Friday, June 21, 2024

How to keep your smart cam footage safe and private

If you’re shopping around for a baby monitor, a pet camera, or a video doorbell, just a little research can make the world of network security cameras feel insecure. You don’t have to look far to find examples of companies breaking the trust of their customers. 

Wyze cameras and other smart cams from major companies have had vulnerabilities that could make potential users nervous.
Image: Wyze

And even if you trust that a company is going to be a good steward of your private data, you’ll likely have to pay for it. Companies like Ring and Arlo often raise prices for their subscriptions and, in some cases, remove features you’ve already paid for.  

In addition to the basic issues of security, some of the technology behind these cameras has potential drawbacks. First, relying on Wi-Fi alone can be potentially spotty and risky. Many of the cameras, particularly the outdoor ones, rely on battery technology that gives them a relatively long life on a single charge — but at the expense of not running 24/7 by default. 

What’s more, AI detection varies wildly in quality and accuracy from model to model. And very few of the cameras I tested for this article could be activated and managed without downloading another tedious app. I feel very strongly that every single IP camera should be mandated by law to not require an app. You should be able to connect them to your network or put them in hotspot mode and then do the entire process via a web browser. (And if I am forced to sign up for an additional brand-only account, I am going to lose it.)

So despite security cams being part of a massive industry peddling a relatively straightforward product, navigating the issues involved in safely purchasing and using one can feel like a chore. Where do you even start? 

Well, you can start by choosing safe ways to collect and store your video footage. In this article, I’m not going to talk about which camera to buy or how to install it — instead, I’m going to look at some of the more reasonable, flexible options out there that you can use to keep your video feed safe and private, from simplest to most complex.  

Safe and simple: Apple’s HomeKit Secure Video 

I generally do not trust most companies with my personal data, but of the bigger companies out there, Apple tends to be the least egregious in terms of basic security for smart home applications. If you aren’t the kind of weirdo who enjoys building a server or screwing around with homelab stuff, you could do far worse than a HomePod Mini or an Apple TV as the brain that’s running your smart home, especially if you use an iPhone on a daily basis. 

One of the nice little perks of this ecosystem is HomeKit Secure Video, Apple’s proprietary method for streaming from cameras. HomeKit Secure Video does, however, come with some caveats. You do need to be part of the Apple ecosystem, including an iCloud subscription. It isn’t perfect and has many limitations, but if your No. 1 priority is security, then you could do far worse. And hey — it means you don’t have to download a separate app from the camera manufacturer. 

Stay in-camera: save to an SD card

One nice thing about a lot of these cameras is that they allow you to save to a microSD card. MicroSD cards that hold a huge amount of data are dirt cheap now, and these cameras all run pretty efficiently. I was able to pull saved videos from most of them directly to my phone. 

One camera I tested, the EufyCam 3C with the HomeBase 3, allows a thumb drive to be connected to it to offload footage of triggered events. Another, the Tapo C420S2, actually comes with a little baby hub that will hold a microSD card with up to 256GB. 

The HomeBase 3 from Eufy allows a thumb drive to be connected to offload video footage.
Photo: Eufy

In short, for most people, keeping these devices running with a local SD card instead of opting for cloud services can be more than enough. 

Now, let’s get into the more complicated stuff.

Keep it in-house: run your own NAS

I love my NAS (Network Attached Storage) and think a lot more people should have one. If you don’t know what it is, it’s basically a baby server you shove hard drives into and attach to your router. 

There’s tons of stuff you can do with one. You can use it to store movies, have it function as a Jellyfin (or Plex, if that’s your thing) server, or stream your music and then access it anywhere. If someone I know needs a file on my server, I can just send them a link from my phone. You can also use a NAS solution to record footage from your security cameras. And when it comes to encryption, it can be very secure. 

While a NAS solution can be a hassle to get going, it’s less of a pain than other methods. When I was in the market, I went with Synology, and while it’s not the most open platform, it is one of the most robust off-the-shelf options. Synology’s security software, Surveillance Station, is considered one of the better pieces of software you can get when it comes to monitoring your home. (I have also seen people recommend Blue Iris). Synology’s Surveillance Station is also compatible with a whole slew of cameras. On top of that, Synology offers cloud backups as well (per camera, for a price). 

Again setting up a NAS solution is no minor task for a lot of people, but in general, Synology makes it easier than most. Alternatively, you can just buy an off-the-shelf dedicated network video recorder (NVR) — more on that in a moment. Meanwhile, in order to get my Synology NAS up and running, I first had to find some streams.

Add flexibility by adding a stream

In my opinion, the ability to have a stream makes your security system more transparent and flexible and also allows setting up an external DVR. Many cameras support common streaming protocols, the most common being RTSP and the ONVIF security standard. In general, cameras that can do this have far more utility. You can play an RTSP stream in VLC media player (one of the best free players available), and OBS can be configured to accept RTSP streams if you want to Twitch stream your house like it’s a reality TV show. 

Not all cameras come with this out of the box for various reasons. Many battery-run cameras, as previously mentioned, cannot stream continuously, which rules many of them out. And many smart cameras just don’t offer the feature, although Wyze (if you still trust it) has offered the option to use an alternate firmware that lets you use an RTSP stream. In general, though, several non-battery cameras from Amcrest, Reolink, Tapo, Hikvision, and Dahua allow for this. 

Of the cameras I tested for The Verge, some of the ones that allowed me easy access to an RTSP stream were the Eufy cameras connected to the HomeBase and a model by Lorex. With that stream, I was able to do a lot, like add it as a device in OBS. This allowed me to create something I call my “Bike Stream” setup in which I streamed myself watching to see if anything happened to my bike. Thankfully, nothing happened to my bike. But that’s just one of many opportunities that having ready and direct access to your technology affords you.

Configure to the max with a dedicated NVR

If I am being honest, I really don’t want my NAS to run as a network video recorder. That’s a fairly intensive task, and my NAS is already busy handling other stuff (like streaming FLACs so I can have ready access to all the DVDs I ripped). And while I am glad that I have Surveillance Station set up, I would prefer I have a piece of hardware dedicated to the task. Plus, I really wanted to see how far into the deep end I could go. 

I really wanted to see how far into the deep end I could go

For that, Scrypted and Frigate are what I am interested in. Frigate is a free, open-source NVR with a fantastic Home Assistant integration that lets you really unlock the potential of what you can do with your camera system. Scrypted is an open-source plug-in and has support for HomeKit Secure Video, even letting you use it for non-HomeKit Secure Video cameras. I already had HACS (Home Assistant Community Store) running, so getting Scrypted up and running wasn’t too hard.

Both pieces of software are infinitely configurable. And unlike other software like Blue Iris, you don’t pay fees to use Frigate, although you can get custom AI models with Frigate Plus to support the development of the platform. Scrypted NVR and its desktop client, on the other hand, are for paying subscribers, but there’s still a ton of stuff you can do with the software without paying. 

You can run either of them on a Mini PC or a NUC with something like an Intel N100 processor. Both can also run in a Docker container. Both can also be paired with Google’s cheap Coral accelerator, which has an Edge TPU on board, in either a USB or M.2 form factor, for hardware acceleration of machine learning, massively lowering the hardware load for object and facial detection.

You can also do tremendously interesting stuff with Scrypted and Frigate. For example, Frigate can use any ONVIF camera with PTZ (pan, tilt, and zoom) to automatically track objects, and you can use OpenVino, a deep learning model from Intel. Got a camera pointed at your bird feeder? Frigate lets you do the integration “Who’s At My Feeder?” to identify specific bird species, or you can try its “someone is parking in my driveway” feature. Not to be the open-source software guy, but the actual possibilities here are extensive and truly exciting.

How deep can — or should — you go?

If you are really paranoid about your devices potentially phoning home, there are a lot of ways to prevent them from doing that. You can put your cameras on a VLAN to isolate them or set your cameras to have static IP addresses and block them from accessing the outside world. This is a good practice but starts getting into deeper territory than the average person has the energy for. As with most things involving security, the question is: how deep do you really want to go? 

The world of security cameras is confusing by design, but in an ideal world, it doesn’t have to be. I want a world where these devices are more transparent by design and more secure, with fewer apps that clutter up my homescreen. I want a device that does not phone call external servers, with encrypted video as a basic standard that lets me configure it however I want and actually have some real fun for a change.

Correction March 4th, 1:02PM ET: An earlier version of this story incorrectly implied Wyze let users see into other people’s homes for three years. Wyze briefly let people see into others’ homes on two occasions; the three-year vulnerability was a separate issue.


This website uses cookies. By continuing to use this site, you accept our use of cookies.