[EthicalSimilar]

Did you look into Scrypted? It is OSS. With HomeKit (which is how I use it) it is also E2EE. I’m not sure if their app is E2EE though, I only use HomeKit.

It’s pretty good and has an extensive ecosystem. The dev can be a bit… feisty though.

It’s very performant and easy to setup. I don’t use the NVR features as I already have an NVR, I essentially just use it for HomeKit integration of my cameras + doorbell.

https://github.com/koush/scrypted

[arrdalan]

I'm not familiar with Scrypted unfortunately. But thanks for the pointer. I'll have to study it to understand its security and privacy implications. I skimmed the docs very quickly but couldn't find info on their use of encryption.

About HomeKit: yes, HomeKit uses iCloud end-to-end encryption (https://support.apple.com/en-us/102651) and is certainly superior to those systems that don't use encryption at all or just use encryption between the device and their servers. But Privastead has two advantages:

1) Privastead uses MLS for end-to-end encryption, which provides forward secrecy and post-compromise security. iCloud's end-to-end encryption does not. So what does that mean? This is from the link I included earlier:

"If you lose access to your account, only you can recover this data, using your device passcode or password, recovery contact, or recovery key."

If an attacker manages to access your password, recovery key, etc., they'll be able to decrypt all your videos (assuming they have recorded all your encrypted videos). Such an attack is not possible in MLS. Similar to the Signal protocol, MLS uses double ratchet and there is not a single password, recovery code, key, etc. that can decrypt everything.

2) The HomeKit framework and iCloud end-to-end encryption are not fully open source as far as I know. Therefore, we simply have to trust what Apple says about their security and privacy implications. That might be okay for some users, but not others. Privastead is and intends to remain fully open source. IMO, being open source is a critical component of any security/privacy solution that would like to gain users' trust.

[cvwright]

I’m not sure that 1) is such a win for MLS here.

If I lose my phone, I want to get all my security footage back by entering my passphrase etc on my new phone.

In other words, I want the “encrypted cloud storage” security model from [1], not the encrypted messaging security model from Signal etc.

[1] https://eprint.iacr.org/2024/989

[arrdalan]

Interesting. I think the usage model provided by Privastead is reliable enough (at least for me). I have access to my videos on my phone. If losing the phone is a concern (which should be rare), we can easily add a feature that keeps a copy of the files in the hub too.

[amluto]

> It is OSS.

Barely. A lot of functionality is gated behind the NVR plugin, which is closed-source and fairly expensive.

> easy to setup

In my experience, it’s easy to set up. But it’s extremely configurable in all the wrong ways and quite difficult to configure in the ways that one might actually want to configure. And the front end is not fantastic IMO: event filtering is extremely weak and scrubbing is bizarre.

[corytheboyd]

> But it’s extremely configurable in all the wrong ways

Damn that feels exactly like my experience with Zoneminder. I’m sure it is decent software under the hood, but the UX is downright hostile to anyone who just wants to get IP cameras to do very basic motion detection to record some full resolution footage, which feels like the major, obvious use case that should be optimized for.

I am thankful for OSS existing in this realm, but why do so many solutions make the same mistakes? Am I crazy in thinking that a good out of the box experience is important? Is some critical part of the formula locked behind private walls? Something else? Genuinely curious.

[amluto]

I suspect there’s a tendency by the kind of developers who make fancy open source projects to expose all the awesome nerdy power of their software. Have three different motion detectors? Expose all of them! Make them plugins! Have “extensions”! Have components provide “things!” Make a UI for all of that! It’s especially nifty when the UI looks just like the code structure.

But making a good UI for defining object detection zones is hard, so the very first thing that works at all sticks. Or, once you’ve carefully optimized by using the camera’s built in motion detection and having all the streams you could want, supporting software motion detection is an afterthought, and making it configurable in any useful manner is even more of an afterthought. After all, all the cameras you actually use personally have built in detection that works well and also have so many built-in RTSP streams that you never actually had to optimize for the experience of using a camera with a single stream, a somewhat defective implementation of ONVIF, and entirely unusable motion detection. So you make it work, but only using plugins and extensions, and it never becomes pleasant.