What do you guys think of the idea of smart homes? I could make a basic setup using https://home-assistant.io to control my home temperature and lighting; the tools for doing this are everywhere nowadays and implementation doesn’t seem too horrific anymore.
But setting aside what I “can” do, is this something that I “should” do? How can a person implement this without connecting any devices to the internet?
Yeah no. As a former IT guy the last thing I want is be tech support for my family’s light switch
I’ve been using smarthome stuff for quite a while now, and my conclusion is this:
- You absolutely have to stay local. Home Assistant is the only software I know that can pull that off at the moment, but never ever use commercial devices that have to talk to their servers. Once the servers are down or your internet connection is down, those devices are just bricks, and you don’t want that at home.
- The setup is only really usable by the person who set it up. If you’re living alone that’s fine, but anybody else will have a hard time tapping in your secret code to turn on the lights. All trained behavior like pushing a light switch to turn the lights on and off are violated in a smart home, even if it’s just because the delay between pushing the button and the lights going on is increased by 100ms.
- You have to monitor battery levels of sensors and replace them to keep the system working. There are dozens of coin cells in your home, they are going to run out eventually (after a few months).
- Have a fallback mechanism when the network goes down. It’s not great when you can’t turn on the lights to check why the WiFi router isn’t responding.
All trained behavior like pushing a light switch to turn the lights on and off are violated in a smart home, even if it’s just because the delay between pushing the button and the lights going on is increased by 100ms.
This is only true if you’re controlling bulbs instead of switches. Virtually all of my lights are on z-wave switches that work almost exactly the same as regular switches, the only difference being that the switch paddle doesn’t stick in an on or off position. Smart control is strictly in addition to the primary control.
Completely agreed on your other points, though. Absolutely no chance I’d use anything other that a local Home Assistant server that handles all processing locally.
I’ve installed an Aqara wall switch in a public room, and people are complaining that it doesn’t feel as well as a regular light switch. It’s really hard to get it right.
Yeah, unfortunately there’s not much that can be done there, at least not without adding little motors to the switch so it can match state with whatever it’s controlling. My experience has been that there’s an adjustment period, but eventually it’s not a big deal. Sort of like switching to paddle switches from toggle switches; at first it’s different, and people don’t like different when it comes to things they don’t think about, like light switches. But eventually the new thing becomes normal, and it’s not a problem anymore.
That said, the z-wave toggle switches are garbage, it’s much easier to adjust to paddles.
Smarthome well done is good and I think it will be necessary to tackle some challenges of the future - we need smart solutions to use ressources much more efficiently.
But: 85% of all smart home products are neither smart nor good. They are glorified remote controls. Nothing more.
AMAZON ALEXA IS NOT A SMART HOME PRODUCT.
A smart house doesn’t need you to use your phone/voice/etc. to turn down the blinds or switch on a light. It knows when the blinds need to be where depending on your location, the weather (blind based cooling in summer, heating in winter), the time, etc. It inherently doesn’t need a internet connection to control itself - it only does need the internet to expand its knowledge of the outside world,e.g. by getting disaster alerts, weather forecasts or off-site-location. When done this way there isn’t much “hacking” that can be done. There aren’t many components that can turn into botnets.
This is all possible for ages and it is all easily achieved - KNX and other systems are good examples. Matter can possibly achieve that. But currently it’s the big hype to call everything that can be voice controlled smart.
For fucks sake. It takes me longer to say “Alexa turn on the living room lights” than to do it myself or use a Clapping sensor from the 80ies.
In theory it’s awesome, but in practice it’s a Black Hat heaven
Using home assistant since 2017. As you add stuff there’s more synergy, like a network effect. I have automations and services that:
-
Adjust the bathroom floor thermostat according to the prevailing hourly energy price
-
Adjust the colour temperature of lighting during the day so blue light is reduced in the evening, allowing natural melatonin production to function
-
Announce on a local speaker when our child gets to school in the morning using their phone location
-
Operates festive lighting in the winter with reference to sunset and sunrise
-
Turns off all lights when leaving; or sometimes if I’m feeling more paranoid
-
Replays lighting patterns from a previous week to simulate* occupation
-
Sends me an alert if motion is detected and nobody’s home
-
Turns off the picture on the TV if nobody’s in front of it for a while using a 60GHz radar sensor
as well as a few other things. I don’t want a smart home that’s just remote operation with a phone. I want to use capabilities to automate things so I don’t need to be concerned about them.
-
I think you need to ask yourself a few questions: why do you want this? What things do you want to accomplish and how do you see them improving your life? Is the benefit that you gain worth the expense in money and time that it will take to set these things up?
One of the things I made ‘smart’ early on was my garage door. I live in an older house with a tuck-under garage and I had woken up one too many times to find someone had left the garage door open all night. I was tired of constantly going up and down the stairs at the end of the night to make sure everything was closed up and I just wanted a simple way to check, and to close (or open) the garage door if necessary. After the garage door I decided to put sensors on all the doors. Now I didn’t have to run around checking all the doors after everybody went to bed, or if I wanted to turn the a/c on. Next came lights in high-traffic areas, the ones that would get left on all night if I didn’t follow behind everyone turning them off.
In creating all of these wonderful automations where lights would come on magically whenever someone would enter a room I created another problem. Eventually, something important will fail, and the system will break down, and suddenly you realize you have an implicit, unspoken SLA with your partner. I had created an entire household that seemingly couldn’t figure out what to do with themselves in a darkened room if a careless Home Assistant update broke the whole thing. You have to set realistic expectations for these things because no matter how reliable your setup is, one day something is going to fail and you’re going to need to troubleshoot why.
I have provided only a handful of examples but each one served a need that I had at the time in a very busy household with small children and not enough hours in a day. For me, I believe the benefit I received was worth the expense and the hassle of automating these things in my home. If I had to do it all over again today I believe the benefit would be even greater - or, at least, the hassle would have been far less - everything is so much easier now especially with what Home Assistant has become.
Ultimately, you are the only one who can decide if the expense and effort are worth it for yourself.
The only smart objects I have are some light bulbs. I think, some processes are good to automate and put software in control of, and some things I want to have explicit control over (I.E. Door locks, Safe locks, AC settings, Heating). Technology can break in fantastical ways, but a lock should just freaking work.
As someone who has spent many years working on my smart home, I suggest, as do others, KEEP IT LOCAL.
As others have said, you can sequester IoT devices to a VLAN that has no internet access. Most of the common devices (lights, switches, sensors) added to smart homes work perfectly fine without access to the internet. Voice assistants are the biggest security/privacy hole since all commercial options are from big tech companies and phone home constantly. If you set up a local homeassistant instance you can get a ton of functionality out of smart devices with no direct connection to the internet. You need to decide how you handle accessing homeassistant from outside your home if that’s something you want but there are plenty of options to choose from for that.
One thing I will say that I refuse to add to my home is any kind of smart locks. No matter how much I trust my security setup, I don’t trust it with the ability to unlock my doors. If there was one that could only lock them electronically but required being manually unlocked, them maybe. But I haven’t seen a lock like that out there.
Smart homes sound good in concept and I’d love to have one if there weren’t so many risks. But an entire home that can be controlled via computers just sounds like an opsec nightmare. Obviously there’s the plus that your average technologically illiterate granny isn’t going to be using these so it will most likely have strong security systems. But hackers love a challenge.
And a whole neighborhood? A systemwide attack could happen disrupting entire swaths of a city’s residential zone. Imagine showers suddenly spraying boiling water, targeted attacks on epileptic individuals with flashing lights, temperatures dropping to below freezing or up to dangerous levels of heat or lightbulbs overloading sending broken glass everywhere, speakers bursting eardrums.
Not to mention more subtle dangers of such voice activation systems being accessed by malicious actors, or more likely, corporate concerns. Someone gangstalked or targeted by powerful people who could just court order one of these smart home companies to hand over the data and they probably will without fuss.
The attack surface of a single electronic device is massive, with dozens of different apps and services, each with different system vulnerabilities to exploit that’s already hard enough. But just imagine the attack surface of an entire home! Everything from the LG Flatscreen in your living room, to the temperature control systems, to your Apple Smart Toaster can be hacked to gain access to the rest of the system. If any one of those isn’t completely secure (which of course is a pipe dream) then it could be the gateway to a smart home hacking story on a Defcon panel.
And finally, what’s stopping the company from just updating the software for your smart home and paylocking features like “Uh yeah, you need to pay 12.99$ a month to have your cctv cameras work.” And because all the framework that runs the systems is being hosted in proprietary servers, you can’t do shit. And you can’t host your own servers either. Does this sound familiar because it should?
To be fair, many of those problems are things you can mitigate by picking the right vendor and staying away from anything that needs to phone home or use the internet
What’s stopping the company from just updating the software
The fact that I buy zwave stuff designed never to connects to the internet
And you can’t host your own servers either
Home Assistant says otherwise
This. I have been slowly building my smart home for the last 4-5 years, and I’ve yet to have a dead piece of equipment outside of a failed plug-in outlet. Since i do run everything through home assistant, there isn’t really any worry on my end up about longer term support, and if something does break in 10 years then whatever, I got 10 years of automation and a fun hobby and I’ll just replace it with the switches and shit that I took out to begin with. But because my house is now built around zigbee and home assistant, the only thing I actually have to worry about is HASS going away.
I mean, sure, I’ll probably upgrade to other things over time anyway, but that is the nature of technology. I mean, I’m sure these articles have been written but this thread is the equivalent of “laptops - computers are already fine, isn’t it just going to be a headache to carry one with you?” Ditto for modern mobile phones.
Yeah, my favorite part is the stability, honestly. I don’t have my HA instance facing the internet in any way, only accessible via my Nebula overlay network. No pressure to update the OS regularly or expect that I’m suddenly going to lose features because some big tech company decided they wanted to paywall or disable it in an update.
The fact that I moved earlier this year and was able to bring my whole smart home setup with me, and have it working at the new house before we even had an Internet connection is just golden.
It’s convenient but it’s less secure and less reliable. Imagine being locked out of your house because the Internet is down.
Harmful, the internet of things in general is.
You don’t need stuff that is 100% in a bot net caus its completely unsecured.
Great advice by Yoda!
𓁹‿𓁹
AIRGAP EVERYTHING.
Buddy of mine moved into a new apartment and they have a couple of “smart features”: Temp, blinds, lights. No cameras (except the front door) or other fancy stuff.
However the apartment can be reached from any browser with a hash. So if you know the hash, you can easily access his apartment controls. No password, 2FA or anything necessary to identify him.
When he told me I was looking at him with wide eyes and he just laughed and said “Yeah, I know.”.
Soo…what’s the hash?
I mean, you’d have to guess it and that’s the hard part, but if you can, you can probably also guess the hash of all other apartments. Unless they add some random string into the hashable info, you can guess your own hash with your own apartment info (every apartment has a house ID and apartment ID etc.).
Would be a funny weekend project to see if we could get anywhere with it. He could turn down the heat from his neighbors.
An absolute nightmare for security and privacy. Just say no.
Not necessarily. If you use eg zigbee devices, they are only accessible locally.
But you’re right. Most smart devices connect to the cloud.