easyDNS is pleased to sponsor Jesse Hirsh‘s “Future Fibre / Future Tools” segments of his new email list, Metaviews
The smart home should be private and under your control
We can joke that the smart home is just a ruse for the surveilled home, but there’s no reason that has to be the case. It is possible to embrace automation and protect your privacy.
Open source allows us to upgrade some of the technology in our home to foster responsiveness and efficiency without creating digital back doors that large companies or anonymous intruders can use against us.
As a home owner I’m definitely interested in using both automation and surveillance, yet I don’t want any of that data or control to be in the cloud. Especially given my craptacular Internet connection which cannot support such devices or services.
Recently the thermostat we have died. It was an older battery powered model with limited functionality. The end of October in the Ottawa Valley can get cold, and I didn’t have time defer installing a new thermostat, nor did I want to call a technician, even if it wasn’t the height of a pandemic.
As with all property maintenance problems I might encounter, I turned to the great oracle that is the YouTube algorithm, and quickly deduced that installing and wiring a new thermostat was no big deal.
Due to the time sensitive nature of the job, I masked up and drove down to the local hardware box store. Without doing any research (always a mistake) I bought the cheapest thermostat that also had WiFi access. It was roughly 20 bucks more than the standard thermostat without WiFi, and it was roughly 200 bucks cheaper than the smart thermostats offered by Google and others.
My mistake, compounded by the lack of research, was to assume that the WiFi would be straight forward, i.e. it would give me access to the thermostat. While it obviously does, it also doesn’t, as much to my disappointment, that connection is via the cloud. There’s no way to use the WiFi connection without both registering and using the cloud based platform.
I installed the thermostat anyway, as heat is important, yet I was now motivated to figure out a workaround or replacement.
First I wondered if the firmware on the thermostat could be replaced or modified (probably not legally).
Then I started having flashbacks to the YouTube research I had done. The wiring that controls the HVAC system is not that complicated. There’s a few circuits that are controlled by programming and sensors. Arduinos can handle that no problem, and a Raspberry Pi could provide a great interface with expandable functionality.
A quick search later, and I found the focus of this Future Tools issue: HestiaPi, a community driven, privacy focused, home automation project that recognizes that data belongs in the home and not in the cloud.
Started a little more than five years ago, HestiaPi is an evolving project that began with a focus on a thermostat, but aspires to play a larger role in the growing smart home ecosystem.
As an open source hardware and software project, HestiaPi is a great example of why open source can both leverage best in class tools with customized purpose, in this case a thermostat.
HestiaPi Touch is a completely open source smart thermostat for your home. With it, you can monitor your home’s temperature, relative humidity, and atmospheric pressure. You can also control your heating, ventilation, air conditioning, hot water, and more from anywhere you have an Internet connection. You can do all this securely and with confidence your private data stays private. HestiaPi Touch is compatible with many devices and home automation systems and can serve as a central point of control that ties them all together in your home.
Last year the group ran a successful crowdfunding campaign that helped fund the development of their latest model.
While they sell models of the HestiaPi on their website (and claim that they ship worldwide), they also offer everything available for free if you want to build it yourself.
#3dprinting #oshw smart thermostat @HestiaPi cases on @lulzbot3D with @ColorFabb #nGen. Enabling cheap, fast, custom made, small production! pic.twitter.com/j3gsffK1tu
— CommonsLab (@commonslabgr) February 16, 2018
This includes the software, the files to print the case, where to get the hardware, and even instructions on things like soldering.
During the past weeks we have been very busy soldering and assembling your (too many) units, so we thought about making a little video for people who will be soldering their boards themselves.
Checkout in the description the extra tools we made and shared. https://t.co/8dFnpZzoj3— HestiaPi (@HestiaPi) October 14, 2019
They have a clever slogan, “If you don’t have root access to your thermostat, someone else does” which is a valid point, even if most people have no idea what root access is or entails. (It’s the administrator access on any computer or system running Linux or Unix).
This is essential not just for thermostats but also for control of smart homes in general. Increasingly the systems in our homes and the appliances we have posses advanced computers and Internet connections. While these are designed to be controlled in the cloud as well as share our data externally, they don’t have.
In this context, HestiaPi is designed to do more than just control your heating and cooling systems, but also any other system, with all sorts of possible integrations.
My @HestiaPi built ages ago but finally installed and linked to alexa, thanks to the awesome community behind the project! pic.twitter.com/sZJel3mg1d
— Matt (@Matt_Fipp) March 28, 2020
Specifically, like standing on the shoulders of giants, HestiaPi relies upon the OpenHAB platform which stands for Open Home Automation Bus, which is a system that specializes in connecting with almost three hundred different home automation technologies and platforms.
"leverages the wildly popular #OpenHAB platform. As demonstrated in the video after the break, this allows you to use the #HestiaPi and its mobile companion application to not only control your home’s heating and air conditioning systems" https://t.co/zjthyIsNMk
— Dr. Roy Schestowitz (罗伊) (@schestowitz) June 12, 2019
As you probably guessed from the name, the thermostat is powered by the Raspberry Pi Zero, which is connected to a custom PCB that includes a couple of relays and a connector for a BME280 environmental sensor. The clever design of the 3D printed case means that the 3.5 inch touch screen LCD on the front can connect directly to the Pi’s GPIO header when everything is buttoned up.
Of course, the hardware is only half the equation. To get the HestiaPi Touch talking to all the other smart gadgets in your life, it leverages the wildly popular OpenHAB platform. As demonstrated in the video after the break, this allows you to use the HestiaPi and its mobile companion application to not only control your home’s heating and air conditioning systems, but pretty much anything else you can think of.
The HestiaPi Touch has already blown past its funding goal on Crowd Supply, and the team is hard at work refining the hardware and software elements of the product; including looking at ways to utilize the unique honeycomb shape of the 3D printed enclosure to link it to other add-on modules.
An additional feature of an open source project is the ongoing iteration and improvement. With proprietary products, they might remotely disable your device to compel you to upgrade and buy a new one. However the opposite is usually the case with open source, as the future offers new functionality and upgrades as the technology evolves with the development community.
Downloading v9… after some days testing all the hardware with v8, now, ready for the new features! Thanks @HestiaPi ! pic.twitter.com/TALAZyrmSw
— Toni Callau (@tonicallau) February 24, 2018
Although that is only true on a software level. As new hardware emerges, you would still have to do a device switch, or swap, but even then it is cheaper than buying a new proprietary version.
New hardware model! Hestia Zero – your feedback please… https://t.co/n31i5eNa6q
— HestiaPi (@HestiaPi) September 11, 2020
These are still relatively early days for smart homes, and that’s partly why HestiaPi is so reassuring. There has to be competing visions for what a smart home entails, and an open source privacy centric one is important.
However let’s go back to their slogan that suggests if you don’t have root access to your thermostat, someone else does. Such a slogan also evokes the security dynamics of these devices. While the cloud based products are notoriously insecure, that doesn’t mean the non-cloud ones are any better.
The HestiaPi Touch ONE is kind of a joke for securty. It assumes that the WiFi/LAN is protected
* ssh with default user/pw
* http (not s) access to the OpenHAB instance with no auth
* mqtt broker (unsecured) with no authAnd that's just the first hour trying to get it working
— Michael Spencer (@Bigcheesegs) March 10, 2020
The reality of root access is that it comes with responsibility. Using powerful tools means that you need to protect them accordingly. The HestiaPi can be (easily) secured, but it does take effort (and knowledge). Although learning and acquiring that know how is definitely worthwhile.
This is our twenty first issue in the Future Tools series.
The first was on Keybase, a service designed to make encryption easy to use. The second was on Pi-Hole, free and open source software designed to make it easy for you to block the digital advertisements on your network(s). The third was on Tor and the so called dark web, enabling secure surfing for all. The fourth was on Matrix and Riot as an alternative to Slack. The fifth was on democracy.earth and quadratic voting. The sixth was on the Brave browser. The seventh was on Rocket Chat. The eight was on pol.is. The ninth was on Decidim. The tenth was on Mastodon. The eleventh was on BigBlueButton. The twelfth was on the video conferencing tool Jitsi. The thirteenth was on ProtonMail. The fourteenth was on Ghost, the headless content management system. The fifteenth issue was on DECODE. The sixteenth was on Parrot OS. The seventeenth was on Qubes OS. The eighteenth was on Open Drone Map. The nineteenth was on Zorin OS. The twentieth was on OBS Studio.
If you have any questions about these tools we’ve profiled, or suggestions/requests for tools that we should profile in the future. As always let us know. #metaviews
“Future Tools” is a recurring series in the Metaviews newsletter where we share some of the tools and concepts that you’ll need to protect yourself in the now and near future.
Finally here’s a tip from Crypto The Llama on how to secure your smart IoT devices like a HestiaPi: