I couldn’t find a post in this community about cameras so I figured I’d make one. Requirements:
- No “sign up” required to record video
- Video is stored locally
- Video is in a non-propriatary format
- Can work offline
Optional/Discussion Points:
- Can wireless connectivity be hardware disabled
- Can auto-update be disabled
- Does the device try to “phone home” if it is connected to wifi
- Disk encryption would be nice but I doubt that’ll be an option for anything other than self-hosted stuff
Does anyone know about Lorex (it seems more privacy centered)?
I’m highly technical, so feel free to mention self hosted raspberry pi soltuions as well.
if you’re this concerned about the privacy of your doorbell camera then make your own solution with a raspberry pi. then you’re in full control of the device and data.
anything else can be updated to send video elsewhere, promise privacy features it doesn’t have, be bought out and shareholders demand data mining, or be hacked.
I mean I can and I agree, I was kinda curious if there was a kit or a software stack for it (kinda like next cloud). I did also want this post to have a list of options+tradeoffs but I probably should’ve done a better job communicating that.
I guess maybe the raspberry pi question would be a better for the self hosted community.
Which is once again, the reason why understanding your threat surface properly so that you set up security enclaves which let you get value from cloud services without sacrificing privacy is more important than ever. Honestly, these posts frustrate me a bit. People are going to give up real, tangible security benefits of these modern security services over the spectre of relatively minor privacy issues which can be almost entirely mitigated with some pretty simple best practices that anyone interested in security should be doing anyway.
perhaps since we’re in a privacy focused community, you can share your views on what these “relatively minor” privacy spectres are, and how you would mitigate them?
Relatively minor from the perspective that the actual information which will leak from a Nest camera isn’t really that unique. And as a network device, it’s fairly simple to isolate and secure. The video a doorbell camera shoots is generally of “in view” public space, already visible to any camera. Your identity is already likely tied to the installation address where you’ve paid for the account with your credit card, which is also probably tied to that same address. If these things are not true, then you should obviously defer to your individual threat profile and disregard what I say.
The worst part of it is that these doorbell cameras could provide a state actor with a daily face shot database, but if you control it, then it can also be an adversarial source to that end.
But “minor” for me, is different from “minor” for you. For me, petty crime, and maybe some local cops with beef are a much bigger deal than hiding from the feds. That’s my whole point here. Know your own threat profile. If officer Barbrady kicks down your door and violates your rights, he’s going to take your local video server, but he’s much less likely to get access to some random silicon valley colo farm. Don’t fear the cloud, understand how to use it as a tool within your own threat profile.
Alerts, notifications, person recognition, object recognition, motion detection, two way audio, automated lights, event based video storage, 24/7 video storage, automated deletion of stale recorded video, and more can all be accomplished 100% locally.
Granted, much of this functionality is not easily accomplished without some technical knowledge and additional hardware. However, these posts typically are made by people who state to at least have an interest in making that a reality (as this one does).
What security benefits does a cloud service provide?
Reolink has a doorbell camera that works even with no internet, and can record locally both to SD or to an NVR. No sign up is required.
This. I went reolink specifically for this reason. Everything is local only on the SD card and quality is great.
This is what I went with. For those reading who don’t know how to disable the Internet for their device but still bring able to access it, look into setting up a VLAN to accomplish this.
I’ve been looking for something like this as well. I’ve not bought the hardware yet, but I’m planning to track down a “dumb” IP camera and use an RPi to host a DVR software. Anything that allows you to record to anything but a home server is a service I can’t trust. Right now, the problem seems to be tracking down the camera itself. There’s tons of ~$20 cameras I’m finding but it’s hard to tell which ones phone home to the internet and which ones are local only.
unifi doorbell does this. you are not required to connect it to the internet. it is wifo only though (the doorbell itself)
All unify systems phone home.
I was going to suggest the same. My understanding is it’s pretty secure but does phone home. The video is not uploaded and phoning home is for remote access and log in. It’s expensive, though unless you’re going to be using the other features.
Your options will depend on how much effort you are willing to put in and what other services you have access to (or are willing to run).
For example, do you have a Network Video Recorder (NVR) or something like Home Assistant that can consume a Real-Time Messaging Protocol (RTMP) or Real Time Streaming Protocol (RTSP) video feed? Can you modify your network to block all internet traffic to/from the doorbell? Are you comfortable using a closed source, proprietary app to setup the doorbell? Is creating your own doorbell feasible?
I’m not aware of a doorbell that you can buy which meets all of your requirements without at least one of the items I mentioned above. Additionally, I believe the only doorbell that meets all your requirements is building your own doorbell. However, some other brands that will get close to meeting your requirements are Reolink and Amcrest.
https://smartsolutions4home.com/ss4h-sd-smart-doorbell/
There is a really cool looking diy one using a ESP32. You would need a server to go with it though. But using your own small HA server would give you way more control about storage / encryption.
I always recommend Amcrest for anything related to cameras. Idk about the doorbell since I don’t have that specifically, but the cameras are completely local (no cloud server acting as the relay) and no sign up required unless you use their home app (I use the view pro app to avoid signups).
Reolink doesn’t require signups, but their cameras generally require internet from my experience, as they use their own cloud servers as relays, which would mean they can’t work offline like you’re wanting.
You could just get a doorbell and have a local camera with an ‘on’ event.
I’m trying to get some aspects of the smart home built out but its a lot of doing it myself.
As a tangent, for me the entire utility for this stuff is cloud integration and alerts. Otherwise the only use of the camera is sending your insurance company videos of the break-in. This is one of those places where I am willing to give up a bit of privacy in a controlled way for the ability to get alerts in real time in case I need to call emergency services while away from home. Or tell my wife the delivery driver left the gate open and to close it so the dog doesn’t get out.
To be honest, if you have a good security framework to begin with, there’s no reason why a ring camera is super dangerous.
You don’t have to give up privacy for this, or voluntarily give your data to a giant corporation with a track record of abusing their customer’s privacy and giving your video footage to police without your consent.
I have 5 Amcrest PoE cameras that have been configured to not “call home”. The cameras have built-in web servers that allow you to configure them without being forced to install an app or make a cloud account.
All of the built in detection stuff has been turned off because the feeds from the cameras go to Frigate NVR, which does all of the detection stuff with the help of a Coral TPU. I have it running as an add-on to Home Assistant OS, but it can also run separately in a docker container.
Frigate is set to detect certain things, like “person”, “car”, “dog”, etc. If it detects those things, it records a clip and takes a snapshot. Both are sent as notifications to my phone via a Home Assistant automation. If I’m not at home, I pay $65/year for Nabu Casa, which gives me secure remote access to my Home Assistant install and also helps fund Home Assistant development.
Are you running the cameras by themselves or do you also use the Amcrest NVR? I bought a PoE kit with the NVR but find it very clunky to use and have yet to figure out how to transfer video clips off of it (USB flashdrive only?). I’ve been interested in Frigate and the like but have yet to really dig into it. I’m also running a server with Plex and HA with lots of storage which would work for storage provided I buy a PoE switch.
I only use Frigate. All of the Amcrest stuff is turned off.
Each of the cameras have two video streams. The “live” stream is set to 1080p, and the “sub” stream is set to 720p. The sub stream is what Frigate uses for detection. Here is a sample of what a camera config would look like in the frigate.yml file:
cameras: back: ffmpeg: inputs: - path: rtsp://camera-username:camera-password@camera-ip-address:554/cam/realmonitor?channel=1&subtype=2 roles: - detect - record detect: width: 1280 height: 720
My HA runs in a Proxmox VM with 4 vCPUs, 4GB of RAM and 128GB storage. The VM also has access to a network drive, which is where nightly backups are stored.
By default, the HAOS Frigate addon will store recordings on the host machine (you can define any volume if you’re running Frigate in docker), and you can set “event” retention in the frigate config file - default is 10 days. You can download any clip or snapshot directly from the Frigate UI to whatever device you are using. OR, if your setup is similar to mine, you can pull from backup.
My nightly backup to my network drive includes the frigate folder with the recordings and snapshots, which is also set to retain 10 days/backups, and finally there is a weekly Borgbase backup of that network folder to a server on another continent, so I don’t feel like I need any kind of dedicated storage hardware - normal backup procedures work just fine!
With this setup, CPU usage never goes above around 35% (keep in mind that I have a Coral TPU, which takes all the detection load off of the CPU) and with the configured Frigate retention policy, storage usage for the entire VM never exceeds 50% of the total available space.
This setup has been running flawlessly for almost 3 years now. Detection is immediate, as are the push notifications. Very happy with it!
Thanks for the breakdown! I’ve definitely got some research to do.
Yes, you can obviously build your own version of event detection and remote storage, and then appify it in a way which is secure and ergonomically useful, nobody is claiming otherwise. This requires a considerable amount of expertise to do safely, and additional complexity generally expands your threat surface. For you, that may be fine. I’m pretty tech literate and have a bunch of other self hosted services, but I just don’t think the additional complexity is worth maintaining for push notifications. Again, that might be different for you.
I wasn’t implying that anyone was claiming anything, just attempting to detail a way in which privacy can be maintained while also having push notifications (both snapshots and video). I’m more pushing back against the general notion that it’s “too hard” to maintain privacy while using software and hardware that is supposed to enhance security.
If people think it’s “too hard” to maintain their privacy, they are likely to either give up and not do the security thing at all, or give their data away to a giant corp/cops, which undermines the security they were trying to enhance in the first place.
For the price of Ring hardware + subscription (you need a $20/mo subscription even if you want to use local storage), you can get an entire home automation setup with a robust security component in which everything is local and no data is sent anywhere, except to a device you control, over a secure and encrypted connection.
It’s not even hard to do - Home Assistant is very easy to get up and running these days (this was not always the case), and Frigate is also pretty easy - the documentation is extensive and there are a ton of videos available that cover installation and configuration.
The notification automation is available as a Home Assistant blueprint template - all one has to do is fill in some blanks.
And all of this can run on a Raspberry Pi or even a used $150 SFF Dell or Lenovo machine, or even just an old laptop.
You don’t even need a ton of storage space or dedicated drives - my 5 cameras use less than 64GB of storage in a month, and that is total, ROLLING storage, not cumulative, because you can configure how long each clip is saved before it’s automatically deleted. All of my clips and snapshots are deleted after 10 days. If there’s anything I want to keep, I just download it before 10 days is up.
For longer term storage, I have a simple nightly backup to a network drive, and weekly backup from there to an offsite location, but that’s just me, it would be just fine to save clips to a USB drive or a phone - whatever works.
I’m just saying that you don’t need to compromise privacy to obtain security.
A RPi option is likely your best bet. I’m currently building my own setup using MotionEye and a few Pi Zeros. I’ll be looking into different software since Motioneye is no longer updated though. Just FYI, I’d avoid the v3 camera module for now, as a lot of software doesn’t support it yet and it can’t use the legacy camera stack.
I’m using amcrest cameras with frigate. They work offline, but their doorbell cameras are wireless only, IIRC.
Frigate records and does object detection, so you can get notifications(with photos in the notification) only when there is a certain object in a certain area(like only people in one area, cars and people in another, cats in a third area).
It’s a cheap setup if you already have a server running 24/7. It takes quite a bit of setup, but has been trouble free since.