There are selfhosted smart homes fyi
I prefer decentralized ones. Where you don’t even need a server and can simply use service discovery protocols once you’re in the same subnet.
I’m an IT professional, specifically in infosec, and it’s silly to go to those extremes. I have tons of smart home devices, and they’re all perfectly secure since I run Home Assistant and block them from the internet with a firewall.
block them from the internet with a firewall.
Do they tell you in their manual what ports they work with, or is there a website that will let you know based on a product?
The good thing is that you don’t need to know which ports to block. You just set your firewall up to deny by default and then start whitelisting the things you want to allow.
Even easier if you put your “smart” devices in a separate network, then it’s just:
- Allow traffic from home net to Internet
- allow traffic from home net to iot-net
- drop the rest
Now you can surf the internet, control your devices and they can’t phone home
I’m one bad day away from going Amish.
Please don’t start a puppy mill and hitting your partner and shaming your kids. Staying away from too much tech is ok though. Not sure about having a horse, too much work and it is probably as expensive as buying ink for a printer. ;)
Mostly true. I haven’t owned a printer since 2012.
Same for me. I counted how much I was printing in one year, realized that the ink was drying out because I do not print enough and just the cleaning cycle before printing wastes so much of the ink, not to mention the “I can’t print black text because magenta is out”. I now print at the copy shop. A bit less convenient, but it is their responsibility to make the stupid thing work and it is so so so much cheaper. Also I do not need a shotgun in the house anymore :D
Nah, I have a bunch of stuff and couldn’t care less. If someone wants in my home they’ll take out a window. Nobody is zero daying their way past a lock 🤣
And what’s the worst an internet connected thermostat could do, discomfort you to death? If someone got into my Google account past 2fa etc id have bigger worries.
I think that example is probably the most serious one. If you live in regions that go to -40c you most definitely don’t want your thermostat to just stop heating the house.
Whats -40c I only know freedom units. Im guessing its -20f
Coincidentally -40c is also -40f
I know some software engineers like that. Some of it is knowing that the companies that make iot devices don’t give a crap about security. Some of it is plain ol paranoia. Mechanical door locks can be picked does that mean you invest in guard dogs? Crime is a thing but so is misanthropy. I think we should take reasonable precautions but believe that there are more good ppl than bad.
actually good mechanical door locks can only be picked by a handful of people in the world with special tools most of whom are locksmiths
the word “picked” does a lot of heavy lifting here.
Most professional thieves won’t care about damaging your lock. It’s called “breaking” and entering for a reason.
And those locks cost hundreds a piece. A “there is a security system here” sign would do more useful work. And a locksmith will tell you that picking is what you try AFTER you just try bypassing the lock entirely. Aka shim the door or break a window. Exactly what a burglar will do if they really wanted in. You do know that your garage door can be disabled with a coathanger threaded inside and grabbing the release hook, right? Or a jack wedged under with a crowbar, right? Or your decorative gnome in the front yard thrown through a window? Locks are a deterrent.
I have smart lights because I like the light to get warmer throughout the day but that’s it, does anyone have a foss solution? Google is unhelpful.
Home assistant and its various alternatives
Dimmable light switch
At some point, you just realize that in no project, there is enough budget to do even just mediocre security or correctness. And the few projects that actually require certifications for that, they rely on technology so old that it’s hard to believe they’d actually fulfill these criteria either.
And then you realize that you’re already considered an expensive expert. That companies try to further cut down on costs by outsourcing to basically untrained workers or, hell, LLMs.
I hate wireless tech
Except when it comes to desk utilities. God I hate cable management.
I hate cable management less than I hate mice and keyboards running out of charge when I’m in the middle of using them. Why can’t they come in pairs so that all I have to do is swap them out when they’re flat.
Rechargeable Akkus are a thing tho. That’s how I keep mine running.
Mechanical lock manufacturers are a fucking clown show and the very concept is fundamentally flawed. I don’t know if I hate it more than the IoT/cloud bullshit, but it’s up there.
Mechanical locks CAN be designed well. If you put good security pins in there and have decent springs in them and make the exterior of the lock out of a good material they can be way more secure than any digital “smart” lock
Mechanical locks CAN be designed well.
So can even the most superfluous IoT devices, though. It’s just that they aren’t.
they can be way more secure than any digital “smart” lock
Typical mechanical locks are fundamentally flawed. Think of it like this: They are opened by a short combination of digits, represented by the key. There is no lock-out mechanism if someone keeps trying to guess the combination, even if they try many per second and there is no user-friendly way of resetting the combination if it has been compromised.
The tolerances, even in good locks, have to be high enough to enable attackers to guess the combination digit by digit, not as a whole, significantly reducing the time needed to guess it. You can try to mitigate this a little with special pins and weird key ways, but it’s ultimately a necessity, otherwise the lock would constantly fail to open or even break.
When you have a master-keyed system, the digits represented by the master key (the root password, essentially) will always be lower or equal to any non-master key you find. This, too, can be exploited, allowing an attacker to safely derive a master key from any other key in the system.
Also, keys can be reproduced from photographs. That alone is a disastrous flaw. Just imagine the CVEs that would be written about the flaws above, and the manufacturer’s response. “But you need skills for that” is never an excuse in the digital realm, it shouldn’t be in the analog either.
Meanwhile a well-implemented digital lock has all the important components on the other side of the door, exposing only a contactless card reader to interact with. The cards or tokens aren’t dumb data storage, they support public/private authentication, meaning they can not be copied by someone walking up to you with a high-powered reader. There is no port to connect to, no pins to jiggle, just a dumb NFC reader that you can’t even open non-destructively.
Has OpenWRT but doesn’t know how to stop smart home gear from leaking data?
Back to school for this fella
I’d argue that most simply cease to work once you cut their Internet access.
This is exactly what I’m implying.
Where internet access is concerned, deny all and whitelist. Not a single company can be trusted to not constantly call home with your data.
Well you’d still end up with no smart home device tho…
Sooo basically the meme but with extra steps
If they can’t access the internet, the whole meme is irrelevant. I think you missed the initial point I was making: someone in IT should know how to safely use devices that try and steal your data.
Choosing to just not have any is akin to choosing not to have any central heating because you’ve heard about gas leaks. It’s moral panic and evidence of a lack of understanding, not good advice.
Its funny because I get the same impression about you.
Maybe you missed the point, that you can’t USE them.
“no you”
What an enlightening comment. You have nothing to add, so begone.
Well, one could say that about your previous comment where you basically say " u stupid, I right" 😂
