Our on-device AI is able to detect people, pets, and vehicles. We have tested people detection and it works well. We haven't really tested the other two.
ESP32: We haven't tested them. I would guess that they won't be able to handle the workload (on-device AI, encryption, and video encoding if there's no hardware encoder).
Ciphersuite: We use OpenMLS and we can choose any of the ciphersuites supported by it. We are using its post-quantum secure ciphersuite (MLS_256_XWING_CHACHA20POLY1305_SHA256_Ed25519).
From what I understand, some camera modules for ESP32 have built-in video encoding, so basically the ESP32 will only have to manage the encryption + network.
If you are interested, take a look at what SeeedStudio are doing. I think It's worth exploring for very cheap cameras, but yeah, no AI (without an additional accelerator).
There are two comments/questions here and I'll try to address them one by one.
Secluso vs. Frigate: I think you correctly mentioned some of the differences. We intend Secluso to be replacement for Ring-like WiFi cameras. Therefore, it needs to be easy to set up and use and provide similar functions to a Ring camera: the user plugs in the camera, opens the app, scan a QR code and perform a pairing process, and the camera is ready to use with its strong end-to-end encryption. The self-hosted version of Secluso requires a few more steps, but we've tried to automate it as much as possible. Home Assistant and Frigate are great platforms that are capable of providing good privacy (although they don't support advanced end-to-end encryption that Secluso does with forward secrecy and post-compromise security through MLS), but they require several steps, e.g., prepare/configure the IP camera, install and configure Frigate, integrate Frigate with Home Assistant, and configure remote viewing via cloud relay or VPN. Also, they are typically used with wired (Ethernet) IP cameras. WiFi IP cameras are possible but the RTSP stream between the camera and hub will be unencrypted, which might be vulnerable to eavesdropping.
Need for cloud relay: We have considered STUN and we are planning to deploy MLS over WebRTC for livestreaming (using the DAVE protocol) to improve the livestream performance. But this doesn't completely eliminate the need for a relay. If a STUN connection cannot be made due to some restrictions in one of the networks (that the camera and app are connected to), we will need to fall back to the relay. Also, if the phone is off/disconnected when an event video is recorded, we would like to transfer it (encrypted) to the relay ASAP in case something happens to the camera (e.g., it's taken by the intruder).
The videos are stored in the mobile app and you can view them when you need. The camera captures videos when it detects an event, e.g., a person, encrypts them, and sends them to the mobile app. The app decrypts them and stores them locally, allowing the user to view them when needed. The app also allows for livestreaming and it keeps the livestreamed video locally as well.
Hi u/tmikaeld, livestreams are available when clicking a button. It is not possible to livestream in the background. That's what motion/object-detection-based events are meant to help augment. When something happens, you'll get a push notification + a video, so that you don't need to look through a very long video to try to figure out when something happens.
The camera_hub runs in the camera. It records videos, encrypts them, and sends them to the mobile app. The server is a relay in the cloud. It transfers encrypted videos from the camera to the mobile app.
One can use Frigate + Home Assistant + some secure remote access solution (e.g., VPN) to get a usage model similar to Secluso. Secluso however provides the following advantages:
1) You'll get advanced end-to-end encryption (MLS).
2) You'll get a trusted firmware (fully open source and verifiable software running on a Raspberry Pi). An important advantage of having trusted firmware is that you won't have to worry about putting a firewall in front of a camera that comes with closed source firmware and hence can't be trusted.
3) Secluso is easier to set up. All you need is to run our released binaries in a Raspberry Pi, a server, and then use our app. We are also open to providing server support for for a limited number of interested users. This will further simplify the setup. Please contact us if you're interested.
4) With Secluso, you won't need a hub or an NVR. All you need is a Raspberry Pi (and its camera).
1) Usage model: RTSP cameras can be used for on-demand livestreaming. In contrast, the usage model of our camera is similar to a Ring camera: not only does it support livestreaming, but also it detects events (motion, person, pet, etc.), records a video clip, and sends it to the phone.
2) Connection and ease of use: with an RTSP camera, the camera acts as a sever. You can easily connect to it from your phone if your phone is connected to the same LAN. But if you're outside (which is very typical in the case of home security camera), you will need to connect to your LAN from outside. You have several options to achieve this (port forwarding, VPN, reverse proxy, etc.). Some of these options are not very secure. And they all require some non-trivial setup. In contrast, with our camera (again, similar to a Ring camera), the camera sends the videos to a cloud server and the app downloads them. Therefore, there's no need for the phone to access the LAN. (But note that in contrast to Ring, the videos in Secluso are always end-to-end encrypted. Ring supports an optional end-to-end encrypted mode, but you will lose advanced AI features such as person detection if you enable that since that is performed in their servers.) With the cloud-based video relay, we can then make it very easy to set up and use our camera. More specifically, our plug-and-play camera (https://secluso.com) is very easy to use: scan a QR code, pair, and you're good to go.
3) Encryption: Secluso uses MLS, which provides advanced end-to-end encryption features such as forward secrecy (per message) and post-compromise security.
4) Trust in firmware: Our goal with our recent Raspberry Pi camera is to provide a home security camera with a fully open source firmware. In fact, we now support a reproducible build, which allows you to verify that the firmware binary is built from the open source software in our github repo. This is in contrast to IP cameras that come with closed source firmware, making it difficult to assess their trustworthiness.
I haven't designed Privastead for continuous recording/streaming. It's mainly to receive motion/event-triggered videos and occasional live streaming. The usage model is more like Ring cameras.
The question of "What is the purpose of introducing the untrusted "server" component?". Looks like you've since replied to this, but it wasn't here or I didn't see it when I dropped the parent comment. The reply also doesn't compare alternatives such as direct use of an object store API. I've fielded a lot of user support questions about installation and would really hesitate to add that extra moving part if it's not strictly necessary.
Overall, we must be coming at this with quite different expectations of what a NVR should do. Not just this but also "when the app fetches a video, the server deletes the ciphertext (in order to be memory efficient)". Some installations of my NVR software are multi-user; I personally use it from multiple devices; etc. So the idea the whole pipeline exists just to transfer event videos to a single Android device results in a system that I would not find useful.
There certainly is space for different approaches. E.g. Frigate's approach is quite different than Moonfire NVR's but obviously is useful in a lot of ways to a lot of people. But my take is that Privastead's approach is going to be pretty niche, and the claim that other NVRs don't offer strong privacy assurance using "end-to-end" (on-prem server to client) encryption is untrue.
Also, I find it inaccurate to say it's mostly implemented in Rust which "provides higher security assurance for the hub". The Amcrest camera you've chosen is essentially developed by a hostile nation-state, and the protocol code you're using to interact with it (ffmpeg) is all written in C, which I find incongruous with the privacy/security goals. In fact, ffmpeg's RTSP and Matroska code is probably the majority of lines of code in the system.
Yes, we have different approaches/designs. In fact, I don't even of think of Privastead as an NVR solution. The choice of using a hub is mainly because I didn't have control of the camera firmware. As I've mentioned in other comments, if I could, I'd move the hub logic to directly run inside the camera.
And my main comparison has been with security camera solutions that use their cloud solution to transfer videos (e.g., Ring). I think an open source solution that uses MLS and treats the cloud as fully untrusted is a superior alternative.
Regarding the multi-user support: yes, that's on the to-do list. A nice aspect of MLS is the notion of groups that it provides. In Privastead, each camera will have a separate MLS group and it could add multiple devices/smartphones to the group. The hub will then try to deliver the video to all devices in the group. Many aspects of the multi-user support still needs to be figured out, but it's technically feasible.
Regarding ffmpeg: I agree. I'm aware of it and I have it in my to-do list to replace that with a Rust-based implementation. In fact, I'll be looking into your retina library as one potential replacement. :-)
> The choice of using a hub is mainly because I didn't have control of the camera firmware. As I've mentioned in other comments, if I could, I'd move the hub logic to directly run inside the camera.
Yeah. I'm also frustrated with cameras in general. I've commented on this a few times here before, [1] but tl;dr: I don't even know what camera I'd recommend even if I had the perfect open source firmware to flash onto it easily.
> Regarding the multi-user support: yes, that's on the to-do list. A nice aspect of MLS is the notion of groups that it provides. In Privastead, each camera will have a separate MLS group and it could add multiple devices/smartphones to the group. The hub will then try to deliver the video to all devices in the group. Many aspects of the multi-user support still needs to be figured out, but it's technically feasible.
Okay, interesting, yeah that sounds like a significant step up for most folks.
> Regarding ffmpeg: I agree. I'm aware of it and I have it in my to-do list to replace that with a Rust-based implementation. In fact, I'll be looking into your retina library as one potential replacement. :-)
Patches very welcome. It could use more attention than I've been able to give it recently but likely will interact well with your camera model as-is.
reply