Smart-homes: The future, or harmful?

frogman [he/him]@beehaw.org to Technology@beehaw.org – 120 points –

What do you guys think of the idea of smart homes? I could make a basic setup using https://home-assistant.io to control my home temperature and lighting; the tools for doing this are everywhere nowadays and implementation doesn't seem too horrific anymore.

But setting aside what I "can" do, is this something that I "should" do? How can a person implement this without connecting any devices to the internet?

125

Smart homes sound good in concept and I'd love to have one if there weren't so many risks. But an entire home that can be controlled via computers just sounds like an opsec nightmare. Obviously there's the plus that your average technologically illiterate granny isn't going to be using these so it will most likely have strong security systems. But hackers love a challenge.

And a whole neighborhood? A systemwide attack could happen disrupting entire swaths of a city's residential zone. Imagine showers suddenly spraying boiling water, targeted attacks on epileptic individuals with flashing lights, temperatures dropping to below freezing or up to dangerous levels of heat or lightbulbs overloading sending broken glass everywhere, speakers bursting eardrums.

Not to mention more subtle dangers of such voice activation systems being accessed by malicious actors, or more likely, corporate concerns. Someone gangstalked or targeted by powerful people who could just court order one of these smart home companies to hand over the data and they probably will without fuss.

The attack surface of a single electronic device is massive, with dozens of different apps and services, each with different system vulnerabilities to exploit that's already hard enough. But just imagine the attack surface of an entire home! Everything from the LG Flatscreen in your living room, to the temperature control systems, to your Apple Smart Toaster can be hacked to gain access to the rest of the system. If any one of those isn't completely secure (which of course is a pipe dream) then it could be the gateway to a smart home hacking story on a Defcon panel.

And finally, what's stopping the company from just updating the software for your smart home and paylocking features like "Uh yeah, you need to pay 12.99$ a month to have your cctv cameras work." And because all the framework that runs the systems is being hosted in proprietary servers, you can't do shit. And you can't host your own servers either. Does this sound familiar because it should?

To be fair, many of those problems are things you can mitigate by picking the right vendor and staying away from anything that needs to phone home or use the internet

What's stopping the company from just updating the software

The fact that I buy zwave stuff designed never to connects to the internet

And you can't host your own servers either

Home Assistant says otherwise

This. I have been slowly building my smart home for the last 4-5 years, and I've yet to have a dead piece of equipment outside of a failed plug-in outlet. Since i do run everything through home assistant, there isn't really any worry on my end up about longer term support, and if something does break in 10 years then whatever, I got 10 years of automation and a fun hobby and I'll just replace it with the switches and shit that I took out to begin with. But because my house is now built around zigbee and home assistant, the only thing I actually have to worry about is HASS going away.

I mean, sure, I'll probably upgrade to other things over time anyway, but that is the nature of technology. I mean, I'm sure these articles have been written but this thread is the equivalent of "laptops - computers are already fine, isn't it just going to be a headache to carry one with you?" Ditto for modern mobile phones.

Yeah, my favorite part is the stability, honestly. I don't have my HA instance facing the internet in any way, only accessible via my Nebula overlay network. No pressure to update the OS regularly or expect that I'm suddenly going to lose features because some big tech company decided they wanted to paywall or disable it in an update.

The fact that I moved earlier this year and was able to bring my whole smart home setup with me, and have it working at the new house before we even had an Internet connection is just golden.

Okay that's fair, you bring up good points. I'm actually glad there are counter to my points. Thanks 👍.

This sounds more and more like Watch Dogs 2 and HAUM

I was think about it when I was writing it XD.

I've been using Home Assistant for a while now. I do recommend setting up a VLAN that can't communicate with the internet which is where any wifi devices live. However I really like ZigBee and/or Z-Wave devices as they don't require any internet connection.

Lights alone are a game changer. Timers never really worked well for us because we're pretty far north of the equator and sunrises/sunsets have a pretty big swing. I currently have the lights come on 1 hour before sunset so it adjusts to this swing without me having to do anything. Then I have a button on my nightstand that turns off all the lights that aren't night lights.

The downsides are that it can be expensive. You start with a couple of light bulbs, maybe a couple of outlets, next thing you know you are pricing out how much it will cost to change all your switches and trying to figure out if they all have neutral wires or not. You'll start watching youtube videos of people's setups and looking for ways to do more with your smart home. It's a fun hobby but can be a lot of work.

I like that the ZigBee and z-wave devices don't need internet, but the biggest reason in my opinion is the relay function where they extend the network, and the binding options so they work even if your hub or wireless goes down.

Smarthome well done is good and I think it will be necessary to tackle some challenges of the future - we need smart solutions to use ressources much more efficiently.

But: 85% of all smart home products are neither smart nor good. They are glorified remote controls. Nothing more.

AMAZON ALEXA IS NOT A SMART HOME PRODUCT.

A smart house doesn't need you to use your phone/voice/etc. to turn down the blinds or switch on a light. It knows when the blinds need to be where depending on your location, the weather (blind based cooling in summer, heating in winter), the time, etc. It inherently doesn't need a internet connection to control itself - it only does need the internet to expand its knowledge of the outside world,e.g. by getting disaster alerts, weather forecasts or off-site-location. When done this way there isn't much "hacking" that can be done. There aren't many components that can turn into botnets.

This is all possible for ages and it is all easily achieved - KNX and other systems are good examples. Matter can possibly achieve that. But currently it's the big hype to call everything that can be voice controlled smart.

For fucks sake. It takes me longer to say "Alexa turn on the living room lights" than to do it myself or use a Clapping sensor from the 80ies.

Smart homes in centralized hands, such as Google? Nightmare.

Smart homes controled from your home, like home assistant? Awesome. I have home assistant and done some lights, water sensor, even my security cameras. It's a lot of work, but it works so well it's crazy.

I sorta wonder about these when selling the house to the next person. What if a little old lady buys your house?

I thought I'd remove them if the buyer isn't interested. They still work like normal light switches without a smart home hub.

Just remember, the S in IOT stands for security.

I do have some IOT devices on my network, however they are kept off the internet and on their own vlan. No phoning home (or anywhere else) for these devices.

They can be great if they are set up properly, but too many people just take them out of the box, toss them on their network and think they are just fine.

I’d wager 90% of users do that. I see way too much phoning home former to ever be comfortable with that.

I'm a bit more pessimistic about that percentage.. maybe 90% of people with the technical ability and inclination to micromanage their devices. But I'd wager the majority of users just want a remote control mood light and do not care that it's using the WiFi

I don’t see anyone in here talking about HomeKit, which is also a good solution for secure IOT. Many HomeKit accessories can be set up to only communicate with your LAN and to not need 3rd party apps or accounts.

I also have my system connect to a router that supports HomeKit secure, which blocks any phoning home to 3rd parties.

Big problem with HomeKit is 1) Siri is meh 2) fewer IOT accessories

The S in IoT stands for security

That's actually what I made the SSID for the wireless access point for the VLAN i have isolated for any wifi specific smart devices.

I didn't buy any, but my wife did without realizing they were incompatible with my existing home assistant setup due to being cheap Chinese crap

As others have said, you can sequester IoT devices to a VLAN that has no internet access. Most of the common devices (lights, switches, sensors) added to smart homes work perfectly fine without access to the internet. Voice assistants are the biggest security/privacy hole since all commercial options are from big tech companies and phone home constantly. If you set up a local homeassistant instance you can get a ton of functionality out of smart devices with no direct connection to the internet. You need to decide how you handle accessing homeassistant from outside your home if that's something you want but there are plenty of options to choose from for that.

One thing I will say that I refuse to add to my home is any kind of smart locks. No matter how much I trust my security setup, I don't trust it with the ability to unlock my doors. If there was one that could only lock them electronically but required being manually unlocked, them maybe. But I haven't seen a lock like that out there.

Agreed on all points.

I just wanted to add that I'm very glad smart locks exist. My friend with cerebral palsy can now secure his home with a lock and be able to get back in independently.

In general, smart devices are huge for him, and others with physical disabilities.

Also, I should say that I really enjoy the convenience of having Google Assistant in the house. Verbal timers, alarms, reminders, podcasts, and music mostly. Those and the pirate FireTV Stick are our only devices to date. I just don't care enough to put the legwork in to getting IoT set up. Switches are fine.

That's great that they help your friend like that! As someone that doesn't face any kind of accessibility issues myself, it's easy to overlook those kinds of benefits that these devices can provide. In situations like your friend's, I'd agree that any potential security cons are outweighed by the pros (especially if the alternative before was having to leave the doors unlocked anyways).

Agree on the convenience of voice assistants. I've got various models of Google homes in my house that I use for voice controls on anything I don't have a good way to truly automate. Different people will have different tolerances for how okay they are with the data things like that can gather. One day I might try to set up one of the local network voice assistants but those can take a lot of work to get just right. Always a tradeoff of convenience and privacy.

Or better yet: only use zigbee devices which work offline without the need to access your wifi network.

Oh that's interesting. Does Google Home work on an unconnected VLAN for lights? I use it for lights and kitchen timers. I don't see myself adding anything more complicated or invasive though.

I don't think Google home would work without an internet connection. I believe google devices and the google home app expect a connection to Google's servers.

I personally use homeassistant to control everything without an external internet connection and I know you can lock Philips Hue lights off from the internet and the official Hue app will still work.

The rate at which the go obsolete is my issue. If you invest in a system, just be prepared to replace everything every five years, and there is almost nothing yoiu can 'fix'...it is all disposable.

Yeah the main problem is that companies that do this kind of thing want you to subscribe to a recurring payment and if you find something that works "offline" it's codged together and quite fragile. So you either pay and upgrade when companies say so (see: Arlo cameras) or you spend lots of time trying to fix stuff.

I'm leaning towards the second option, having been burned already by subscription models, but at the moment I don't have any of the smart stuff and I'm waiting for wife to forget the fiasco...

Not all of them! I really like my athom smart home gear, everything they sell runs on FOSS firmware and they even have github repos to host any device-specific modifications! As long as WLED and EspHome continue supporting the ESP8266 my devices should keep getting updates!

You can connect devices locally now. Eg. Zigbee/Z-wave network protocol without the need to use the internet. I know some builders started to implement smart devices for Apartments in the city which is easy to set the standards but for individual homes, would be harder to sell as it's costly..

Yeah no. As a former IT guy the last thing I want is be tech support for my family’s light switch

I've been using homeassistant since the start of the year and I'm never going back! Took a while to get the hang of it but being able to make my own smart electronics on the cheap is bloody awesome. Soldered my plug-in cannabis vape to an ESP32 microcontroller and now I can control its temperature from my phone!

None of my smart-home stuff is closed source which helps a lot with trust, and I've even tested it to ensure that everything works even if my flat's internet goes down! Having all my light bulbs running the FOSS WLED firmware also means that I can hook them up to my HyperHDR setup so all the lighting in my room changes colour to match my TV.

I'm super interested in all these projects! Would you mind sharing guides you found helpful when designing and building then?

For HyperHDR I started with this guide along with a bunch of YouTube tutorials and a lot of trial and error given it was my first time soldering and first time using a microcontroller in a project!

With the cannabis vape I basically used the skills I learned making my HyperHDR setup along with a multimeter and the EspHome documentation (and even more trial and error) to emulate the potentiometer that was originally wired to the temperature controller and to control an LED I wired up to it.

Other than the official documentation the main thing that I found super helpful was the official HomeAssistant forums and (unfortunately) Reddit.

Thank you so much for all these details, this will help a ton! I taught myself to solder a few years ago to do custom LEDs in my kitchen and kid's bedroom, and it was super fun. I'm really excited to try out some of the stuff you did, thanks again!

I really like this statement I heard recently, which I think came from the YouTube Adventurous Way - "Dumb Control, Smart Monitoring". Make sure that any devices you install have failure models that make sense - you should still be able to control your appliances when the network is down.

That said, the option to remotely control lights, etc is fantastic. I also recommend setting up some temperature sensors in various places - I have quite a few ESP33 boards scattered around with sensors (and and one with an IR blaster) attached.

Making sure you are still able to control everything when the network is down seems like a good idea.

In our house, the smart plugs have a physical button that can be used to toggle them on or off. The lights are still connected to a physical power switch, so they can be reset by flipping the switch a few times, in which case they will probably just act as a normal light. Air conditioning units have an IR remote.

All important automations should run fully locally. I also find that focused and simple automations are often most useful. When I say simple I mean in terms of automation logic, not necessarily in terms of interfacing devices, which can be tricky at times. Example of simple automations I like most would be switching amplifiers on/off based on audio state changes, switching lights on/off relative to sunset, and switching electric water and floor heating elements on/off depending on energy price.

I agree, I also make sure everything is fully local. I have separate subnets for the server that runs home assistant, the IoT devices, and the trusted home network. Then I have some firewall rules that ensure that the IoT network cannot communicate with the WAN or the trusted LAN network at all, only with home assistant.

We have some simple automations at home to turn on the boiler in the afternoon when we have an abundance of solar power, and some basic automation to turn off aquarium lights at night such that the fish can sleep. Anything more complex just becomes unreliable and annoying.

If you're smart about it, doing home automation can be really rewarding and useful. Automating lights to turn on when it gets dark is probably the most useful thing. I also have a window fan to bring in cool night air, which automatically clicks off at 60°. All of this runs locally on a raspberry pi via home assistant and z-wave, no sus devices on my network!

I've been using smarthome stuff for quite a while now, and my conclusion is this:

  • You absolutely have to stay local. Home Assistant is the only software I know that can pull that off at the moment, but never ever use commercial devices that have to talk to their servers. Once the servers are down or your internet connection is down, those devices are just bricks, and you don't want that at home.
  • The setup is only really usable by the person who set it up. If you're living alone that's fine, but anybody else will have a hard time tapping in your secret code to turn on the lights. All trained behavior like pushing a light switch to turn the lights on and off are violated in a smart home, even if it's just because the delay between pushing the button and the lights going on is increased by 100ms.
  • You have to monitor battery levels of sensors and replace them to keep the system working. There are dozens of coin cells in your home, they are going to run out eventually (after a few months).
  • Have a fallback mechanism when the network goes down. It's not great when you can't turn on the lights to check why the WiFi router isn't responding.

All trained behavior like pushing a light switch to turn the lights on and off are violated in a smart home, even if it’s just because the delay between pushing the button and the lights going on is increased by 100ms.

This is only true if you're controlling bulbs instead of switches. Virtually all of my lights are on z-wave switches that work almost exactly the same as regular switches, the only difference being that the switch paddle doesn't stick in an on or off position. Smart control is strictly in addition to the primary control.

Completely agreed on your other points, though. Absolutely no chance I'd use anything other that a local Home Assistant server that handles all processing locally.

I've installed an Aqara wall switch in a public room, and people are complaining that it doesn't feel as well as a regular light switch. It's really hard to get it right.

Yeah, unfortunately there's not much that can be done there, at least not without adding little motors to the switch so it can match state with whatever it's controlling. My experience has been that there's an adjustment period, but eventually it's not a big deal. Sort of like switching to paddle switches from toggle switches; at first it's different, and people don't like different when it comes to things they don't think about, like light switches. But eventually the new thing becomes normal, and it's not a problem anymore.

That said, the z-wave toggle switches are garbage, it's much easier to adjust to paddles.

I have a smart home and let me give you some advice. BE MINDFUL OF THE BRANDS YOU CHOOSE. For example, using tuya smart devices with home assistant is a pain, you have to setup a tuya cloud account and get an API key that you'll have to renew every few months. If the device gets reset you have to go back into the cloud environment and re-add them. It's such a pain. Almost anything works with home assistant, but the amount of diy and bullshit you have to deal with to get something working varies greatly between brands. I highly recommend sonoff, also get a zigabee controller for home assistant as its far better than using WiFi. I also recommend you start a notion document or some other form of document that can keep up with everything for you. What brand of switches are in what room, what brand of lights are where, etc. Not just for you but if you ever sell your home you can give it to the next guy. Because you're probably not going to take the light switches or any in line relays with you.

Also to not connect to the internet you need to have a separate network (router or access point) that all your smart devices connect to. You'll then use a VPN to connect to your home network remotely. Basically have your smart devices router hooked into your normal router and on your normal router block external traffic (the Internet) from going to the smart devices router. Sorry if that's hard to follow but just Google "how to segment a home network" and that should get you started. Feel free to hmu if you need some guidance.

This is my current biggest gripe. You have to have a four year degree in random smart home garbage to figure out what works with what. We have a guy like that in our friend group, but I still need four different smart home apps just to control a handful of lights and a couple cameras. The apps have constant problems (Nest app signs me out nearly daily), the aggregator apps like Homekit and Google Home are missing nearly all features for the lights we have aside from on or off and some simple color settings, Nanoleaf app claims to be able to do scheduling and automation but I've never gotten it to work. I bought a google home tied-in tablet at the recommendation of said friend to be able to check cameras and control lights from a device that didn't have to be biometrically locked, and it turned out it couldn't see the cameras OR the lights. Pending some future theoretical update which still hasn't rolled out. Insanity. Makes me want to throw it all out.

Considering how expensive the smart home items are, especially the lights, the user experience is horrendous for pretty much everything but flashy tech demos.

Everything became very easy for me once I decided to go all open source. In my opinion, the problem is all of the different proprietary "hubs". I got a ZigBee controller that can control all ZigBee devices without requiring a hub (there are several options available).

Lights: ZigBee Hue. Plugs: ZigBee Innr. Motion sensors: ZigBee Aqara. Cameras: Ethernet Amcrest. NVR: Frigate.

Everything is local, no data leaves my network, and everything is controlled directly from Home Assistant dashboards via the ZigBee controller, and I never have to open any proprietary apps.

Care does need to be taken to plan the network at least somewhat in advance, but that doesn't take too long, and everything is very stable and super reliable.

What is the ZigBee controller? Is the Hue Bridge one? Does the Hue bridge not go on the internet?

No, I am currently using a TubesZB Ethernet controller, but before that I used a Deconz ConBee II. There are others available as well.

I used the hue bridge before setting up HA, but after setting up and configuring the other controller, you can unpair your hue bulbs from the hue bridge and pair them with the new controller instead. You can then unplug the hue bridge, because the new controller is now handling the hue bulbs.

This is possible because devices that comply with the ZigBee protocol specs must accept properly formatted commands from a hub/controller after a successful pairing.

So if you have one of these controllers, AND the ZigBee device you purchase is compliant with the protocol AND the device is supported by the controller, the controller will be able to control the device locally, and you can throw out the "required" hub from the manufacturer that sends your data to that company's servers. This is why you need to plan things out ahead of time, to ensure that what you get will work with what you have. Every controller has a list of what devices are supported. For example, here are the devices supported by the ConBee II, and here are the devices supported by the TubesZB device, which uses Zigbee2MQTT.

Bonus: with one of these controllers, your smart home stuff will now work just fine if your internet goes out. As long as your local network is up and running, all of your HA stuff will work as well.

Thanks for all this info. I'm just planning out what I will use. This gives me a lot to dig into!

Really glad to hear it! Feel free to ping me if you have questions.

Edit: The Deconz is a good starter device, but it doesn't support nearly as many devices as Z2M. I got an Aqara Pet Feeder that Deconz doesn't support, but Z2M does, which is why I switched. You can't use Z2M with the ConBee.

This is the video I used to set up Z2M to work with the new controller.

I wish segmenting your IOT devices on their own virtual network was easier for most people to do. It can be done but you need a good working knowledge of firewall rules and networking in general.

LocalTuya is a thing, though it's a bit of a pain in the ass and I would definitely not recommend buying Tuya hardware specifically to use with it.

Tried both LocalTuya and TuyaLocal. When they work it was fantastic, but eventually after a few days I run into problem where a smart device's state would got stuck. For example, a switch's state could get stuck in the On state, and when you attempt to switch the light off, after a minute it'll turn back on. Other devices would got stuck in Off state, so after turning them on It'll turn off again soon enough. I'll get rid of them once I found a suitable zigbee devices that can replace their functionality.

I have a smart home. I run Unraid OS on my server and among a ton of dockers, I run my own VM with home assistant. Been doing my own DNS, network wide ad blocking, media server, home automation stuff for years now. Always will to help answer any questions.

I’m also disabled so the smart home really helps me.

As a fellow disabled person, so much this. Being able to automate things or access them with a simple voice command (or on my phone) takes a lot of weight off my shoulders.

It has its pros and cons. It's amazing if everything works, but a nightmare if I would have to start fixing and troubleshooting when I get back home from a long day at work.

I do appreciate people who have managed to set this up and working.

In theory it's awesome, but in practice it's a Black Hat heaven

Buddy of mine moved into a new apartment and they have a couple of "smart features": Temp, blinds, lights. No cameras (except the front door) or other fancy stuff.

However the apartment can be reached from any browser with a hash. So if you know the hash, you can easily access his apartment controls. No password, 2FA or anything necessary to identify him.

When he told me I was looking at him with wide eyes and he just laughed and said "Yeah, I know.".

Soo...what's the hash?

I mean, you'd have to guess it and that's the hard part, but if you can, you can probably also guess the hash of all other apartments. Unless they add some random string into the hashable info, you can guess your own hash with your own apartment info (every apartment has a house ID and apartment ID etc.).

Would be a funny weekend project to see if we could get anywhere with it. He could turn down the heat from his neighbors.

If you are at least familiar with technology and search engines you can find pretty much any smart device on shodan.io

I've never seen the point, personally. Maybe this is just one of the things i'm too poor to ever understand.

Or you may simply not really have a need. That’s totally fine.

I’m disabled, so being able to do lights and thermostats and appliances with my iPad or phone is great for me. Having things turn on or off based on motion detection or sunset/rise really helps. I can unlock my door or open my garage for guests without having to get up.

I helped set a friend up with my old smart lights when I upgraded to WLED ones and they have found it absolutely incredible for their lighting sensitivities/sensory issues!

Smart bulbs are so helpful for sensory issues related to light. You can turn the light down and change it to a less stimulating color. Wonderful for the migraine prone.

Now if only I could somehow let my dogs in and out without getting up.... (fellow disabled person)

Being able to monitor energy usage is very useful. We can see how much our solar panels are producing and how much we are importing and exporting from the network. Based on this information we can decide whether we should start a dishwasher, washing machine, water boiler, air conditioning, etc. That way, we can save a lot of money by optimally making use of free solar energy.

A smart home definitely isn't a necessity, if you're poor there are probably better things to spend your money on. That being said, you can get started with light automation for about $50, and I find that it adds a lot of (subtle) value to my day.

In addition to it being helpful for me due to disability, I also love the convenience of being able to simply say something like, "Hey Google, play The Kids Aren't Alright" and have my Home Assistant speakers start playing The Kids Aren't Alright by The Offspring through my Spotify account. As a random example. I listen to music a lot more frequently because of it.

Edit to add that it's not a need, it's a convenience.

Harmful, IMO.

Anywhere "smart" objects are, surveillance can also be. I've read 1984 enough times to know I don't want a telescreen on every available surface.

This depends. You can be smart about it. Running your own servers, including your own NVRs for video storage. Have dedicated VLANs. Firewalls. Etc. it’s not that bad.

Granted I work in automation and robotics and now networking so I’d say I’m for sure a giant add nerd. For a normal user it can be hard to stay safe.

Yeah - it can be done safely. That's way too much effort for me, lol :) I'll stick to my low-tech doorbells and stuff.

It's a lot easier and cheaper than you might imagine. A used Dell 7040 for $120, a ZigBee controller for $30, install Home Assistant OS on the Dell, plug in the controller, and you've got a really powerful smart home hub that can control any ZigBee device you have locally without ever needing any "cloud" services.

Since you don't need cloud services, you don't need to worry about firewalls or networking or VLANS, because the controller replaces the "required" hubs that manufacturers say you need, that force you to use their servers.

With the controller, Home Assistant becomes your hub, and the ghost of Orwell will smile and nod at you approvingly, maybe even give you a cheeky thumbs up.

I know some people with privacy concerns will go out of their way to avoid any "smart" devices that communicate over WiFi. If you stick with Z-Wave/ZigBee/Matter, you don't have to worry about any sort of external communications. I mean, even with WiFi devices you can isolate them by making a separate local-only network, but that's a pain.

I wouldn't trust any closed source WiFi smart devices but IMO ones that run a FOSS firmware and are fully functional with no internet connection are all good

You can (mostly), but it involves more user input than the commonly advertised (google/alexa/etc. integration)

You can choose sensors/actuators that run on protocols that don't touch the internet. Zigbee, Z-wave, rtl_433. The communication and data are local-only, from the device, to a transceiver on your automation host device.

For some others that require networking of some kind, you can silo them. Put them on a VLAN with limited or no internet access, or just manually set the IP address without a valid gateway (not suitable for kit that is at all suspect).

For ones that must connect to some server owned by the company somewhere, the best bet is to just not buy them! Personally, I do everything I can to avoid kit like that. I absolutely loathe the idea of a device needing to phone home for basic functionality. It's just begging for the company to start charging, or even shut down the servers and leave you with a brick. Unfortunately, it means a lot of onus on researching kit before buying.

Best comment here. Smart home is lot of fun if you plan it out in advance. I jumped in with a few random purchases, but trying to cobble everything together can be difficult.

Oh and avoid Google at all costs. It's flashy and neat, but in 6 months they'll cut support and you'll have a brick. Even my Nest thermostat loses functionality fairly regularly just because reasons.

Thankfully I haven't run into issues with Nest, but if I wasn't a renter I wouldn't want them in my home.

They aren't issues, it's more things like poking holes in their walled garden. Like if you want to automate your thermostat outside of their app, or use home assistant, or anything else it's just 1) difficult and 2) brittle. They'll break apis randomly, make you jump through all kinds of crazy hoops.

I'll also toss out that if you privacy and non-annoyance are your goals with an out of the box voice assistant, the only real option these days is a HomePod. I built my smart home with combination of Echos throughout the house, and I pretty much regret it now. I wasn't as worried about privacy, but these things are so fucking annoying these days. "Start a timer for 5 minutes." "Okay, do you want to play some bullshit trivia game while you're timer is going?" No, never. Ever. I mean, at least she'll still turn the lights on without spouting back something dumb, but that's just about it. Probably what I'll be doing now is still using the Alexholes as a speaker target with the mute button on all of the time (better spotify integration) and start replacing with siri balls.

Yeah we went with google homes early on and from what I hear they aren't nearly as annoying - but Google is already starting to hint at dropping support for earlier models. I'll look into HomePod, if I did any new ones I'd use something self hosted. I bet at somepoint we'll be able to flash them.

Have you looked into what Home Assistant has been doing with voice lately? This is what I'll be using to finally turn my Echos into muted speaker targets:

https://www.home-assistant.io/voice_control/using_voice_assistants_overview/

You can even turn old analog phones into HA "microphones" - just pick up the BatPhone/hamburger/banana phone, say "It's movie time" and hang up, and HA will convert your voice to text and run your "movie time" automation.

It's not a jetpack, but it certainly FEELS like living in the future...

I have found luck with Ikea smart bulbs. They don’t need to be connected to the internet to operate.

Tp-link devices are notoriously bad about connecting to the internet. There is no way to operate them without an internet connection. On top of that, each device connects independently so even when you have a vLAN, there’s extra steps required each time a new device is set up.

I love my smart lights. It's convenient controlling my lights with my voice and setting up automation rules for them.

Yes, there's some privacy concerns. Personally, I just assume it might happen and consider it worth it. Honestly, I just don't really care much if Phillips knows when I turn my lights on. I mean, my neighbours can figure that out just by looking at my place.

I have always been pretty anti-smart homes. But it’s scope crept up on me. Often I wanted more manual automation. Christmas lights were on a light sensor timer power strip, lights going to the garage etc are on old school motion sensors so we didn’t trip.

  • The one thing I did do was a thermostat, specifically a Honeywell. It was nice for scheduling and remotely cooling the house when on returning from vacation (or shutting it off if I forgot.)

  • Then I got a wifi window ac for my office.

  • Then I added some wifi mouse traps to prevent me from having to crawl under the house to check them.

  • Then someone gave us a Weber iGrill sensor that was a pain to swap between phones.

Next thing I knew I had 5-6 apps. So I setup homeassistant to consolidate it. The Weber iGrill was the hardest but I had a pi in the kitchen running a calendar so I took a wekend and got it working in homeassitsnt.

Since then I have added some tplink kasa plugs and switches. The plugs are for Christmas lights this year. And one in the kitchen that we can plug a crock pot etc into and remotely start it while at work. The switches work just like a dumb one too. And are all locally controlled.

Finally I got a robot vac which is nice.

I still don’t have Alexa etc or cameras or mics in the house. And anything I do add needs to be only smart as a value add. IE: it should function as normal even without internet.

But yeah. I guess I have a smart home now.

My advice on HomeAssistsnt is make sure you products are supported if you go that route. Stay local only whenver possible. But it is nice. One app controls all. Again for me they all must function as a dumb device as well.

I've gone the same route. HA is amazing, but also a rabbit hole.

The family likes eg the motion enabled lights and the thermostats to control the heating in their rooms. I share your opinion that it must bring benefit.

Is a robot vac worth it? I'm worried that our young cat will destroy it, or that I have to empty it daily.

So I got the expensive model.

Well realistically I got a cheap ass one on an amazon fire sale to see if my wife would like it. She did and was spending time building barriers with shoes and shit to get it to vacuum one area. So THEN I got the super expensive one, specifically a Roborock s7 max v.

We don’t really vacuum anymore. Just use that. It’s pretty good about avoiding most obstacles but isn’t perfect. Nerf darts and kids markers are it’s Achilles heal. It also sucks on shag/thick rugs.

I empty the dust bin here and there. Same with water. But it is quite easy to take apart and clean up, both the vacuum and the station itself. Probably one of the better value adds we have had to be honest.

An absolute nightmare for security and privacy. Just say no.

Not necessarily. If you use eg zigbee devices, they are only accessible locally.

But you're right. Most smart devices connect to the cloud.

What's your network infrastructure like? I have my network segregated across several VLANs, and IoT devices are on VLANs that are blocked from the internet at the firewall level.

I do similar. And keep some devices (like my kasa plugs) from hitting the internet altogether.

And others that need it go on its own DMZ with the roku TVs and like.

One of the biggest improvements I noticed after switching to smart lights and home assistant was how much better my sleep got when I used a circadian light cycle. I don't think we realize how important the gradual shift is in triggering the release of sleep chemicals (not my field lol, just my experience).

Just a fun aside take a look at WLED for LED controls. My use case is not particularly practical but they are pretty cheap and lots of fun. That said I bet some smart folk have probably used it for various sorts of indicator lights.

If any of it uses cloud services or requires internet access to function, then it's harmful. It will be gathering lots of personal data that will be sold. It will stop working if the company goes out of business or just decides to stop supporting your hardware or if they ban your account for whatever reason they want.

If it's all self hosted on your LAN, then it can be convenient, provided that whatever it controls can be manually operated if there is a problem. It's even better if you are using all open source hardware and software.

As a hobby, yeah, go for it.

To save time and money, not so much. You will spend much more time in setup and debugging than you will ever recoup due to the automation. Same goes for the money.

HA is pretty nice, but has a pretty big learning curve.

As for avoiding turning your internet into a IoT botnet, you need network gear that can segregate clients and prevent internet access, and to pick devices that have a local-only API which is not something everything has.

The real question - and this is coming from someone who spent way more time than I'd like to admit with HA automating things - is what you're expecting. I absolutely wouldn't bother doing a setup again because once the shiny wore off, all I use this for is setting a temperature and turning lights on and off: two things the hardware vendor apps does just fine.

It's great, unless for some reason it doesn't work, and that's kinda an unfortunate state of things for what is still pretty early software. Matter should help simplify things since it'll be less 100 vendors, 100 APIs you have to support which is kinda the state of being right now.

Also don't buy anything from Belkin, screw those guys.

I like mine. It has a lot of nice convenience features, and it feels good to have stuff happen automatically based on your presence. Scripting useful automations if a time-consuming hobby though, and if you're mostly just interested in doing voice control for lights it may not be worth it.

I'd recommend staying away from anything that connects directly to the wi-fi if possible. ZigBee lets you isolate the garbage hardware from the Internet so they can't be used as zombie devices in a botnet or worse, and have home assistant be the one point of contact.

It's a great and rewarding hobby! But having cloud connected devices on the same network as your sensitive information is an issue.

Use a vLAN and IoT devices capable of local control. Use a self hosted hub like Home Assistant. Keep devices that collect sensitive information (like a camera) out of sensitive areas (like the bedroom). Then you should be reasonably secure.

I love the idea of having motorized blinds and windows that automatically open/close coordinated with thermometers to regulate house temperature.

The only smart objects I have are some light bulbs. I think, some processes are good to automate and put software in control of, and some things I want to have explicit control over (I.E. Door locks, Safe locks, AC settings, Heating). Technology can break in fantastical ways, but a lock should just freaking work.

As someone who has spent many years working on my smart home, I suggest, as do others, KEEP IT LOCAL.

Using home assistant since 2017. As you add stuff there's more synergy, like a network effect. I have automations and services that:

  • Adjust the bathroom floor thermostat according to the prevailing hourly energy price

  • Adjust the colour temperature of lighting during the day so blue light is reduced in the evening, allowing natural melatonin production to function

  • Announce on a local speaker when our child gets to school in the morning using their phone location

  • Operates festive lighting in the winter with reference to sunset and sunrise

  • Turns off all lights when leaving; or sometimes if I'm feeling more paranoid

  • Replays lighting patterns from a previous week to simulate* occupation

  • Sends me an alert if motion is detected and nobody's home

  • Turns off the picture on the TV if nobody's in front of it for a while using a 60GHz radar sensor

as well as a few other things. I don't want a smart home that's just remote operation with a phone. I want to use capabilities to automate things so I don't need to be concerned about them.

I think you need to ask yourself a few questions: why do you want this? What things do you want to accomplish and how do you see them improving your life? Is the benefit that you gain worth the expense in money and time that it will take to set these things up?

One of the things I made 'smart' early on was my garage door. I live in an older house with a tuck-under garage and I had woken up one too many times to find someone had left the garage door open all night. I was tired of constantly going up and down the stairs at the end of the night to make sure everything was closed up and I just wanted a simple way to check, and to close (or open) the garage door if necessary. After the garage door I decided to put sensors on all the doors. Now I didn't have to run around checking all the doors after everybody went to bed, or if I wanted to turn the a/c on. Next came lights in high-traffic areas, the ones that would get left on all night if I didn't follow behind everyone turning them off.

In creating all of these wonderful automations where lights would come on magically whenever someone would enter a room I created another problem. Eventually, something important will fail, and the system will break down, and suddenly you realize you have an implicit, unspoken SLA with your partner. I had created an entire household that seemingly couldn't figure out what to do with themselves in a darkened room if a careless Home Assistant update broke the whole thing. You have to set realistic expectations for these things because no matter how reliable your setup is, one day something is going to fail and you're going to need to troubleshoot why.

I have provided only a handful of examples but each one served a need that I had at the time in a very busy household with small children and not enough hours in a day. For me, I believe the benefit I received was worth the expense and the hassle of automating these things in my home. If I had to do it all over again today I believe the benefit would be even greater - or, at least, the hassle would have been far less - everything is so much easier now especially with what Home Assistant has become.

Ultimately, you are the only one who can decide if the expense and effort are worth it for yourself.

It's convenient but it's less secure and less reliable. Imagine being locked out of your house because the Internet is down.