I previously introduced an open source private home security camera in 2024, which uses OpenMLS for end-to-end encryption: https://news.ycombinator.com/item?id=42284412.
It was called Privastead then and it's now renamed to Secluso.
John Kaczman found my project from here and has been working on it with me over the last year and half. We've made a lot of improvements to the software, which we would like to share with you:
- You can now set this up on your Raspberry Pi in less than 5 minutes with no technical expertise using our easy-to-use GUI deploy tool. We've put together a comprehensive build-your-own guide that walks you through the required steps (you can find a link at the top of the repository README).
- We use a customized, minimal OS based on the Yocto project for the camera.
- Every part of our stack except for the iOS app has reproducible builds. This includes our Android app, camera/server binaries, deploy tool, and the aforementioned OS.
- We've re-designed our mobile app, which is now on the iOS App Store and Google Play store.
- We now support UnifiedPush for more privacy-preserving push notifications.
Looking forward to seeing what you all think!
Contrast with https://frigate.video/, which is a locally installed NVR server that pulls camera feeds over the LAN (from a very wide range of off-the-shelf IP cameras) and does all kinds of really neat local processing to do things like (optionally hardware-accelerated) object and audio detection, face recognition, ALPR, semantic search over recorded video, and more — while still maintaining similar privacy guarantees.
It's great that you've done reproducible builds for camera firmware, since that means you don't have to trust a shady IP camera vendor to be competent. Of course, with off-the-shelf stuff, you can largely avoid the security issues there by putting your cameras on a VLAN that can only reach your NVR.
What I don't get is why there needs to be a cloud relay involved at all. If you're fully E2E encrypted anyway, just have the app communicate directly with the camera via STUN.
I see you're planning on selling the preassembled hardware. There's definitely something to be said for "buy this device, download app, done" ease of setup for the wider market that meaningfully improves their privacy over Ring/Nest/et al. But for the power user and self-hosting crowd, I think Frigate makes a lot more sense.
In case you're not familiar with the Yocto Project, it's designed to be a tool/template for developers (like Ardalan and I!) to use to create custom Linux images for embedded devices (in this case, a Raspberry Pi).
It works off of distributing layers/recipes (these "templates") in open-source repositories for re-use among such developers that can be very easily baked in and customized if necessary.
Our current usage of it is relatively small. Our OS codebase is roughly ~1,000 LOC of a few recipe modifications (e.g. for fixing reproducible build issues, some minimizations, necessary dependencies we need), and, of course, integrating our camera_hub binary and updater binary (as well as their respective system services). We also bake in a custom rpicam-apps (the library responsible for driving camera feeds into the app), which was modified to be more performant in our use case (specifically, we modified it to add a secondary UNIX domain socket channel to send raw images simultaneously with the H.264 stream, so that we wouldn't need to decode them separately). Additionally, there's ONNX Runtime, which I mention below.
In the image itself, we've added two partitions: a data and provisioning partition. The data partition is designed to separate the mutable data (the state files for our camera binary) against the rest of the root filesystem. The provision partition is used by the deploy tool to inject a random camera_secret in as the pre-shared key (PSK) used to initiate pairing in OpenMLS (for our E2EE).
We have a lot of future work in store for this Secluso OS! A few things I'm working on right now are a read-only root filesystem (through squashfs), hardening the kernel, and getting rid of a massive dependency we currently rely on (ONNX Runtime) for machine learning. We've been working with burn, a popular Rust machine learning library, to optimize their "burn-flex" crate to match the performance of ONNX Runtime for the model we use for object detection. After that's done, half of the dependencies used by the OS will be able to be removed! (as ONNX Runtime drags in things such as python).
Please let me know if you have any questions!