[afandian]

That's kind of like saying "how would you make a car without wheels?". It could be that inherent in the idea of making object X are privacy concerns. The fact that the privacy concerns are intrinsic to the object just means that you have to call the whole object X into question when discussing them.

Your question seems to suggest a sentiment like "there isn't any other way to do this, can you think of one?" but there is, and it's not to do it at all.

(I'm not taking a position on the Nest device, but this comment just seemed a little like a cognitive bias similar to anchoring)

[dguaraglia]

Exactly! And I'm OK with people taking the stance "if it's not 100% private and my video needs to be sent over the internet, then I don't want the camera".

You can either have a camera that keeps a safe copy of your video in the cloud and detects unexpected activity happening in front of your camera, or you can have one that is 100% private and doesn't upload video to the cloud. You can't have both. At least not without having a huge setup in a secured room inside your home.

I understand the privacy concerns, I just argue that you can't have the ideal service without getting over them. At least not with current technology, and probably not without the right economic incentives to build a stand-alone system.

[bloomingfractal]

What about doing all processing locally and storing only end-to-end encrypted data in servers?

[dguaraglia]

Not really an option right now. The current generation of cameras out there are basically a Raspberry-Pi level computer with a better camera and a hardware h264 encoder. The moment you start doing something fancy, like running any non-trivial motion-detection algorithm, you are bound to run into performance or thermal (read: overheating) issues. Let's not even talk about machine learning.

Just think how much money Nest would save in server time with such a setup :)

[lazaroclapp]

My intuition says we are not anywhere near there yet, but do you know if any video processing algorithms exist that can reasonably be executed on encrypted data? Basically, I know fully-homomorphic encryption is ridiculously inefficient in the general case. At the same time, I know of specialized homomorphic encryption algorithms that can operate on encrypted data of specific formats. There are efficient-ish algorithms for encrypted (social-network-type) graphs, and encrypted vote ballots.

I was wondering if you or anyone in your team has come across any work on privacy-preserving encrypted audio/image/video processing? I assume this is a very hard problem, but I imagine someone has tried looking into it.

[dguaraglia]

I'm not really the person to answer that (I'm a lowly software engineer keeping the cogs greased m'lord!) I know at some point Larry (https://github.com/lwneal) was looking into that, at least cursorily. I'll refer to him as the authority on anything encryption-related at Dropcam (or anything, in general. Brilliant guy!)

[pdkl95]

Isn't HN supposed to be a forum popular with entrepreneurs? You sell the high-computation device as an optional extra.

    For full privacy, buy our turn-key home server!
    (optional video display available)

    If you're the DIY technical types who already 
    runs a home server, may prefer our inexpensive
    software package that provides most of the features
    at much lower cost (some assembly required).

(or something like that)

The idea that a remote network is somehow a requirement is patently absurd.

[dguaraglia]

People overestimate the size of the hobbyist/geek market. Sure, in the Valley everyone and their dog can configure a NAS using a terminal from their latest generation iPad, but that's not the case outside of the Bay Area. I'd suggest you go to Sacramento and ask people on the street if they even know what a NAS or home server is (I once was dumb enough to start a startup there... you are one hour out of SF, but when it came to adversity to technology you might as well be in rural Alabama. This is the capital of California we are talking about!)

Providing these "geek-to-geek" options (term isn't mine) looks like a great business idea when all your friends would use it. But again, the financial incentive is not there if it takes equivalent (or even less) effort to design something that can be used by millions of people instead of hundreds of thousands.

[pdkl95]

> I'd suggest you go to Sacramento and ask people on the street if they even know what a NAS or home server is

Does Woodland count? I'll ask a few people.

/me steps outside

Well, my landlady and a few neighbors know what they are. You'll have to wait until tomorrow for Sacramento, but I've talked to a lot of people in that area too and very few would have had a problem with my addon server.

If you treat people like idiots, they will respond in kind.

> "geek-to-geek" options

I may have included a geek option (the source code), but a turn-key server isn't any harder to setup than Nest's current devices.

You think people can buy and install Nest's current thermostats, but won't be able to install a turn-key local server that needs literally the same WiFi information?

> the financial incentive is not there

Is this a euphemism for "cannot monetize their data"?

[bloomingfractal]

I see, Thanks for the insightful answer! Regarding machine learning it would be nice to be able do the training in your desktop/laptop when it's idle or something like that.

But it's very good to know this is a technological issue (as opposed to a business issue). Well, hope you smart folks solve this. Meanwhile, I'll keep tinkering with my raspberry pi and raspberry pi camera :)

[detaro]

Can you share any reference on what the Nest servers actually do that a smartphone chipset isn't capable of? Various apps manage (from my limited knowledge about the field) quite impressive things.

[dguaraglia]

Can't really discuss specifics, but training machine learning models that share data between all your cameras would be pretty difficult, for example. Also, the lifespan of the processor would be highly reduced if you were constantly hammering it (thermal implications, etc. etc.) Again, in a few years that might not be an issue anymore :)