Modern IoT is a privacy nightmare. Smart plugs, smart bulbs, and voice assistants routinely send your data to off-site cloud servers for opaque processing. Most IoT is just low level spyware
HomeAssistant feels like the solution, for folks who can fit IoT into their threat model. It’s a local server that replaces the cloud server for commercial products, and integrates will a broad range of WiFi, ZigBee, and ZWave devices. Not dependent on cloud servers, can run fully local. Regular outside security audits. Open source.
But, I don’t see it recommended by PrivacyGuides.org… is there a severe privacy (or security) concern behind this omission? Or have we, as a community, simply not yet begun to look for privacy-minded IoT solutions?
I suspect a real smart home is limited to tech nerds which are a small majority. Most people just get an Alexa and a smart plug and call it a “smart home”. Currently I am using Smartthings as I am invested in Samsung devices, but I am going to move to Home Assistant for the aforementioned reasons and the fact the app is available on F-Droid. Home Assistant is also compatible with a lot of interesting plugins so its great for tinkerers.
There are no privacy problems if you do everything correctly, but it’s impossible to recommend something when you can’t make simple and clear instructions for it. So, you really have to treat it as a hobby, because there’s no other way to justify the time and money it costs you. And don’t even try to explain it to anyone.
I could be wrong (I seem to struggle with the forum search) but it does not seem like anyone has ever made a tool suggestion for it. It can’t be recommended if it was never considered.
Yeah for sure. I do consider a recommendation from PG to be an authoritative indication of trust. In the absence of a rec, I just like to take a pulse on the forum, give my own conclusions a crowd-sourced sanity check
I really wouldn’t suggest adding Home Assistant. There are at least hundreds of things you can do wrong if you focus completely on privacy, and a group that supports the topic better can be found on their own community forum. In my opinion, PG would only have things to lose in this matter.
Although, I would personally be happy to hear about other people’s security setups (cameras, etc.) because I have just started with it.
Edit: I’m not opposed to the idea, but I ended up with this conclusion.
Thing is, we are on privacyguides.org and not selfhosting-guides.org, which is why it doesn’t have all the bells and whistles that you could find from that github link above.
Self-hosting your own solutions requires advanced technical knowledge and a deep understanding of the associated risks. By becoming the host for yourself and possibly others, you take on responsibilities you might not otherwise have. Self-hosting privacy software improperly can leave you worse off than using e.g. an end-to-end encrypted service provider, so it is best avoided if you are not already comfortable doing so.
So nothing against HomeAssistant but at the same time, nothing against the other 500 available tools either.
They are just not accessible to the first non-tech savvy user that would like to have a straightforward answer for a better email client without the need to spin a Docker/Proxmox on their homelab.
The team is mostly focused on curating a few very qualitative tools/services that solve a given problem that your average digital user might face at some point.
But yes, you can self-host 100% of what you’re using on a daily basis haha, just not super accessible.
I’m talking about self-hosting in general, not specifically Home Assistant.
Also, even if it gives you a good start, you might still need to get your hands dirty in the terminal with it sometimes.
Definitely this. Home Assistant is great if you want to integrate IoT in what I believe is more privacy respecting rather than phoning home. But this now leaves you responsible for the security of this system. As mentioned, this may be more of an issue if you don’t know how to secure a LAN network (or even more so if you want to remote into your LAN).
This attitude is one of the most attractive elements of this community - welcoming to all.
Private, secure alternatives to corporate spyware will never catch mainstream momentum if it isn’t available to the masses. Us techies can do some amazing stuff with some backend programming, but the civilian with no tech knowledge also needs a pathway to come aboard
Tying back to the thread, it seems as though HomeAssistant is endorsed as a strong, privacy-focused option for local IoT. But the self-hosting element makes it a tool more tailored to techies - uninitiated civilians risk confusion, error, and risk when configuring a local server. Thus its omission from the PG recommendations, which are more focused on low-risk first steps towards reclaiming digital privacy
It seems like home assistant is clearly a better privacy option then not using HA with IoT devices that could integrate with it. Which to seems like reason enough to consider it, especially with how prevalent IoT devices are.
PG also has a self-hosting section so I am not sure how much water this argument really holds.
If we’re not supportive here, I’m not sure we can be haha.
Yes, the Open Home Foundation is indeed very heavy on privacy and ownership of any bought devices. They are also not shy when it comes down to highlight poor practices from companies on their blog.
The foundation also tries to make it as accessible as possible to people but tech is quite a complex and moving topic that it’s hard to find a size fits all kind of product that is widely used by the crowds without a huge financial backup.
The balance between FOSS indie developers and huge corporations is also hard to find when it comes down to price, stability and ease of use.
In an ideal world, all companies would make interoperable devices that could work offline and that would never require a subscription but who wants to have a business model based on a 40$/month Patreon donations rather than stable monthly paid subscriptions?
Very much yes , never said the opposite.
It’s pretty much the only way to reclaim your ownership on all the IoT devices.
Yes, I mention that in my own post too.
Was mostly stating that on a security + privacy forum as privacyguides.org, you would mostly expect to talk about those 2 topics and not “best BBQ sauces”, “how to selfhost your Philip Hue bulbs” or “how to turn off the wifi of my router during bedtime”, you have other forums/communities for those specific topics.
, never said the opposite. 