Yeah no. As a former IT guy the last thing I want is be tech support for my family’s light switch

I’ve been using smarthome stuff for quite a while now, and my conclusion is this:

• You absolutely have to stay local. Home Assistant is the only software I know that can pull that off at the moment, but never ever use commercial devices that have to talk to their servers. Once the servers are down or your internet connection is down, those devices are just bricks, and you don’t want that at home.
• The setup is only really usable by the person who set it up. If you’re living alone that’s fine, but anybody else will have a hard time tapping in your secret code to turn on the lights. All trained behavior like pushing a light switch to turn the lights on and off are violated in a smart home, even if it’s just because the delay between pushing the button and the lights going on is increased by 100ms.
• You have to monitor battery levels of sensors and replace them to keep the system working. There are dozens of coin cells in your home, they are going to run out eventually (after a few months).
• Have a fallback mechanism when the network goes down. It’s not great when you can’t turn on the lights to check why the WiFi router isn’t responding.

Smarthome well done is good and I think it will be necessary to tackle some challenges of the future - we need smart solutions to use ressources much more efficiently.

But: 85% of all smart home products are neither smart nor good. They are glorified remote controls. Nothing more.

AMAZON ALEXA IS NOT A SMART HOME PRODUCT.

A smart house doesn’t need you to use your phone/voice/etc. to turn down the blinds or switch on a light. It knows when the blinds need to be where depending on your location, the weather (blind based cooling in summer, heating in winter), the time, etc. It inherently doesn’t need a internet connection to control itself - it only does need the internet to expand its knowledge of the outside world,e.g. by getting disaster alerts, weather forecasts or off-site-location. When done this way there isn’t much “hacking” that can be done. There aren’t many components that can turn into botnets.

This is all possible for ages and it is all easily achieved - KNX and other systems are good examples. Matter can possibly achieve that. But currently it’s the big hype to call everything that can be voice controlled smart.

For fucks sake. It takes me longer to say “Alexa turn on the living room lights” than to do it myself or use a Clapping sensor from the 80ies.

In theory it’s awesome, but in practice it’s a Black Hat heaven

Using home assistant since 2017. As you add stuff there’s more synergy, like a network effect. I have automations and services that:

• Adjust the bathroom floor thermostat according to the prevailing hourly energy price

• Adjust the colour temperature of lighting during the day so blue light is reduced in the evening, allowing natural melatonin production to function

• Announce on a local speaker when our child gets to school in the morning using their phone location

• Operates festive lighting in the winter with reference to sunset and sunrise

• Turns off all lights when leaving; or sometimes if I’m feeling more paranoid

• Replays lighting patterns from a previous week to simulate* occupation

• Sends me an alert if motion is detected and nobody’s home

• Turns off the picture on the TV if nobody’s in front of it for a while using a 60GHz radar sensor

as well as a few other things. I don’t want a smart home that’s just remote operation with a phone. I want to use capabilities to automate things so I don’t need to be concerned about them.

I think you need to ask yourself a few questions: why do you want this? What things do you want to accomplish and how do you see them improving your life? Is the benefit that you gain worth the expense in money and time that it will take to set these things up?

One of the things I made ‘smart’ early on was my garage door. I live in an older house with a tuck-under garage and I had woken up one too many times to find someone had left the garage door open all night. I was tired of constantly going up and down the stairs at the end of the night to make sure everything was closed up and I just wanted a simple way to check, and to close (or open) the garage door if necessary. After the garage door I decided to put sensors on all the doors. Now I didn’t have to run around checking all the doors after everybody went to bed, or if I wanted to turn the a/c on. Next came lights in high-traffic areas, the ones that would get left on all night if I didn’t follow behind everyone turning them off.

In creating all of these wonderful automations where lights would come on magically whenever someone would enter a room I created another problem. Eventually, something important will fail, and the system will break down, and suddenly you realize you have an implicit, unspoken SLA with your partner. I had created an entire household that seemingly couldn’t figure out what to do with themselves in a darkened room if a careless Home Assistant update broke the whole thing. You have to set realistic expectations for these things because no matter how reliable your setup is, one day something is going to fail and you’re going to need to troubleshoot why.

I have provided only a handful of examples but each one served a need that I had at the time in a very busy household with small children and not enough hours in a day. For me, I believe the benefit I received was worth the expense and the hassle of automating these things in my home. If I had to do it all over again today I believe the benefit would be even greater - or, at least, the hassle would have been far less - everything is so much easier now especially with what Home Assistant has become.

Ultimately, you are the only one who can decide if the expense and effort are worth it for yourself.

The only smart objects I have are some light bulbs. I think, some processes are good to automate and put software in control of, and some things I want to have explicit control over (I.E. Door locks, Safe locks, AC settings, Heating). Technology can break in fantastical ways, but a lock should just freaking work.

As someone who has spent many years working on my smart home, I suggest, as do others, KEEP IT LOCAL.

As others have said, you can sequester IoT devices to a VLAN that has no internet access. Most of the common devices (lights, switches, sensors) added to smart homes work perfectly fine without access to the internet. Voice assistants are the biggest security/privacy hole since all commercial options are from big tech companies and phone home constantly. If you set up a local homeassistant instance you can get a ton of functionality out of smart devices with no direct connection to the internet. You need to decide how you handle accessing homeassistant from outside your home if that’s something you want but there are plenty of options to choose from for that.

One thing I will say that I refuse to add to my home is any kind of smart locks. No matter how much I trust my security setup, I don’t trust it with the ability to unlock my doors. If there was one that could only lock them electronically but required being manually unlocked, them maybe. But I haven’t seen a lock like that out there.

Smart homes sound good in concept and I’d love to have one if there weren’t so many risks. But an entire home that can be controlled via computers just sounds like an opsec nightmare. Obviously there’s the plus that your average technologically illiterate granny isn’t going to be using these so it will most likely have strong security systems. But hackers love a challenge.

And a whole neighborhood? A systemwide attack could happen disrupting entire swaths of a city’s residential zone. Imagine showers suddenly spraying boiling water, targeted attacks on epileptic individuals with flashing lights, temperatures dropping to below freezing or up to dangerous levels of heat or lightbulbs overloading sending broken glass everywhere, speakers bursting eardrums.

Not to mention more subtle dangers of such voice activation systems being accessed by malicious actors, or more likely, corporate concerns. Someone gangstalked or targeted by powerful people who could just court order one of these smart home companies to hand over the data and they probably will without fuss.

The attack surface of a single electronic device is massive, with dozens of different apps and services, each with different system vulnerabilities to exploit that’s already hard enough. But just imagine the attack surface of an entire home! Everything from the LG Flatscreen in your living room, to the temperature control systems, to your Apple Smart Toaster can be hacked to gain access to the rest of the system. If any one of those isn’t completely secure (which of course is a pipe dream) then it could be the gateway to a smart home hacking story on a Defcon panel.

And finally, what’s stopping the company from just updating the software for your smart home and paylocking features like “Uh yeah, you need to pay 12.99$ a month to have your cctv cameras work.” And because all the framework that runs the systems is being hosted in proprietary servers, you can’t do shit. And you can’t host your own servers either. Does this sound familiar because it should?

It’s convenient but it’s less secure and less reliable. Imagine being locked out of your house because the Internet is down.

Harmful, the internet of things in general is.

You don’t need stuff that is 100% in a bot net caus its completely unsecured.

AIRGAP EVERYTHING.

Buddy of mine moved into a new apartment and they have a couple of “smart features”: Temp, blinds, lights. No cameras (except the front door) or other fancy stuff.

However the apartment can be reached from any browser with a hash. So if you know the hash, you can easily access his apartment controls. No password, 2FA or anything necessary to identify him.

When he told me I was looking at him with wide eyes and he just laughed and said “Yeah, I know.”.

An absolute nightmare for security and privacy. Just say no.