Here at EFF, we fight hard to ensure your security and privacy rights are maintained in the digital world. Back when we were founded in 1990, a dream of a world united by the internet was accompanied by forward-thinking visions of connected devices of all kinds making our lives more convenient and luxurious. The last two decades have seen the internet move from living-room and office terminals to our phones, watches, appliances and lighting fixtures. And although so-called smart devices and the Internet of Things (IoT) have allowed us to automate some aspects of our lives, they’ve also been plagued with privacy and security problems, giving hackers and data miners unprecedented access to our personal and behavioral information.

Examples of large botnets such as the well-known Mirai and more recent Fronton—which consist of Internet-connected IoT devices—have caused significant damage, and have given IoT a terrible reputation when it comes to security. Governments have started to take note, and the passage of the IoT Cybersecurity Improvement Act of 2020 in the US, while welcome, has only begun to tackle this issue. On the privacy front, our connected devices and appliances are delivering potentially hundreds of discrete data points per day to companies without any meaningful limits on or insight into what they are doing with this data. And homeowners who wish to add smart devices to their homes are often directed to install apps which control these devices, but also deliver data to third parties without notification.

Mozilla provides a useful tool, *privacy not included, to search your own smart devices for what they may be sending to the cloud. If, for instance, you own a Furbo Dog Camera with Dog Nanny, you are subject to a privacy policy which states Furbo can “collect any audio, video or pictures you create, upload, save or share” and “collect video and audit information of individuals when they pass in front of the camera or speak when the Furbo Dog Camera is on.” Unfortunately, this policy is not atypical. Researchers at Northeastern University and Imperial College London found in a survey of IoT devices across the industry that 72 of the 81 they looked at were sending information to third parties.

The nuances of adding connected automation and functionality to the home while preserving one's privacy and security seems an obtuse and difficult task. Many otherwise enthusiastic consumers have encountered untold frustrations, and become victims of the failures of a data-hungry industry. The myriad of difficulties has even prompted users to abandon smart devices altogether.

Despair not, for there is hope. In the last few years, numerous projects and protocols have been and are actively being developed which bring a greater deal of privacy and security to the connected home. And it all starts by moving the orchestration of all those devices from the cloud into your own network, with the help of a device called a “hub.”

Coordinating Your Smart Devices Locally With Home Assistant

Ideally, using a local hub gives us two benefits. It

  1. allows us to remove all the individual apps controlling the wide array of smart devices we may have, and
  2. ensures we are not delivering data about our device usage (and thus behaviors) to unaccountable third parties or companies.

However, not all hubs sever the ties of the device from the cloud completely—additional steps are often needed for this. Keep in mind that even if you do wish to disconnect your devices from the cloud, you will need some way to regularly update the firmware on the devices—this otherwise is often done automatically when these devices are networked.

For any local hub, you’ll need the hardware and a way to connect to it, usually an app on your smartphone. The hardware is usually a small machine which connects to your local network and allows the user a way to access it. For simplicity, there are commercial products available that just work out of the box. Hubitat offers a local hub for sale in the range of $100 USD.

For the more technically inclined, Home Assistant (HA) is an open source, community-driven hub software that can be installed on a variety of platforms, such as a Raspberry Pi or an old laptop you have lying around collecting dust. It doesn’t require much processing power or memory to operate—any Raspberry Pi 3b+ or later will do the job just fine. In this post, we’ll be describing a typical privacy-preserving high-level IoT layout using HA.

After installing HA, you’ll be able to add devices through a concept HA calles “integrations”; each integration allows the user to control a device or whole category of devices. The variety of integrations provided are vast, and the benefit of community-driven development really shines because even if your device isn’t specifically supported, it is probably available through the unofficial Home Assistant Community Store (HACS).

Home Assistant Integrations Menu Screenshot

One nice thing is that HA will indicate if an integration relies on the cloud. You can see this with an icon in the upper-right corner of your integration.

Home Assistant Integration with Cloud Icon

For integrations which do not rely on the cloud, you may want to block the device from internet connectivity. While most smart electronics don’t make this easy, if you have a home firewall or configurable router you may be able to limit the connections it makes to your local network. On OpenWRT, for instance, you can add firewall rules through the Luci web interface. Here, we’ve specified MAC addresses of devices we want only to connect to the LAN, not the internet. Your configuration will vary based on your device MAC addresses and local network configuration:

OpenWRT Firewall Rules

In particularly nasty cases, a device may refuse to operate until it is able to reach the internet, even if it is able to be controlled locally (via a non-cloud integration). In most cases, however, a device will continue to allow local control when its internet connection is severed.

We now have a way to connect our existing smart devices to a local network hub and remove it from the internet.

Using Zigbee or Z-Wave to Create a Private Smart Mesh

Zigbee and Z-Wave are two wireless open protocols which were developed specifically for smart devices, and operate on a different network entirely than your home Wi-Fi (802.11) network. This provides a level of separation between smart devices supporting Zigbee/Z-Wave and the internet by design—though that separation is not necessarily maintained when an untrustworthy hub is used. Many companies provide Zigbee or Z-Wave hubs which will send your data and device status over the internet. This is why using a hub that is privacy-focused, such as the ones mentioned above, is important to keeping your data private.

In addition, both Zigbee and Z-Wave create a mesh network of your smart devices, which greatly improves the range of the devices. As long as there is another Zigbee device within range, a new Zigbee-enabled smart device can join the network through it, without having to be in range of the hub. This also allows for a theoretically limitless expansion of the network. Communication between devices and the coordinator (hub) is carried out relatively securely, using CCM mode and 128-bit symmetric keys to cryptographically secure communications, though when adding devices an open trust model which trusts upon initial pairing (similar to Trust On First Use) is used. Unfortunately, Zigbee and Z-Wave are separate protocols which do not interoperate with one another. In this example, we will demonstrate a Zigbee configuration, though Z-Wave is similar in operation and both can be used in combination with HA.

In order to communicate with Zigbee devices, a Zigbee USB gateway is needed. Once plugged into the HA machine, the hub can use the Zigbee Home Automation (ZHA) integration, which does not use the cloud, to discover new Zigbee devices, control them, display sensor data on them, etc.—and all this information is kept safe on your local hub.

Screenshot of ZHA Integration

Instead of directly interfacing the Zigbee USB gateway with HA, the USB device can communicate with a piece of versatile bridging software, zigbee2mqtt. The advantage of using zigbee2mqtt is that it translates all your Zigbee device communications to the MQTT protocol, which is an ultra lightweight protocol for transferring data and administering devices. As such, it is quickly becoming a universal language for IoT devices. zigbee2mqtt supports a wide range of Zigbee devices, and allows you to control delivery of OTA firmware updates. It supplies a standalone web interface which can be used to control devices, but is most often used as a piece of middleware to supply automation software (like HA) with Zigbee device control. To use it with HA, you can simply use the MQTT integration.

Screenshot of zigbee2mqtt web interface

Screenshot of MQTT Integration

You can refer to the Zigbee Device Compatability Repository to see which devices are supported by ZHA and zigbee2mqtt and choose the option that is right for you.

Taking Back Control of Your Smart Devices

IoT security and privacy is an incredibly fraught subject, and in general manufacturers are extremely liberal with your data and its storage. In addition to cloud control of devices providing possible single points of failure and a lucrative target for malicious hackers, it adds an extra layer of complication whereby a user needs to install (and keep installed) as many apps as they have device vendors in their home. Some of these issues are slowly being addressed by initiatives such as Matter, but convenience and security is the focus of this new standard—user privacy is still delegated to the vendor, not the users themselves.

Hopefully we’ve shown one way to set up your smart home without sacrificing privacy and security for the sake of convenience. With a little extra effort, it is possible to get the most out of our smart devices without falling into the trappings and failures of IoT design.