This is part 1 in a series of posts documenting what worked and what did not while building a privacy and security focused smart home
IoT and the smart home realm of electronics is largely a joke in the security industry. Smart locks and garage door openers provide little to no physical security against a hacker or someone with one of their tools   . Smart bulbs and other "innocuous" IoT devices can be used for infection and propagation of malware, and en masse can pose a risk as botnets . Cameras spy on citizens and provide intel to foreign (or sometimes domestic) governments. The point is, IoT devices are either wilfully or negligently full of security flaws that punch holes in your network and let attackers in or leak your personal data out.
...So why on Earth am I building myself a smart home? Because I want this:
"Hey Mycroft, turn on my kitchen lights."
Four light fixtures turn on at once
How freaking cool? We're living in the future, folks.
But how do I do this without compromising my privacy, or my network security? I've done a lot of research and I think I've found a decent compromise. Leaning heavily on open source software, I'm building a home automation network with OpenHAB, Z-wave, and Mycroft. Let me explain why this is a good solution.
Z-wave is a mesh network protocol that creates a "LAN" of IoT devices that are, themselves, never connected to the internet. These mesh IoT devices connect to a Z-wave "hub" that can be connected to the internet, if you want it to (e.g. if you want to control your smart home from oot and aboot). The hub sends commands to the devices, updates the devices, and overall coordinates the smart home show. There are plenty of Z-wave hubs already out there (cough SmartThings cough), but I wanted something less opaque that would be amenable to the addition of some non-z-wave devices, such as the Wyze cam. Something more... open source.
OpenHAB is a powerful smart home automation suite that frankly has impressed the socks off of me. This thing was clearly architected by people who knew what they were doing from a design standpoint, because their concepts (bindings, things, channels, items) generalize so well that once you understand the OpenHAB ecosystem, it's a joy to add and control a new device. It just works. I love open source success stories. OpenHAB has a binding for Z-wave that allows it to act as a hub as long as there's a Z-wave serial device present on the system. It also has bindings for all sorts of other things you might want to integrate with your smart home solution, including for example Spotify. The beauty of a single-stop solution like OpenHAB is that you can gather all your state information in one place, and use it to create complex interactions between your home devices.
While OpenHAB even provides a means for creating custom UIs for controlling your devices, sometimes talking to your house is just more natural (or more awesome). But voice assistants are all cloud-based services because the hard work of lexing human speech and deriving meaning is the work of an AI, and sadly, they seem to require more horsepower than a raspberry pi. Even more sad, though, is that these cloud-based services snarf up your data and sell it to advertisers. There's no guarantee that they aren't always listening. an indeed there's some evidence that they are, and that our personal moments are being recorded and transcribed by humans in order to improve the AI's speech recognition (I read this article, but I can't find it now - guess you will have to take my word for it).
Here's the shopping list so far:
That all runs a bit over $300. Expensive, sure, but what's life without a hobby. What all this buys me so far are three sets of networked and synchronized speakers (hooked up to Pi 3 A+'s running Max2Play), a voice assistant (the PS3 eye attached to the Pi 3 B+ running Mycroft.ai, using their picroft image), a solitary smart light switch, a camera to watch my front door, and a home automation hub (the Pi 4 with the Zooz Z-wave USB stick). So... I can turn on a single light, play some music, detect when someone's coming into the house, and ask the internet some questions. It's not bad but it's not exactly like the house is alive. All I've bought so far is proof of concept toys.
I'll continue this series with posts about each individual node in the smart home network, including any relevant configuration, wiring, networking, travails, and triumphs. For now, I wait for the pieces to come in.