Slashdot Mirror
Ask Slashdot: Can You Have A Smart Home That's Not 'In The Cloud'?
With the announcement of Google Home on Wednesday, one anonymous Slashdot reader asks a timely question about cloud-based "remote control" services that feed information on your activities into someone else's advertising system:
In principle, this should not be the case, but it is in practice. So how hard is it, really, to do 'home automation' without sending all your data to Google, Samsung, or whoever -- just keep it to yourself and share only what you want to share?
How hard would it be, for instance, to hack a Nest thermostat so it talks to a home server rather than Google? Or is there something already out there that would do the same thing as a Nest but without 'the cloud' as part of the requirement? Yes, a standard programmable thermostat does 90% of what a Nest does, but there are certain things that it won't do like respond to your comings and goings at odd hours, or be remotely switchable to a different mode (VPN to your own server from your phone and deal with it locally, perhaps?) Fundamentally, is there a way to get the convenience and not expose my entire life and home to unknown actors who by definition (read the terms of service) do not have my best interest in mind?
Yesterday one tech company asked its readers, "What company do you trust most to always be listening inside your home?" The winner was "nobody", with 63% of the votes -- followed by Google with 16%, and Apple with 13%. (Microsoft scored just 3%, while Amazon scored 2%.) So share your alternatives in the comments. What's the best way to set up home automation without sending data into the cloud?
How hard would it be, for instance, to hack a Nest thermostat so it talks to a home server rather than Google? Or is there something already out there that would do the same thing as a Nest but without 'the cloud' as part of the requirement? Yes, a standard programmable thermostat does 90% of what a Nest does, but there are certain things that it won't do like respond to your comings and goings at odd hours, or be remotely switchable to a different mode (VPN to your own server from your phone and deal with it locally, perhaps?) Fundamentally, is there a way to get the convenience and not expose my entire life and home to unknown actors who by definition (read the terms of service) do not have my best interest in mind?
Yesterday one tech company asked its readers, "What company do you trust most to always be listening inside your home?" The winner was "nobody", with 63% of the votes -- followed by Google with 16%, and Apple with 13%. (Microsoft scored just 3%, while Amazon scored 2%.) So share your alternatives in the comments. What's the best way to set up home automation without sending data into the cloud?
Karl Denninger, the guy who writes market-ticker, has done just that, and for the same reason subby has expressed.
His post expressing his reasons for rolling his own -
https://market-ticker.org/akcs-www?post=231376
And where to get it - http://homedaemon.net
Runs on a Raspberry PI 2
Depending on the device maker, you may also be able to selectively allow outbound access for firmware patching while still blocking all the other data farming, although you may need to do a little digging into the config and/or traffic capture to do this. Devices will often use the same domain for everything though, and all too often the same hostname, so you might need something capable of URL level filtering to get this working.
Of course, none of that does anything to really protect you from some of the abysmal security that many IoT type devices have on them; e.g. backdoors or other exploitable interfaces that are available over WLANs that enable you to access the device remotely and extract the pre-shared key for your WLAN (see above about putting all this stuff on a dedicated WLAN?), change configuration options, and so on. It's also worth noting that sites like Shodan will also let the bad actors geolocate devices that have known vulnerabilities to them so they can go for a far more targetted war-driving session than used to be the case where it was more of a "see what is out there, and maybe get lucky" exercise.
UNIX? They're not even circumcised! Savages!
I can't say about using proprietary, premade devices like Nest, but if you're willing to use Arduinos/ESP8266/whatnot and do a bit of programming you can use an OpenWRT-based router to run an MQTT-broker, or you can use a separate device like e.g. a Raspberry Pi for that and then Arduino/ESP8266/whatever for toggling of relays or logging power-consumption or temperatures or whatever you want automated. You don't actually have to connect any of the stuff to the Internet at all, or you can use an MQTT-client over an SSH-tunnel, or write your own front-end using Apache2 and PHP or a billion different other ways if you want it reachable from the Internet, too -- you have full control over what can and what can't be done over the Internet or if any of it can be accessed from the Internet at all.
This is, however, obviously the hard, DIY way of doing it. If you want an easy plug-and-pray system I have no idea if there even exists anything that doesn't share your stuff with 3rd parties. I, not-so-surprisingly, am in favour of the hard way that doesn't share everything with random, greedy 3rd-parties.
Since this "smart" home stuff began to emerge, I've always wondered what the great thing about it was. I personally do not mind having to leave the chair to turn on the lights, or having to carry physical keys with me to unlock the door. Nor do I mind having a "dumb" fridge where I have to think of the stuff to buy myself.
As a proper slashdotter, I spend a big chunk of my time in front of a screen, so I'm no way non-digital. Still I don't see any benefits in a "smart" home.
It's only been around since the '70s.
https://www.x10.com/x10-home-a...
Or is there something already out there that would do the same thing as a Nest but without 'the cloud' as part of the requirement? Yes, a standard programmable thermostat does 90% of what a Nest does,
There is, the company is Connexus Controls . We provide HVAC control systems for new installations and retrofit. We provide remote access similar to the way the Nest and others do, but unlike the others, there is no centralized server, your data stays in your home, and the system will function perfectly fine with or without network access. We will provide access to our control API for anyone that wants to tinker with the system, opening up a whole world of opportunity.
I wish I had a good sig, but all the good ones are copyrighted
:Are you a James Bond supervillain?
You are welcome on my lawn.
B-but can the cloud be very small; on your own server in your own home?
Not unless you want to spend a lot of money, and hundreds of hours of your own time.
Look, the economics of this is simple: By producing data that can be monitized, the cloud companies can reduce the up-front price. Most people go with the cheapest option. This reduces costs even more, since NRE can be spread over more units. It would be very difficult for a non-cloud company to compete with that. People that care about their privacy, and are willing to pay extra to protect it, are a niche market.
My home automation system uses an Amazon Echo and a Samsung SmartThings hub. The Echo is cloud based. I would prefer a non-cloud solution, but to be honest, I would not be willing to pay much more for it. I don't really care that much if Amazon knows what time I turn off the lights.
Removing spying background services on an open system like Android is easy: either don't install the Google stuff (or remove it), or disable it selectively:
1. Root the phone (it is YOUR phone, you're the boss).
2. Install a service manager like https://play.google.com/store/...
3. Open it, go to system, open Google Play Services.
4. Disable AdvertisingIdNotificationService, AdvertisingIdService, AnalyticsIntendService, AnalyticsService and AnalyticsUploadIntendService.
Now open Google Settings and see that your device does not have an advertising ID anymore. The above method kills most, however some apps collect their own data and don't let it go via Google so watch out what you install.
That's bullshit. Speech recognition was at like 97% or so for years before people had always on connections. And it gets even easier if you're dealing with commands and have people using fixed commands. Sort of like what Google does with OK Google. If you add House Activate or something similar before the command, then the system just has to see if what you said matches a known command.
The only thing that's at all tricky about it is setting it up so that it doesn't activate in response to the TV or radio.
That's bullshit. Speech recognition was at like 97% or so for years before people had always on connections. And it gets even easier if you're dealing with commands and have people using fixed commands. Sort of like what Google does with OK Google. If you add House Activate or something similar before the command, then the system just has to see if what you said matches a known command.
The only thing that's at all tricky about it is setting it up so that it doesn't activate in response to the TV or radio.
^This. Mod parent up. Natural language parsing and speech recognition has been improving for years, and even Apple has finally allowed "offline recognition" options for their base system.
Going to the cloud makes it *easier*, since it vastly increases the number of samples and allows them to not care about processing resources at all and be generally shit programmers unless their project eats up too much of the internal balance sheet.
We all have computers far more powerful than are necessary to do this in our pockets. Add a desktop system to act as a central unit (not an unreasonable requirement) and to offload any particularly difficult recognition task to and it's entirely possible to have it all work internally.
Hire a Linux system administrator, systems engineer,