I've been running Frigate for more than two years now and it beats the hell out of any system I've tried in terms of detection speed and reliability. For context, I've tried Ring, Tapo cameras, and also Eufy security. Today I have turned away from all the cameras except for the Tapo cameras now serving RTSP streams into my Frigate instance. I have also blocked them from accessing the internet and that gave it complete privacy by default.
Eufy Security started showing advertisements about their new products whenever I tap on a motion detected notification. They prioritize their ads over your own security which is ridiculous. Not just that, some of their clips stored in their cloud storage would never open despite the fact I used to pay them my membership fees every month. They were also caught storing passwords and other security credentials in plain text. Thanks to them, they were the primary motivation for me to move away from using those proprietary platforms and look for something self-hosted.
I got Frigate running on my old hardware with hardware acceleration enabled via RX 550 GPU and detection is always under one second. I wrote a small app that uses Frigate API to grab screenshots and send me notifications via Telegram and Pushover. It's been very self-sustainable for two years now. I only had to restart the service two times in all of this time. I am also using some tunneling from my VPS into the locally hosted Frigate running on my home server and it's just been flawless. Thanks to this amazing project.
Do you know of any good Soup-To-Nuts tutorial "for dummies" on such a setup? Finally getting some secure home monitoring/automation has bubbled up as a priority and I've started looking at Home Assistant but even for someone with some technical background the learning curve combined with the sheer breadth of options is overwhelming.
How did you get the Tapo cameras to play nice in rtsp mode with frigate? I found that even one camera did horrible things to the wifi. Even with one camera per AP per band, they caused trouble.
Note that the WiFi chips on these devices are not so great, they need good coverage. I run two Asus routers in mesh network mode to get good coverage and never had any issues with anything
What is your approach to keeping these cameras off the Internet, but still on your local network to ensure they're not backchanneling with your awareness?
All IoT devices on my network go into a VLAN that blocks internet access. Using Unifi, I think it's just a checkbox to turn internet access on/off. I use a virtual nic on my Home Assistant VM that recognizes that vlan and can communicate with all those devices, as well as a separate nic which is hooked up to the main vlan.
In my router admin page, there is something called parental control. I used it to disable internet access for all the cameras. I've also used the DHCP settings to give all the cameras static IPs as well.
Dedicated VLAN. Firewall rule forbids all outgoing connections from camera VLAN, even to other LAN, but allows inbound from designated devices on a privileged VLAN (this way random devices on my network can’t talk to the cameras). Frigate is on a VM that is so designated.
I do DHCP reservations then firewall rules. Not as safe as a VLAN but not aware of any devices assigning themselves random IPs outside the DHCP reservation to circumvent it
Easier than getting VLANs working across switches and APs
yes. You have to go into the Eufy mobile app and enable RTSP for each camera you have registered. Assign the camera a static IP and add a password there. Then use that in your frigate config yaml to setup the stream. Including go2rtc.
Your go2rtc url should look something like this and it will display that url in the camera configuration in the app itself.
I am sorry to be that guy, and I think it is good that you realized it your self, but how could you trust them with your videofeeds in the first place?
Like, I remember thinking the GNU guys were hippie crackpots. But it was like 15 years ago and I have forgot how to relate to that feeling... it is like realizing all my colleagues are not using adblockers and visit sites with ads. I just can't understand.
> I am sorry to be that guy, and I think it is good that you realized it your self, but how could you trust them with your videofeeds in the first place?
In my case, I received a ring doorbell as a gift. I ran it for several years and replaced it with Reolink on a vlan.
Well to be fair I've used some silly and expensive Meater Plus thermometer that needed an Android app just because I got is as a gift from my father in law and wanted to be able to at least tell him I used it.
It is hard to turn down present with "it will spy on me" when ordinary people think a thermometer can't. But I am quite sure I would refuse to install a SaaS CCTV.
> In August of 2017, a supervisor discovered what the employee was doing only "after the supervisor noticed that the male employee was only viewing videos of 'pretty girls,'" the complaint alleges. That employee was terminated, the filing says.
Phew -- I am definitely not a "pretty girl".
Seriously, though, I'm glad that I ditched Ring and that it only pointed at my walkway.
Not to nitpick but you're only really guaranteed privacy unless you know there's only a wired connection. If it has wifi the camera could hop onto a nearby open network and do whatever it wanted without your knowledge, assuming evil enough firmware
You can't know there's only a wired connection unless you open the camera up and inspect the PCB for an antenna, and it could still be disguised. However, by "I've only given it access to a specific network" you already eliminate 99.99% of the problem. The other 0.01% isn't really worth worrying about.
I know what you're referring to (that wifi will be so cheap and fit in a single chip that it will just phone home on open networks anyway. This was a prediction for smart TVs a few years ago) , but I think if that day comes, the devices will be easily detected and defeated by cutting the antenna or taping foil around them.
And if you're worried about threat actors on the level of backdoor/compromised firmware, the last thing you should be doing is using TP-Link Tapo cameras.
TP-Link Tapo cameras (or any other cheap cams) are fine. As long you take necessary steps to prevent leaking or calling home. I have a mix of both tapo and eufy. All of them isolated via VLAN with router FW rules set to block all traffic. The only time I had to use anything connected externally is when I had to setup each camera using the Eufy or tplink mobile apps. But once they were added to VLAN isolated wireless network, I never had to ever use the mobile app. (Unless I specifically update the firmware that addressed a problem)
Eufy Security started showing advertisements about their new products whenever I tap on a motion detected notification. They prioritize their ads over your own security which is ridiculous. Not just that, some of their clips stored in their cloud storage would never open despite the fact I used to pay them my membership fees every month. They were also caught storing passwords and other security credentials in plain text. Thanks to them, they were the primary motivation for me to move away from using those proprietary platforms and look for something self-hosted.
I got Frigate running on my old hardware with hardware acceleration enabled via RX 550 GPU and detection is always under one second. I wrote a small app that uses Frigate API to grab screenshots and send me notifications via Telegram and Pushover. It's been very self-sustainable for two years now. I only had to restart the service two times in all of this time. I am also using some tunneling from my VPS into the locally hosted Frigate running on my home server and it's just been flawless. Thanks to this amazing project.