this post was submitted on 18 Dec 2023
480 points (97.4% liked)
Technology
59217 readers
2726 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Hypothetically I want to secure my home with Cameras…
What’s the best way to do this? OSS preferably.
So, just an FYI, I bought Eufy cameras because I believed their marketing bullshit about being secure and end-to-end encrypted. About two months later they changed how they describe their security and quietly modified their privacy policy. Turns out they're not really end-to-end encrypted and it is possible to gain access to the streams sometimes.
My recommendation, after doing my research is not to buy anything that is able to be viewed remotely. Buy something that stores the video locally, in your home. If possible, buy and install wired cameras.
The most important thing is just to have cameras that are positioned to watch you in bed.
I'm just about to setup TP-link cameras connected to Frigate (NVR software) with a Coral TPU for offline object detection. This means I can block access to internet for the cameras and use a VPN home if I want to watch them.
Zoneminder and any IP camera you can afford.
If you setup wireless you would be best served using a VLAN
https://wiki.zoneminder.com/Dummies_Guide
https://learncctv.com/the-use-of-vlans-in-cctv/
Onvif camera (It's the standard. Any camera that supports onvif will be plug and play). Block the cameras' Mac addresses at your router so they can't get out directly. Install zoneminder on Linux. If you need remote access follow all the guides to securing a Linux server that has ports open to the Internet. (Ssl, tailscale etc.)
Blueiris for Windows is great but it's not open source.
No-internet cameras hooked up to local storage.
For remote access, you could use whatever you want to use for remotely accessing local files.
I use a old phone with IP cam on it, and only allowed local network access connected to my home assistant.
I can view it remotely via home assistant cloud, which is E2EE from instance to phone.
I presume Raspberry Pi Camera is also a great solution. And also I dont put any camera in bedroom or bathroom, because there is no reasonably accessible entrance there.
The first step is to set a strong password.
Not open but https://unify.com/en/
Didn't they just have a security incident where people could access other people's full unifi account including devices?
Correct but that's only if you enable the remote connection through ubiquity, if you have that turned off its all local.
Ah, I wasn't aware there was an option to keep it local. Does that keep your entire site from being remote manageable or just the camera system?
My understanding is that it's all or nothing, but I'm not complete sure.
The security issue you mentioned I think only affected when they handle access to the cameras. I think you can set up a VPN and then turn off remote access on the NVR, so it seems possible to avoid that issue.
That being said that's a lot of work for something they should have handled securely in the first place and doesn't give me much confidence about their security in general.
It's an interesting read since the cause of the issue was something to do with a database change that caused an overlap of groups.