

I have lights, hi Rez cameras, facial recognition, doors, locks, spa control, garage and alarm system. NONE of that is in the cloud and I control it directly with my phone, get alerts etc. There are plenty of options.

Re: No.

[PopeRatzo]

I have lights, hi Rez cameras, facial recognition, doors, locks, spa control, garage and alarm system.

:Are you a James Bond supervillain?

Re:No.

[ShanghaiBill]

B-but can the cloud be very small; on your own server in your own home?

Not unless you want to spend a lot of money, and hundreds of hours of your own time.

Look, the economics of this is simple: By producing data that can be monitized, the cloud companies can reduce the up-front price. Most people go with the cheapest option. This reduces costs even more, since NRE can be spread over more units. It would be very difficult for a non-cloud company to compete with that. People that care about their privacy, and are willing to pay extra to protect it, are a niche market.

My home automation system uses an Amazon Echo and a Samsung SmartThings hub. The Echo is cloud based. I would prefer a non-cloud solution, but to be honest, I would not be willing to pay much more for it. I don't really care that much if Amazon knows what time I turn off the lights.

Re:No.

[johanw]

Removing spying background services on an open system like Android is easy: either don't install the Google stuff (or remove it), or disable it selectively:

1. Root the phone (it is YOUR phone, you're the boss).
2. Install a service manager like https://play.google.com/store/...
3. Open it, go to system, open Google Play Services.
4. Disable AdvertisingIdNotificationService, AdvertisingIdService, AnalyticsIntendService, AnalyticsService and AnalyticsUploadIntendService.

Now open Google Settings and see that your device does not have an advertising ID anymore. The above method kills most, however some apps collect their own data and don't let it go via Google so watch out what you install.

Re: No.

That's bullshit. Speech recognition was at like 97% or so for years before people had always on connections. And it gets even easier if you're dealing with commands and have people using fixed commands. Sort of like what Google does with OK Google. If you add House Activate or something similar before the command, then the system just has to see if what you said matches a known command.

The only thing that's at all tricky about it is setting it up so that it doesn't activate in response to the TV or radio.

Re: No.

[Etcetera]

That's bullshit. Speech recognition was at like 97% or so for years before people had always on connections. And it gets even easier if you're dealing with commands and have people using fixed commands. Sort of like what Google does with OK Google. If you add House Activate or something similar before the command, then the system just has to see if what you said matches a known command.

The only thing that's at all tricky about it is setting it up so that it doesn't activate in response to the TV or radio.

^This. Mod parent up. Natural language parsing and speech recognition has been improving for years, and even Apple has finally allowed "offline recognition" options for their base system.

Going to the cloud makes it *easier*, since it vastly increases the number of samples and allows them to not care about processing resources at all and be generally shit programmers unless their project eats up too much of the internal balance sheet.

We all have computers far more powerful than are necessary to do this in our pockets. Add a desktop system to act as a central unit (not an unreasonable requirement) and to offload any particularly difficult recognition task to and it's entirely possible to have it all work internally.

Re:No.

No, you don't observe that. What you observe is that newer items with more power come out for about the same price as they used to. Texas Instruments is a good example, the price points don't change, but the capabilities have gotten a bit better over the years. But, you're still looking at the same price.

In markets where there's a bit more competition you'll see that the companies will occasionally be forced to reduce prices in order to compete, which lasts until they buy out the competition and put an end to it.

They're not passing savings onto the customer and I've rarely, if ever, seen products be reduced in price because they're starting to spy on the customer. They're certainly not passing on the money that they're making on an ongoing basis otherwise eventually these devices would pay for themselves.

The sheer mental gymnastics necessary to make your point valid is mind boggling. Mostly because the savings aren't passed onto the consumer, they're kept as corporate profits.

Mycroft

[fyngyrz]

Mycroft just released (Python, version unspecified) code they say you can run on your Raspberry Pi; Mycroft is an Alexa-like system, differences being it's open, the s/w is free so you can build your own, and the hardware is pretty open too.

There is cloud STT (Speech-To-Text) going on, but they're interested in local STT according to an email they sent around to those of us on their mailing list. My GPS (ca. 2013) does non-cloud general STT, so there's working code out there.

Speaking as an owner of both an Echo and an Echo Dot, I'm very hopeful that Mycroft will join them, perhaps even replace them.

Echo's huge drawback is that it doesn't have a local operating mode via LAN ports, nor local STT and TTS. Not to mention the absurd requirement that you put up an SSL server just to make the simplest possible function work.