Private security footage is nothing new to criminal investigations, but two factors are rapidly changing the landscape: huge growth in the number of devices with cameras, and the fact that footage usually lands in a cloud server, rather than on a tape.
When a third party maintains the footage on the cloud, it gives police the ability to seek the images directly from the storage company, rather than from the resident or business owner who controls the recording device. In 2022, the Ring security company, owned by Amazon, admitted that it had provided audio and video from customer doorbells to police without user consent at least 11 times. The company cited “exigent circumstances.”
I love technology but I don’t ever see myself installing a camera in my house that connects to the internet like this. It’s literally big brother…
I give my cam access to the internet when I travel. Outside of that it’s LAN only.
Luckily most NAS’s have software that can capture it and you can back it up to the cloud encrypted.
do you mind sharing a basic explanation about your setup? i’m looking at doing something similar with TrueNAS and NextCloud.
One way to get access, rather than a cloud solution, is to use a mesh network solution like WireGuard/Tailscale (and I’m gonna mention Hamachi on Windows, because I’ve used it since about 2005).
These solutions create an encrypted virtual network between devices that’s runs on top of whatever network you’re currently on.
In this way you’re never exposing you’re internal resources, in any way, to the internet*. Only other devices that are running the client app, using your encryption keys.
I’m currently running Tailscale on a desktop at home, all our mobile devices, and a Raspberry pi. I can connect to SMB shares on my home desktop from my phone, wherever I am.
I’ve kept my laptop in sync with my desktop at home this way (using Hamachi) since ~2005.
This approach means you’re always using LAN connection methods, rather than relying on a cloud you don’t control.
*With Wireguard/Tailscale you can expose specific resources to the wider world, but you have to specifically configure it.
Ah, yes. Tailscale. That’s a pretty obvious solution that I hadn’t considered… Thanks for the recommendation.
I’m just glad to have it. I used Hamachi for years and have been looking for a mobile client since 2010.
Glad Wireguard/Tailscale stepped up and are developing more.
That might be something I would consider but I doubt I have the know how
With Tailscale, very little know-how is required. Install the app on 2 devices, see it in action.
Depending on your home devices, you may need to enable Subnet Routing on a device that can run Tailscale, since the DVR/NVR may not have the capability.
A Tailscale Subnet Router will route Tailscale traffic to the LAN on which it resides, so you can access devices that can’t run Tailscale. For example, I’ve printed to my home wifi printer while remote. I’ve also used it to access a computer that didn’t have TS installed yet because I’d just set it up, and a digital photoframe that only supports SMB. My subnet router is a Raspberry Pi, because it’s always on. But it used to be my Windows desktop, because it’s always on.
Tailscale documents it all pretty well. You install your first client, in the process creating a TS account (which is used to automate the encryption key management). Then install to your second device, and ta-da, you have a TS Mesh network.
To enable Subnet Routing, you open the management console via one of your TS clients, it’ll open in a browser. Pick the device, check the box for Subnet Router, select the network (it’ll be a choice, only one, because it’s only on one LAN), and Bob’s your uncle.
Obligatory reminder that just getting into a car (or walking past one) is considered by pretty much every car manufacturer to be acceptance of their privacy policy:
Said it in the other thread but: that isn’t legal.
You’re right but it reminds me of that cop that killed that fumigator guy in Arizona. Total cold blood murder and that was illegal as well. I used to always tell me dad “no they can’t do that” and he would look at me serious as fuck and say “They are the government they can do whatever the fuck they want” its the same idea with rich companies they steal wages and kill workers through incompetence or lax safety practices all the time and sure its illegal but that doesnt matter when you can do it and face no repurcusions anyway.
Yep.
Legality is on paper.
The perks of being an electronic security installer and wiring up your own house with a real system with a dozen PoE cameras and a local NVR under your control only…😋
Stay away from the Harry Homeowner cloud-connected lick-and-stick BestBuy bullshit.
Gimmie some brands then…
I use unifi. I have their dream machine (router/firewall/vpn) a POE switch, two access points, 5 cameras and their doorbell. I rarely have any issues.
Do you have particular recommendations? I somehow landed on Reolink as the option I’m going to buy in a few months
If you want something easy but not necessarily the cheapest, UniFi will do.
I like UniFi but they aren’t inexpensive and to really make them work you have to go balls deep into the UniFi ecosystem. I HAVE that ecosystem and still went with Reolink for my cameras.
Yeah they’re not crazy expensive but not cheap either, and I’m not a fan of Ubiquiti as a company. There are definitely better alternatives, I just don’t know anything that somebody who’s only used shitty cloud connected garbage could jump right into
Probably avoid anything by Hikvision if you don’t want to risk having Chinese backdoors in it. My own system is just a hodgepodge of different used cams I pulled off job sites. Just need to make sure they can do ONVIF and they should be compatible with any NVR out there.
If the cameras are on a private network with no routes to the Internet a backdoor doesn’t really matter. I would still avoid untrustworthy manufacturers.
Reolink is perfectly fine. They can be setup with or without internet, just remember to put them on their own VLAN that doesn’t have Internet access. If you don’t want to use the Reolink NVR then build yourself a frigrate box or similar.
Mine don’t have internet access and I can watch their feeds directly when I’m home and through my Home Assistant rig when I’m away.
Bit expensive, but I run all Ubiquiti network and camera equipment.
I’m using Reolink and highly recommend it. Without a doubt the best bang for your buck. I bought a bundle on Black Friday a couple years ago with the 2TB NVR and 4 cameras (5MP POE) for a couple hundred dollars, and I’ve since expanded to 6 cameras.
I’m in the process of setting up a NAS, so hoping I can get reolink backed up on it for easy access.
Ubiquiti used to be the only one I knew about that I could host and block internet access. Is there anything else these days? Ubiquiti stuff is kinda shit these days.
Someone set off a bomb close to my house. Police asked me questions about it (time, what it sounded like, etc). They noticed I had security cameras and inquired what I had. The dumbfounded look when I said Ubiquiti (they’ve never heard of it) and that all footage was recorded locally on a hard drive. Like they didn’t understand what that meant - obviously they were looking for an answer such as “google” or “amazon” so they could just circumvent me.
I have their routers and stuff! It’s way overkill but I was having such major issues with the all in one routers one usually gets.
I had one of those Vivent door to door folks walk up to me one day, garage open. I was polite enough but explained I had no interest in storing a video feed of my house on their servers as I’d like to do illegal things if I want. They assured me it was stored with “aes256 encryption” - which they expect most laymen to be wowed by - but what good is encryption if they own the keys and crumble to government requests?
But they still won’t catch the delivery packages thieves.
You should always assume any camera to be hostile, unless you have full and complete control over all related software and connections.
Basically, the people who supplied the device will always have more control over it than you do. And big tech just looooves to abuse that and/or cave in to pressure from governments and police agencies.
Sadly there’s little option for some stuff. Robot vacuums have become super useful, even if they are arguably the biggest security risk that exists. And that will never change, no matter how capable the products get
There are open source solutions for robot vaccums provided you get a compatible robot
Unfortunately it’s not something the average person’s going to undertake.
I’m trying real hard to develop advocacy for this stuff. I think there’s a genuine business to be made helping people use privacy-respecting stuff like this.
What we need to do is organize and push for a right to privacy rather than work around the system in place.
Por que no los dos?
The reality is tcp/IP was intentonally developed without encryption built in. So we’ll always have to look out for ourselves. And there’ll always be bad actors, with government and politicians being top of the list.
Trust, but verify. Do you just go when a light turns green, or do you check and verify other cars running a red first?
I’d rather look out for myself and know where my risks are, than trust that bad actors will follow the law.
The link doesn’t work, but I just found out it’s actually supported on mine! Although I probably won’t mess with it, since I’m not alone here
Thanks for the heads up, fixed the link.
Why would you consider robot vacuums to be particularly dangerous in terms of security? I’m certainly more weary of things like Google Nest, Amazon Alexa, pet cams, doorbell cams, that sort of thing.
I know that some but not all vacuums have cameras, and I’d assume some might have microphones as well. But in general it doesn’t strike me as inherently more dangerous to one’s privacy.
A lesson for people that think proprietary internet connected cameras are a good idea. You can literally make open source cameras with a SBC like raspberry pi as the controller. And then using a VPN, you can connect to it from the outside.
Sadly the average person buying such proprietary cameras does not possess the technical know how for that. Also the average person buying those ultimately also does not care about privacy, unfortunately. They definitely should, but they usually don’t.
You can also use proprietary cameras but put them on a separate network segment or otherwise restrict their access so they can’t get out of your local network.
Not ideal to use proprietary cameras at all, but if you are doing then that’s the way to do it.
yeah, if you can’t find FOSS cameras, I’d recommend getting a good old CCTV connected to a device that does not have internet access.
Sadly, since our country is governed by dinosaurs, the responsibility falls on us to help our friends and family avoid sketchy cameras that force the use of their cloud services.
At least until we can convince them to elect people who weren’t born before computers were invented.
Does anyone have a rec for something you can buy and selfhost beyond a pi setup?
Any closed circuit security systems, ones that aren’t cloud based will come with an NVR (like a DVR) that hosts your recordings locally. Most are wired but some support wireless as well. Generally more expensive but in my opinion worth it.
My mom bought a simple setup for I think 3 or 400 dollars at Costco.
INAL but law enforcement can still request or subpoena your video if they suspect a crime has been witnessed by your cameras AFAIK. But at least you’ll know about it.
Thanks! Very helpful to start looking!
For “commercial but free” There is AxxonOne (was AxxonNext) But free only allows 4 cameras. However this is better than all the FOSS choices in terms of what it can do (and so it should, more than 4 cameras or face detection, fire etc costs money).
For FOSS there is:
- Frigate
- Shinobi
- Zoneminder
- iSpy
- Viseron
- Moonfire NVR
- motionEyeOS
Lots of options but you will need some baremetal or a decently powered server and hypervisor to run in a VM.
deleted by creator