What do you guys think of the idea of smart homes? I could make a basic setup using https://home-assistant.io to control my home temperature and lighting; the tools for doing this are everywhere nowadays and implementation doesn’t seem too horrific anymore.
But setting aside what I “can” do, is this something that I “should” do? How can a person implement this without connecting any devices to the internet?
Smart homes sound good in concept and I’d love to have one if there weren’t so many risks. But an entire home that can be controlled via computers just sounds like an opsec nightmare. Obviously there’s the plus that your average technologically illiterate granny isn’t going to be using these so it will most likely have strong security systems. But hackers love a challenge.
And a whole neighborhood? A systemwide attack could happen disrupting entire swaths of a city’s residential zone. Imagine showers suddenly spraying boiling water, targeted attacks on epileptic individuals with flashing lights, temperatures dropping to below freezing or up to dangerous levels of heat or lightbulbs overloading sending broken glass everywhere, speakers bursting eardrums.
Not to mention more subtle dangers of such voice activation systems being accessed by malicious actors, or more likely, corporate concerns. Someone gangstalked or targeted by powerful people who could just court order one of these smart home companies to hand over the data and they probably will without fuss.
The attack surface of a single electronic device is massive, with dozens of different apps and services, each with different system vulnerabilities to exploit that’s already hard enough. But just imagine the attack surface of an entire home! Everything from the LG Flatscreen in your living room, to the temperature control systems, to your Apple Smart Toaster can be hacked to gain access to the rest of the system. If any one of those isn’t completely secure (which of course is a pipe dream) then it could be the gateway to a smart home hacking story on a Defcon panel.
And finally, what’s stopping the company from just updating the software for your smart home and paylocking features like “Uh yeah, you need to pay 12.99$ a month to have your cctv cameras work.” And because all the framework that runs the systems is being hosted in proprietary servers, you can’t do shit. And you can’t host your own servers either. Does this sound familiar because it should?
To be fair, many of those problems are things you can mitigate by picking the right vendor and staying away from anything that needs to phone home or use the internet
What’s stopping the company from just updating the software
The fact that I buy zwave stuff designed never to connects to the internet
And you can’t host your own servers either
Home Assistant says otherwise
This. I have been slowly building my smart home for the last 4-5 years, and I’ve yet to have a dead piece of equipment outside of a failed plug-in outlet. Since i do run everything through home assistant, there isn’t really any worry on my end up about longer term support, and if something does break in 10 years then whatever, I got 10 years of automation and a fun hobby and I’ll just replace it with the switches and shit that I took out to begin with. But because my house is now built around zigbee and home assistant, the only thing I actually have to worry about is HASS going away.
I mean, sure, I’ll probably upgrade to other things over time anyway, but that is the nature of technology. I mean, I’m sure these articles have been written but this thread is the equivalent of “laptops - computers are already fine, isn’t it just going to be a headache to carry one with you?” Ditto for modern mobile phones.
Yeah, my favorite part is the stability, honestly. I don’t have my HA instance facing the internet in any way, only accessible via my Nebula overlay network. No pressure to update the OS regularly or expect that I’m suddenly going to lose features because some big tech company decided they wanted to paywall or disable it in an update.
The fact that I moved earlier this year and was able to bring my whole smart home setup with me, and have it working at the new house before we even had an Internet connection is just golden.
I’ve been using Home Assistant for a while now. I do recommend setting up a VLAN that can’t communicate with the internet which is where any wifi devices live. However I really like ZigBee and/or Z-Wave devices as they don’t require any internet connection.
Lights alone are a game changer. Timers never really worked well for us because we’re pretty far north of the equator and sunrises/sunsets have a pretty big swing. I currently have the lights come on 1 hour before sunset so it adjusts to this swing without me having to do anything. Then I have a button on my nightstand that turns off all the lights that aren’t night lights.
The downsides are that it can be expensive. You start with a couple of light bulbs, maybe a couple of outlets, next thing you know you are pricing out how much it will cost to change all your switches and trying to figure out if they all have neutral wires or not. You’ll start watching youtube videos of people’s setups and looking for ways to do more with your smart home. It’s a fun hobby but can be a lot of work.
I like that the ZigBee and z-wave devices don’t need internet, but the biggest reason in my opinion is the relay function where they extend the network, and the binding options so they work even if your hub or wireless goes down.
Smart homes in centralized hands, such as Google? Nightmare.
Smart homes controled from your home, like home assistant? Awesome. I have home assistant and done some lights, water sensor, even my security cameras. It’s a lot of work, but it works so well it’s crazy.
I sorta wonder about these when selling the house to the next person. What if a little old lady buys your house?
As others have said, you can sequester IoT devices to a VLAN that has no internet access. Most of the common devices (lights, switches, sensors) added to smart homes work perfectly fine without access to the internet. Voice assistants are the biggest security/privacy hole since all commercial options are from big tech companies and phone home constantly. If you set up a local homeassistant instance you can get a ton of functionality out of smart devices with no direct connection to the internet. You need to decide how you handle accessing homeassistant from outside your home if that’s something you want but there are plenty of options to choose from for that.
One thing I will say that I refuse to add to my home is any kind of smart locks. No matter how much I trust my security setup, I don’t trust it with the ability to unlock my doors. If there was one that could only lock them electronically but required being manually unlocked, them maybe. But I haven’t seen a lock like that out there.
Agreed on all points.
I just wanted to add that I’m very glad smart locks exist. My friend with cerebral palsy can now secure his home with a lock and be able to get back in independently.
In general, smart devices are huge for him, and others with physical disabilities.
Also, I should say that I really enjoy the convenience of having Google Assistant in the house. Verbal timers, alarms, reminders, podcasts, and music mostly. Those and the pirate FireTV Stick are our only devices to date. I just don’t care enough to put the legwork in to getting IoT set up. Switches are fine.
That’s great that they help your friend like that! As someone that doesn’t face any kind of accessibility issues myself, it’s easy to overlook those kinds of benefits that these devices can provide. In situations like your friend’s, I’d agree that any potential security cons are outweighed by the pros (especially if the alternative before was having to leave the doors unlocked anyways).
Agree on the convenience of voice assistants. I’ve got various models of Google homes in my house that I use for voice controls on anything I don’t have a good way to truly automate. Different people will have different tolerances for how okay they are with the data things like that can gather. One day I might try to set up one of the local network voice assistants but those can take a lot of work to get just right. Always a tradeoff of convenience and privacy.
Oh that’s interesting. Does Google Home work on an unconnected VLAN for lights? I use it for lights and kitchen timers. I don’t see myself adding anything more complicated or invasive though.
I don’t think Google home would work without an internet connection. I believe google devices and the google home app expect a connection to Google’s servers.
I personally use homeassistant to control everything without an external internet connection and I know you can lock Philips Hue lights off from the internet and the official Hue app will still work.
Smarthome well done is good and I think it will be necessary to tackle some challenges of the future - we need smart solutions to use ressources much more efficiently.
But: 85% of all smart home products are neither smart nor good. They are glorified remote controls. Nothing more.
AMAZON ALEXA IS NOT A SMART HOME PRODUCT.
A smart house doesn’t need you to use your phone/voice/etc. to turn down the blinds or switch on a light. It knows when the blinds need to be where depending on your location, the weather (blind based cooling in summer, heating in winter), the time, etc. It inherently doesn’t need a internet connection to control itself - it only does need the internet to expand its knowledge of the outside world,e.g. by getting disaster alerts, weather forecasts or off-site-location. When done this way there isn’t much “hacking” that can be done. There aren’t many components that can turn into botnets.
This is all possible for ages and it is all easily achieved - KNX and other systems are good examples. Matter can possibly achieve that. But currently it’s the big hype to call everything that can be voice controlled smart.
For fucks sake. It takes me longer to say “Alexa turn on the living room lights” than to do it myself or use a Clapping sensor from the 80ies.
