I’d be interested to know if anyone has a moderate cost system that doesn’t force you to use a company’s cloud (and thus making them prone to abuse like this). I personally have a POE setup with some commercial grade cameras ($400 a pop), with attached NAS on a private network, and home-rolled a means to access the cameras remotely, but it’s not exactly economical or practical
Synology Surveilance Station [1], it supports 2 cameras per NAS for free, extra cameras $50 per device. I use an old 2 HDD NAS with 2 cameras for a few years already, it works perfectly well. (One Reolink camera, another Amcrest, both record video in h264).
Oh, I was not aware of this change. Hopefully, I just have to reject all software updates and continue running my 2 Synology NASes with cheap shucked WD drives inside.
Just use some Reolink or similar ONVIF cameras like Axis or Dahua. Block traffic from them to anywhere other than your NAS. They're pretty simple, mine have the ability to just FTP captures to a given system, and thus I've got redundant captures (on a system with a bunch of drives, and on the microsd cards in the cameras). Maybe there's some spooky backdoor crazy way they can phone home, but I doubt it given how they're PoE and access to basically every other system is locked down my firewall.
Trying to find an affordable camera / baby monitor that was both secure and offline was a tough one for me, it seems every single consumer oriented camera has a remote access functionality (= a backdoor) nowadays, and the baby monitors that don’t use wifi are only secure through obscurity with some of them being as easy to hack as buying the same model.
I ended up with an Amcrest IP2M-841 and Tinycam on Android (as I understand using RTSP), and blocking internet access of the camera through the router. As I found out, just connecting it to the internet will automatically connect to servers for allowing “easy setup” of the remote access feature.
There is such a difference between listening in from within radio range vs across the entire internet. I have basically 0 worries about the neighbors; they have their own lives.
My consumer-grade “walkie talkie” had a very short range in a city, like one block.
+1 for Reolink. We have a reolink camera hooked into home assistant, the whole setup is local and reolink's API exposes every single feature in home assistant with no additional setup needed.
My house also came with an existing NVR camera network which I can view in home assistant over my router without it ever going to the cloud as well.
Thanks. You've answered my question about Home Assistant. I'm not familiar with Reolink and will give them a look.
I have a Wyze camera and their janky HA integration seems to have stopped working after a firmware update. They're also the epitome of enshittification and want to nickel and dime me for every feature -- I'd be glad to ditch them.
Maybe I'm paranoid, but I have a separate VLAN with its own WiFi SSID for iot things like cameras, sensors, washing machine, dryer, solar panels and a bunch of ESP32 based projects. It has no internet access, and is only accessible from my home automation server. Those devices really only need to send data to Home Assistant and expose some basic APIs to it.
Are you asking outside the context of the home surveillance cams? just whether it's possible to prevent backdoors to your iphone camera?
IME you have no control over the baseband chip of a cell phone, no reason to trust it's not enabling its camera or microphone at any time. I have a flip phone which comes in a non-camera version. I have an iphone without a SIM I can connect to its hotspot if I need to do something smartphoney.
Yes, I'm asking outside the context of home surveillance. I'm just curious how "paranoid" people deal with smartphones. I'm paranoid myself, but I'm also lazy ...
As a paranoid and lazy person, I just pick my battles. No amount of fiddling with hardware security keys and secure computing is a reasonable protection against rubber hose cryptography.
My grandparents solved that by putting their mobile phone number on their door. They're slow to come down and open the door so it makes sense for the post person or visitor to know they're on their way
Relatively low tech compared to somehow hooking up a camera livestream system to ring your phone via the internet in some way but it works
Sorry for bugging you about this. I'm not the person you are responding to but this is important to me before buying so if you don't mind, could you verify that this is your setup?
1. The doorbell cam is connected only to the LAN.
2. The doorbell cam is definitely blocked from accessing the internet.
3. Having access to the LAN from your phone through VPN allows you to watch the feed and talk to people at the door through the app.
2. I have not gone through the trouble of isolating them on their own VLAN, but I don't see any traffic coming from the devices. This is something you will want to audit on your own network if it is important to you.
3. I have viewed the camera output through VPN, but have not yet tried speaking through the doorbell (or through one of my camera's audio output). I don't see why it would not work.
Depending on your technical abilities, you can set up Frigate or maybe Scripted. Or possibly even just the Home Assistant integration. All of these would be self hosted options, accessible only by LAN if that's how you want it.
The Reolink doorbell camera is a typical recommendation and can work fully locally and supports well the common standards like RTSP. 2 way audio works as well.
I believe the NVR Reolink sells can also work fully locally as well. Which also can integrate to home assistant.
Recently replaced my Eufy system with UI ones - I’m a big fan so far. Picked up a few new 4k ones for important areas and got the rest used on marketplace via a 4-pack of 2k ones for $150 from a hair salon that had changed systems.
HomeKit Secure Video has a cloud, but it’s locally encrypted with keys Apple doesn’t have before it leaves the house. It supports a bunch of cheap cameras and doorbells (which will try to phone home, but you can block them from internet access without breaking local HomeKit).
Not exactly what you’re asking for, but great ease of use at a good price, and good privacy.
I use a local NVR containing a couple of hard drives totalling maybe 8TB of storage attached to same-branded cameras (ranging between $80 and $150 each) that I can access locally, and remotely via Wireguard.
I'd say it's economical in comparison to cloud options, but, yes, not all that practical to the less technical crowd.
I specifically block the camera and NVR local IP addresses from accessing the internet. I don't really want the possibility of an private company accessing live (or recorded) video of where I live.
Brand is Reolink. I've been slowly building up the system over five-ish years and have not yet found any reason to kick myself for choosing that brand. I also have some TP-Link Tapo cameras for more temporary things, like monitoring pets.
I've also setup Frigate as an alternative system, both for my own interest and as a way to aggregate different camera brands to a single interface. Frigate can be a bit complex.
Is there anything that runs for a decent amount of time, wifi and essentially all-wireless? Blink somewhat works on its own local hub, but honestly its crap for detecting when things happen so I wont be upgrading from my used 2-pack + hub even though it does integrate well with HA.
I'd really like something that'd be apartment friendly so no drilling holes.
The TP-Link Tapo cameras I have are wireless and seem to work well enough. I'd recommend to run them through frigate or some other independent surveillance software if you don't want them internet accessible.
They're quite cheap when they're on special, and Amazon seem to have specials on them relatively regularly.
(as much as I don't like to recommend Amazon for anything)
They have to know only to achieve the goal of disabling the camera, but they would probably use it for everyone's, and hope for the best if they are desperate. I am not sure if you can tell if the camera has been disabled.
Doesn’t matter. Someone can walk into jamming range wearing a mask, fire up the jammer, and there is no record of the B&E that happens 60 seconds later.
Wireless cameras are mostly a false sense of security for homeowners, much like a deadbolt on a door with a glass window in it.
At least you can talkback and confuse the cat while you’re at work. Doesn’t do fuck-all for safety.
I also recently installed a Reolink system. I have 6 cameras (4 PoE and 2 WiFi) inside and outside my house. It’s amazing. I just set up a raspberry pi to act as an FTP server to backup files to cloud storage.
The TP Link Tapo ecosystem is really good and can record directly onto SD cards. Seamlessly works with Google Home, I can access my cameras outside of the house without signing up for their cloud option.
Thanks for recommending thingino. I’ve seen couple of other projects over the years that allowed swapping out the firmware on cheap Chinese manufactured wifi cams. But thingino is the first one that has support for the cameras I actually own. I stopped using those cameras after I moved over to Unifi. But this might give some of those cheap cams a new life and can probably find some use for them.
If you have cameras the police can get a subpoena to force you to provide what you have saved. If you don’t have cameras, you can’t give what you don’t have.
Yes, but they have to subpoena you. That means process, that means getting a judge to sign it, and it means you can limit scope (i.e., if the incident under investigation occurred outside your home, you're not going to need to provide any footage from inside).
While the OP doesn't emphasize this detail, it says this is a tool that will allow police to request access from the camera owners. Police can, of course, also request footage from the owners of non-cloud cameras, so the legal basis of disclosure -- consent -- can exist in either case, cloud or non-cloud camera.
If you are subpoenaed then you're obligated to respond, and the same is true for Ring. But that's not what we're talking about here. This is law enforcement requesting access, and Ring doesn't require a formal subpoena or warrant. They can decide to comply to nothing more than "someone from a .gov email asked nicely".
It's written out in their terms of service:
> you also acknowledge and agree that Ring may access, use, preserve and/or disclose your Content to law enforcement authorities, government officials, and/or third parties, if legally required to do so or if we have a good faith belief that such access, use, preservation or disclosure is reasonably necessary to:
>
> (a) comply with applicable law, regulation, legal process or reasonable preservation request; (b) enforce these Terms, including investigation of any potential violation thereof; (c) detect, prevent or otherwise address security, fraud or technical issues; or (d) protect the rights, property or safety of Ring, its users, a third party, or the public as required or permitted by law.
So Ring is quite happy to hand over your footage to anyone so long as Ring believes it's "reasonably necessary" to protect the rights or property of anyone.
This isn't about Ring complying with a legal request. This is about Ring undermining the fourth amendment entirely by saying "we'll give law enforcement whatever they want".
The feature discussed allows law enforcement to request access from the end user. It's the end user whose consent is required under that regime, not Ring's.
The feature doesn't exist yet. Ring have said it'll be user consent, but we don't know that for sure. My point is that Ring can change their minds about this at any time without informing you, so it doesn't matter how they say it will work if this possibility is still there.
If you want to have a tangential discussion about how you interpret Ring's terms to permit them to do wild things behind the user's back, that's fine; but it would have been better to be more clear about the tangential nature of your comments. If the terms allow them to do wild things behind the user's back, then they can do those things with or without introducing this feature. And they can also introduce this feature with or without the wild things; and with or without terms of service allowing those things. They're orthogonal issues.
In any case, you're mistaken about what the terms allow. When you paraphrased the terms as saying they can "hand over your footage to anyone so long as Ring believes it's 'reasonably necessary' to protect the rights or property of anyone", you neglected to account for the clause: "as required or permitted by law". Under the Stored Communications Act, 18 U.S. Code § 2702 (b), there is only a short and narrow list of circumstances under which it is permissible for a provider to disclose communications content without a warrant. The most pertinent is an emergency involving danger of death or serious physical injury (exigent circumstances), which is what the link in the OP regarding warrantless and consentless disclosures is about. But exigent circumstances are also a longstanding exception to fourth amendment search protections in general: law enforcement can break into your house without a warrant if there are exigent circumstances requiring them to do so.
This isn't a tangential discussion. Ring has shown they're willing to work with law enforcement without due process, that's the entire point of the EFF's article.
> you're mistaken about what the terms allow. When you paraphrased the terms as saying
I didn't paraphrase. I quoted them directly. Feel free to check them yourself https://ring.com/terms
> you neglected to account for the clause: "as required or permitted by law". Under the Stored Communications Act, 18 U.S. Code § 2702 (b), there is only a short and narrow list of circumstances under which it is permissible for a provider to disclose communications content without a warrant.
There are so many exceptions it doesn't matter. From the same code, (b) (8) states "if the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of communications relating to the emergency", and (b) (7) (A) (ii) "to a law enforcement agency if the contents appear to pertain to the commission of a crime".
>Ring has shown they're willing to work with law enforcement without due process, that's the entire point of the EFF's article.
No, the entire point of the article is the introduction of a new feature which allows law enforcement to request a certain kind of access from end users.
>I didn't paraphrase.
This wasn't a paraphrase? "hand over your footage to anyone so long as Ring believes it's 'reasonably necessary' to protect the rights or property of anyone"
>From the same code, (b) (8)
That is the exigent circumstances exception I mentioned.
> (b) (7) (A) (ii)
Only applies if (i) also applies: the contents "were inadvertently obtained by the service provider".
With a subopena you would be the one unencrypting your disk. Being in comptent of the court usually means imprisonment or daily fine until you comply with the court order.
