Turning On the Lights at Sunset

How I use smart technologies in my own home.

Over the last few years, I’ve done some experimenting with smart home technologies. This article describes how I’m doing that and the principles I try to apply. I intend to update this article periodically.

• Updated 01 November 2020: Unifi Micro G3s, Arlo Baby (retired), Logitech Harmony, Homebridge on Raspberry Pi, Philips/WiZ, separate network for IoT devices, Pi-Hole. A few additions to ongoing research, and a few images of configuration added. It may soon be time to move this content to a different platform so it can be better organized and easily navigated.
• Updated 22 December 2019: RunLessWire Click for Philips Hue, Arlo Baby, Homebridge, Ecobee, Philips/WiZ
• Updated 10 January 2019: Nanoleaf, Philips Hue, Liftmaster MyQ
• First published 10 December 2018

Photo by Franck V. on Unsplash

Smart home technology gives new dimensions of control and automation — in theory — making daily life easier. Like any other tool, with new power comes new challenges. Smart home technologies are taking shape while the data economy matures, and the link between the two things is clear. Internet-connected devices in the home open up new opportunities for invasive data collection, similar to the practices for which social media companies are being hammered. As a consumer, protecting yourself and your data is expensive, both in terms of up front as well as ongoing costs. I’m lucky enough to be able to afford it, but we should be worrying a lot about those who cannot. It may only be a matter of time before this industry comes to a cultural reckoning as well.

I like technology, so I tend to try out new stuff when I can. Below you can find my approach to my smart home, including all the random insights I have for the various devices and software I use. I’m not a cybersecurity professional — so don’t take any of this as professional advice. I don’t (yet) look in detail at device transmissions to see where they go, whether they are encrypted, or what they might contain. I don’t try to hack my devices to do things beyond their intended design. I would describe my security approach as hammer-like, where security professionals would be more effective and surgical.

I’m publishing this for a few reasons:

• I need a place to track all my thoughts and observations.
• Perhaps what I have done can be helpful for others.
• Perhaps people smarter than I can suggest ways for my smart home to be better — not just more secure, but also have more capabilities.

Note: these quick links don’t appear to work any more, for reasons I haven’t investigated yet.I have left them in because they provide some visual cues of the section breaks, though perhaps I should insert banner images.

Jump to: Overview, Principles, Implementation Strategy, My Network, Devices I Have, Software I Use, Future Options and Ongoing Research

Principles

I’d like to say that these principles were laid out from the beginning of my experiments using smart home solutions, but they were not. For example, supporting physical and digital control was not something I paid attention to until more people began interacting with the home I manage.

• Limit involuntary data harvesting. It may not be possible to entirely prevent this, but device data is valuable (otherwise it wouldn’t be harvested), and we should have clear control over when and how it gets used. This data reveals real-time status as well as personal habits/trends.
• Avoid outside intrusion. Smart devices (or really any technology) under the control of malicious actors can be annoying at best and life-threatening at worst.
• Support both digital and and physical control. It’s fun to unlock your door with a smartphone, or automatically turn on the lights at sunset, but what if the power is out, the network is down, your phone doesn’t fit in your pajama pockets, or you have guests staying the night?
• Balance usability and security. High usability and great security aren’t mutually exclusive, but they are hard to come by. We’re willing to accept some known vulnerabilities and data harvesting if it means things are more usable, but there are limits.

Jump to: Overview, Principles, Implementation Strategy, My Network, Devices I Have, Software I Use, Future Options and Ongoing Research

Implementation Strategy

Reconfiguring my smart home to align with my principles took some careful planning. Here are some of the major choices I made; these influence my decisions about devices and software to use.

• Actively manage the network. I assume that devices transmit information about their functioning to outsiders, including the manufacturer, regardless of whether I register with a service that helps me use the device. I also assume that it’s impossible to disable these capabilities through their configuration. In order to meet the goal of limiting information leakage, I need to block their access to the Internet. Therefore, I must actively manage the network that they use to communicate. This involves making network configuration changes when adding, removing, or changing devices, as well as ongoing monitoring.
• Leverage Apple’s HomeKit Platform. Apple was late to the game and has fairly stringent requirements for “Works with Apple HomeKit” certification, so there isn’t as large an ecosystem of compatible products compared to other platforms. They also tend to be more expensive. Members of my household are iOS users, and Apple’s security requirements (including HomeKit) are documented and seem good. Finally, I want one control center (the Home app) in which the majority of devices can be monitored and controlled. If devices don’t work with HomeKit, they should have physical interfaces anyway.
• Use online/subscription services sparingly. Plenty of smart home solutions offer online services (usually free, with some premium services for a recurring fee) which augment the technologies installed in your home. But this also means you have given permission to them to collect data from your home. There’s already enough risk to just the devices in your home. Even if you trust your service provider and their terms of service sufficiently protect your privacy, that doesn’t mean they won’t be vulnerable to data breaches, or worse, become a vector to compromise the technology in your home. But there are devices for which no other choice exists, and services which provide good value for free or at cost.
• All devices must be configured. Smart devices, even if their digital capabilities aren’t being used, must be configured. Without being set up, some devices broadcast an open WiFi, or will pair with any requesting Bluetooth device — begging to be the victims of a drive-by takeover.
• IoT Devices must be on a separate, dedicated WiFi Network. Most of my smart home devices operate on the separate WiFi network from my computers/laptops/tablets/smartphones. To do this, the network must enable mDNS reflection, since HomeKit leans heavily on Bonjour services. Multicast DNS does not typically reach across multiple networks unless your network firmware can support it. This separate, dedicated WiFi Network prevents Internet access by default. In other words, if I want a device on this network to talk to the Internet, I have to explicitly make an exception to the no-Internet rule. This is more secure than the usual network setups which allow access to the Internet for all devices by default, unless you specify an exception to be blocked.

Jump to: Overview, Principles, Implementation Strategy, My Network, Devices I Have, Software I Use, Future Options and Ongoing Research

My Network

At the heart of a smart home is the network to which most of the devices connect. Most people will use a router supplied by their Internet Service Provider (ISP) or perhaps buy something with a few more capabilities from a local tech shop. My principles and implementation strategy above (and some not documented here) demand something more sophisticated, including support for inbound and outbound Virtual Private Networks (VPNs), port- and address- based firewalls, traffic shaping, and realtime/historic monitoring. After some research, I selected the Ubiquiti Networks Unifi platform. The management software is powerful and sufficient for my needs, but even more capabilities can be tapped by directly accessing device consoles. The formal and informal support communities are great, and I have consistently found answers to my questions.

• Unifi Security Gateway 3P. The network may be the core of the smart home, but the security gateway is the core of the network. It handles directing the traffic on my network, applying firewall rules, sending usage data to my management server (see below), and so on.
• Unifi Switch 8. This is a pretty simple switch with 8 ethernet ports. Any devices which require a wired connection (so few these days, thankfully) are connected into this switch.
• Unifi AP-HD. This WiFi access point is running four Wi-Fi networks on both the 2.4 and 5 Ghz bands. Its sole purpose is to bridge the wireless network to the wired network, so its useless without being connected to a network switch, in this case the Unifi Switch 8. It requires Power over Ethernet (PoE) to operate, and came with a power supplying adapter. This enabled me to run just an ethernet cable inside the walls to the location where I wanted to mount the access point — someplace central, fairly inconspicuous, and not near a power receptacle.
• Raspberry Pi. While it’s not technically network hardware, I’m putting it here because it’s become a central part of my infrastructure. The folks who maintain homebridge have a Raspberry Pi image, making it cheap and very easy to set up. The image also includes Pi-hole (an ad-blocking technology which I am experimenting with; see far below) AND the Unifi Network Management Console (though I have not yet migrated this from my Mac Mini Server). I started out using homebridge as an experiment, but have been very happy with it. See Software I Use for more details about this.
• Network Server. The hardware is actually an aged Apple Mac Mini Server (Mid-2010), onto which I installed Ubuntu Server 18 LTS. The main purpose of the server is to provide the management tool for the Unifi hardware (which is accessed through a web browser from any computer in the house, or even an iOS App). It also captures network utilization data so I can understand what all the connected devices are up to.

The Unifi Management Console

I periodically update all the firmware/software running on the above devices, as new security vulnerabilities are often found and fixed. This is especially important for the Unifi Security Gateway, as it is the direct interface between my house and the Internet.

When I install new smart home devices that connect by WiFi or ethernet, I use the Unifi management console to give the devices specific names (like “Left Garage Door” instead of the default “Liftmaster”). If I want to prevent the new device from accessing the internet (usually I do this after it is fully set up), I configure the network to always assign the same network address through DHCP, and then add that address to a group configured for blocking at the firewall. These changes take effect immediately, and without other impacts. Smart devices are currently allowed to talk to all other devices inside the network, though conceivably I could limit their communication to just those I designate as controllers such as the Apple TV.

Jump to: Overview, Principles, Implementation Strategy, My Network, Devices I Have, Software I Use, Future Options and Ongoing Research

Devices I Have

Here is a list of the hardware which is part of my “smart home” environment. It includes basically every type of thing on my network which isn’t a computer / laptop / game console / tablet / phone. If you are looking for something specific, these are in alphabetical order.

Amazon Dash Buttons
Why I have this: Nothing beats the convenience of pressing a button and having a 48-pack of toilet paper show up on your doorstep a day later. Also, the dash buttons are easily hackable for other purposes, though I have not (yet) tried.

Notes: Obviously these devices need WiFi connectivity and Internet access to fulfill their intended purpose. It’s pretty cool that they can be configured by using sound, though I am entertained by the thought of entire neighborhoods having their windows break while a hacker drives around in a van with PA speakers blasting the reset noise. There are some Homebridge plugins that can detect when you press a dash button and trigger HomeKit actions. They are all somewhat dangerous in that they require Homebridge to run with elevated privileges (for WiFi traffic snooping), so it might make sense to do this on a standalone computer. While I do use Homebridge, I do not use this plugin.

Connection: WiFi
Internet access: Yes
HomeKit integration: No

Apple TV (4th Generation)
Why I have this: Years ago, I started streaming video with a Roku, then moved to a Chromecast. Sure, I also bought a Vizio Smart TV, but the app ecosystem, capabilities, and support seem better for standalone devices.

Notes: The Apple TV (or an iPad, or a HomePod) acts as a hub for the HomeKit solution, particularly important if you want to view/control things remotely or invite others in the household to do the same.

Connection: WiFi
Internet access: Yes
HomeKit integration: Yes (direct)

Arlo (Netgear) Baby (Retired)
Why I had this: This camera allowed us to i̶n̶v̶a̶d̶e̶ ̶o̶u̶r̶ ̶i̶n̶f̶a̶n̶t̶’̶s̶ ̶p̶r̶i̶v̶a̶c̶y̶ make sure they’re okay without having to leave the couch. It is a well-reviewed camera with automatic infra-red/night vision, clear audio, and other nice features. It was one of a small handful that claimed HomeKit compatibility.

Notes: We continued to have issues with the HomeKit integration and despite blocking the camera from talking to the Internet, I still wasn’t a fan of the cloud services. After having a separate success with the Unifi Micro G3 + Homebridge, we decided to retire the Arlo and replace it with a second Unifi Micro G3.

I initially set up this camera using the Arlo app, which integrates with Netgear’s cloud platform to capture video clips for events like motion or environmental changes. It’s very data-leaky, but we lived with it. I disabled all events and tried my hardest to make sure the video stream never left the house, but as far as I could tell the Arlo app activates streaming up to the cloud and back down to the watcher every time we used it. Video monitoring through HomeKit frequently suffered from connection failures and we usually had to fall back to the native Arlo app. One day I went into the Arlo app, deleted the camera, then physically reset it back to factory defaults and just connected it through the HomeKit app. This worked much better from a performance and security perspective, and I was able to still watch video once I blocked the camera from having Internet access. Video can still even be streamed remotely, because it is being routed through the Apple TV. O̶n̶ ̶t̶h̶e̶ ̶d̶o̶w̶n̶ ̶s̶i̶d̶e̶,̶ ̶I̶ ̶c̶a̶n̶ ̶n̶o̶ ̶l̶o̶n̶g̶e̶r̶ ̶a̶c̶c̶e̶s̶s̶ ̶i̶t̶s̶ ̶t̶e̶m̶p̶e̶r̶a̶t̶u̶r̶e̶/̶h̶u̶m̶i̶d̶i̶t̶y̶/̶a̶i̶r̶ ̶q̶u̶a̶l̶i̶t̶y̶ ̶s̶e̶n̶s̶o̶r̶s̶,̶ ̶n̶o̶r̶ ̶c̶a̶n̶ ̶I̶ ̶c̶h̶a̶n̶g̶e̶ ̶t̶h̶e̶ ̶f̶i̶e̶l̶d̶ ̶o̶f̶ ̶v̶i̶e̶w̶ ̶l̶i̶k̶e̶ ̶I̶ ̶c̶o̶u̶l̶d̶ ̶i̶n̶ ̶t̶h̶e̶ ̶A̶r̶l̶o̶ ̶a̶p̶p̶.̶ A firmware update (1.9.808) now makes temperature/humidity/air quality sensors available in HomeKit, along with the ability to control the tiny full-color nightlight in the rear. Bottom line: the camera does not work well if it’s configured through both the Arlo/Netgear cloud platform and HomeKit at the same time.

Connection: WiFi
Internet access: No
HomeKit integration: Yes (direct)

AudioCast M5
Why I have this: I have a set of old M-Audio StudioPro 3 speakers in my kitchen, and I wanted listen to music on them through Airplay. There were very few options on the market to fill this need.

Notes: I like this device a lot, but very quickly after I purchased it, Apple introduced Airplay 2, which supports multi-room audio. So far there hasn’t been a firmware update to support Airplay 2, so I’m continuing to use Airfoil for my whole-home audio needs. Airfoil can send audio to the AudioCast, but there is something odd about the playback speed which causes the AudioCast to be fall out of sync with the rest of the devices, and no amount of adjusting the Airfoil advanced speaker options can fix it. On the upside, it functions perfectly well while communication with the Internet is blocked. The companion app is a possible vector for data leakage, but I only ever use it to see if firmware updates are available.

Connection: WiFi
Internet access: No
HomeKit integration: No

Ecobee 3 Lite
Why I have this: Our mechanical thermostat seemed like it was going a little wonky, and it was frustrating to switch it back and forth from cooling during the day to heating at night as the seasons changed. I wanted a HomeKit-compatible thermostat. I opted for the Ecobee 3 Lite because it didn’t include Amazon/Alexa, though it also doesn’t support humidity control — not an issue for the moment but I plan to put a humidifier into the central air system in the future. When I do, I can switch this thermostat to the secondary air conditioning system since that’s for cooling only.

Notes: I was nervous about installing this because my central air system seems quite aged. But the instructions were excellent and I didn’t need to pull any new wiring. Although thermostats prefer 5-conductor (or more) wiring, my system only needed and had a 4-conductor wire, and the Ecobee came with an adapter (which you install adjacent to the system’s controller board) to address this. I’ll eventually replace the 4-conductor wire with something more suitable so the next thermostat can also control a whole-home humidifier.

Ecobee has some features which require connecting it to their cloud platform — it can provide analysis of system performance vs weather conditions, give you a heads up with something may not be working as well as it should, and display the outside temperature. Instead, I blocked the ecobee from talking out to the Internet, and aside from a cloud icon with a question-mark over it, it works just fine.

Connection: WiFi
Internet access: No
HomeKit integration: Yes (direct)

Google Chromecast (1st Generation)
Why I have this: I’m bad at throwing away old things that are still useful. Originally this was for streaming Netflix and other video apps to my television, because it was (and still is) far more comfortable to watch movies on my couch than at my computer desk. Currently this is connected to a TV in the guest room, where our guests (who are often Android users) can use it to stream their own media if they desire.

Notes: Of course this device is leaking data about what I watch, when, and for how long. Since it is associated with my Google ID (a requirement when you use the Google Home app to configure it), I like the idea that my guests are helping me send signals that confuse the algorithmic advertising automatons about my personal preferences.

Connection: WiFi
Internet access: Yes
HomeKit integration: No

Hatch Baby Rest
Why I have this: It was a gift, but a white noise machine and soft light was something we wanted to help them feel more comforted when sleeping in the crib.

Notes: You can use the Rest by interacting with the buttons it has, but it’s much easier to control with a smartphone. You cannot use smartphone control unless you register for an online account with Hatch. Hatch’s terms of service say the smartphone app provides them with data about the Rest’s usage. I suspect it’s possible to make a Homebridge plugin, assuming the server it runs on has modern enough Bluetooth hardware.

Connection: Bluetooth
Internet access: No
HomeKit integration: No

iHome SmartPlug
Why I have this: I want to control decorative lighting, like string lights, and perhaps lamps without smart bulbs. I’m also interested in seeing whether controllable receptacles can reduce overall vampire power, despite needing to draw some power themselves. Perhaps I will also use it when I need to end my kid’s video gaming session involuntarily, though I suspect it will lack the dramatic flair of digging around to triumphantly disconnect a power cable.

Notes: Easy setup right from HomeKit. There is a native app but beyond HomeKit’s capabilities, it’s really only useful for firmware updates. Firmware updates aren’t particularly intuitive, either. The native app might also collect and transmit usage data. It has a feature called “Power State History”, which I assume is a log of on / off events, but registration to iHome’s cloud service is required. I have not registered. Once this device was up and running on the WiFi, I blocked its Internet access and it continued to work normally.

Connection: WiFi
Internet access: No
HomeKit integration: Yes (direct)

Kwikset Premis Lock
Why I have this: I needed a new lock for the front door. I also wanted to be able to give access codes to people who routinely come and go from the house, including myself. It provides three digital and two mechanical ways to lock and unlock: use the touchscreen keypad, use the native app, use HomeKit, use a key, or turn the knob (if you are inside). It meets all the principles I established (see the beginning of this article).

Notes: To maintain aesthetics, I bought more than just the lock — I also bought matching door handle hardware. The leading complaint about the lock, a short battery life, has some legitimacy. I’m getting better performance than others seem to be — it showed 50% remaining after three months of use — but I’m also trying to use the physical controls, especially when inside the house. HomeKit integration only supports checking the status and locking / unlocking. In order to check battery level or configure access codes, the Kwikset app is necessary. (The lock will also flash an LED when the battery is critically low.) The native app can also show a history of lock/unlock events, including who did them if an access code was used on the touchscreen. It’s possible the app relays data from the lock to the cloud, but it didn’t require any registration or personally identifying details.

Connection: Bluetooth
Internet access: No
HomeKit integration: Yes (direct)

Leviton Smart Switch and Dimmer with HomeKit Technology
Why I have this: I’ve been systematically replacing all the old outlets and switches in the house — most without smart capabilities. In keeping with the principle of controlling stuff in the house both physically and digitally, I’m experimenting with these switches and dimmers to control exterior and interior lighting. I’ve also set up HomeKit’s scheduling capabilities to turn the lights on before sunset, and turn them off when I give the “good night” command to Siri.

Notes: Since most wall switches are used to control lights, ceiling fans, and the occasional receptacle, there’s an interesting dilemma for smart homes: do you smart-enable the bulbs, the fixtures, or the switches? I’ve been leaning towards the bulbs, since that allows for color lighting. But there are places where you’re less likely to want that slick purple lighting — basements, closets, and utility rooms come to mind — and so switches and dimmers would work well for those situations. They are a more cost effective solution unless the switch only controls a single bulb — especially compared to the price for Hue color bulbs. I like the feel of lights that fade-in/fade-out rather than instant on/off, which is a neat feature of the dimmers.

Connection: WiFi
Internet access: No
HomeKit integration: Yes (direct)

Liftmaster Garage Door Opener + Liftmaster MyQ Homebridge
Why I have this: I needed to replace the previously installed opener. Manually opening and closing a garage door isn’t fun. The Homebridge device (not to be confused with homebridge software, which I also use) serves as a link between HomeKit and my garage door opener. It allows HomeKit to both check the status of the garage door, as well as send it commands to open and close.

Notes: The built-in WiFi capabilities of the 8550W series allow the opener to be connected via the internet to Liftmaster’s cloud infrastructure (similar to Samsung’s SmartThings). Using a mobile app, also logged into that cloud platform, allows you to check door status and control it. I assume, therefore that Liftmaster or Chamberlain (Liftmaster’s parent company) collects and retains this data. While I’m sure they try hard to keep it secure, it’s more realistic to expect they will suffer a breach at some point. I’m not interested in data which reveals personal habits being in anyone else’s hands. Not to mention their cloud platform can send commands to open or close my door. Garage doors (more specifically, their remote controls) have a long history of insecurity, and I am waiting for the day everyone’s WiFi-connected garage doors open on their own at the same time. For now the door opener is configured for my WiFi, but blocked from Internet access. For HomeKit support, there is a Homebridge plugin, but it simply acts as a pass-through back to Liftmaster’s cloud platform. However, the HomeKit bridge hardware is very useful; it has to paired with the garage door opener via standard “learn” functionality. It acts like a standard garage remote control, but instead of physical buttons, status checks and open/close commands can happen via HomeKit. It too is connected to the WiFi, and its connection to the outside world is blocked.

Connection: WiFi
Internet access: No
HomeKit integration: Yes (via MyQ Homebridge)

Logitech Harmony Companion
Why I have this: I have several components in my home entertainment center with IR-remotes, and year ago, I wanted to consolidate them. I could have gone with a more classic learning IR-remote, but The Harmony system can also control some of my Hue lights, though I rarely use it for that any more.

Notes: The Harmony hub requires Internet connectivity to function properly, and online registration is required. This means it is probably leaking usage data — especially because Harmony standardizes high-level activities like “watch TV” or “play a blu-ray disc”, so data could be collected about time spent in each activity regardless of what devices you are using it to control. There is some debate on the Logitech forums about the need for connectivity, of course. I don’t use the Harmony native app very often, but it is necessary for changing the configuration. It’s very convenient, so for now I’m willing to accept the data leakage. Maybe I need to automate enabling and disabling Internet access every time I want to change the configuration.

T̶h̶e̶r̶e̶ ̶a̶r̶e̶ ̶a̶ ̶f̶e̶w̶ ̶H̶o̶m̶e̶b̶r̶i̶d̶g̶e̶ ̶p̶l̶u̶g̶i̶n̶s̶,̶ ̶s̶o̶ ̶p̶e̶r̶h̶a̶p̶s̶ ̶i̶n̶ ̶t̶h̶e̶ ̶f̶u̶t̶u̶r̶e̶ ̶I̶ ̶w̶i̶l̶l̶ ̶e̶x̶p̶e̶r̶i̶m̶e̶n̶t̶ ̶w̶i̶t̶h̶ ̶t̶h̶o̶s̶e̶ ̶t̶o̶ ̶l̶i̶n̶k̶ ̶t̶h̶e̶ ̶H̶a̶r̶m̶o̶n̶y̶ ̶w̶i̶t̶h̶ ̶H̶o̶m̶e̶K̶i̶t̶.̶ homebridge-harmony is a really great plugin which can perform all the basic functions I want. In my configuration, there is a “switch” in the Home app for every activity I want to do. I also have the equivalent of a power switch which can be used to turn off my home entertainment center.

Connection: WiFi
Internet access: Yes
HomeKit integration: Yes (via homebridge and homebridge-harmony)

Nanoleaf Aurora
Why I have this: Supporting my exploration of smart lighting, my father bought the starter kit for me. The panels have interesting animation sequences, can respond to sound, and are more of an attention-getting centerpiece rather than other smart lighting which fade into the background to create colorful ambient spaces.

Notes: Basic on/off switching, global color and brightess control, and scene-setting can be done through HomeKit, but more advanced capabilities such as configuring animations and color schemes (e.g. scenes), must be done through the Nanoleaf iPhone app. The controller has a REST API which I’d like to experiment with for even more customization. Configuration through the native app or through HomeKit requires it to be connected to my WiFi network, but it functions perfectly well without Internet access. Firmware updates are handled through the iPhone app.

Connection: WiFi
Internet access: No
HomeKit integration: Yes (direct)

Philips Hue 2nd Generation Smart Bridge
Why I have this: I don’t have Hue lighting everywhere in the house, but it’s slowly taking over. Hue lights don’t operate on WiFi; they use zigbee, so the bridge serves to connect the lights with the various controllers on the network including iPhone apps, the Harmony Remote and HomeKit/Apple TV. I had the 1st generation smart bridge, but it did not have HomeKit support, so I upgraded.

Notes: The bridge works just fine even though I blocked its direct communication with the Internet — although it grumpily flashes one of its status LEDs to complain. Firmware updates for the bridge can be done through the Hue iPhone app, so it’s good to run that every so often and apply any new versions, but doing so may be allowing usage data to leak. Firmware updates for the lights now seem to require the bridge to have an active internet connection, so I will intermittently grant temporary permission. The Hue bridge is not associated with an online account, nor is the iPhone app logged in.

It doesn’t handle syncing scenes and rooms with Homekit very well, but this hasn’t been an issue as long as I remember not to chase down every alert badge in the Hue iOS app.

Connection: Ethernet
Internet access: No
HomeKit integration: Yes (direct)

RunLessWire Click for Philips Hue
Why I have this: “Support both digital and and physical control,” one of my principles. While designed to work in tandem with Hue bulbs, with the integration to the Hue Bridge and HomeKit, these switches can also control a lot of other devices. They install into standard electrical gang box slots, but can also be stuck to the wall. They also adhere to my preference for decora-style switches, receptacles, and faceplates.

Notes: Setting up these devices was very easy using the official Philips Hue app, but additional configuration options such as transition times and individual bulb control (vs. only rooms in the official Hue app) are available using iConnectHue and Home/HomeKit.

Connection: ZigBee (via Philips Hue Bridge)
Internet access: No
HomeKit integration: Yes (via Philips Hue Bridge)

Samsung Range
Why I have this: We needed a new stove for our kitchen. I wasn’t that interested in the online capabilities, although being able to tell whether the burners and oven are on and remotely shut off the oven do have a small appeal.

Notes: I severely dislike the lack of security of this product, and we don’t use it. Without being configured, this Samsung Range broadcast an open WiFi for anyone to join, and using the Samsung SmartThings app, could have taken control of it. In order to configure it, you must the SmartThings app, which means you must register for an account. I had endless trouble doing so because “samsung” can’t be used as part of the email address for registration, but the error messages in the app didn’t indicate that. I discovered it when I went to register through their website instead. Second, to use the SmartThings app to monitor or control the range you must allow the range to talk to the internet; the app and the range only work through Samsung’s cloud platform, which means they are always collecting your data. Finally, there is no native HomeKit support (because the SmartThings platform is a competitor), so the only way to tie them together is to use something like Homebridge and Tonesto7’s SmartThings plugin. Thus, it is connected to my WiFi, but cannot communicate with the rest of the world, and we don’t use the smart features at all.

Connection: WiFi
Internet access: No
HomeKit integration: No

Ubiquity Unifi G3 Micro
Why I have this: With my older child moving out of the nursery to make way for the second child, I wanted another camera, and I was dissatisfied with the Arlo Baby.

Notes: It took a while, including experimenting with configurations, a few camera firmware updates, and a few updates to the homebridge plugin before I could reliably view the video in the Home app. To be honest I’m not sure what finally made it work. The three key changes I made were:

• reducing the bitrate/fps settings to ~3mbps/15fps

Screenshot of the camera streaming configuration

• configuring the video codec to be h264_omx (to take advantage of the multimedia extensions built into the Raspberry Pi 4 CPU)
• reversing the video and audio stream channels

Screenshot of the homebridge_camera_ffmpeg plugin settings

Connection: WiFi
Internet access: Yes
HomeKit integration: Yes (via homebridge and homebridge-camera-ffmpeg)

Verizon FIOS Quantum Gateway
Why I have this: It’s not really a smart home device, but it is what most Verizon FIOS customers have as their WiFi/Internet router. I’ve included it because it’s still connected to my network, though I would happily have gotten rid of it since the Ubiquiti gear replaces it for Internet access. However, Verizon set top boxes (for TV) require a MoCA (not Ethernet or WiFi) connection to provide the channel guide and on-demand services from the Internet.

Notes: The Quantum Gateway provides an Ethernet-to-MoCA bridge. There are several ways of configuring this; I simply connected the Gateway’s WAN ethernet port into my own network switch and used the Gateway’s management console to disable all its WiFi networks. If I want to make configuration changes to this router I have to plug my laptop into it directly. This setup also means Verizon can’t push any patches or updates directly to the Gateway, but since it’s not my front line of defense, I’m not as concerned. The set top boxes check for updates on their own, automatically.

Connection: Ethernet
Internet access: Yes
HomeKit integration: No

Jump to: Overview, Principles, Implementation Strategy, My Network, Devices I Have, Software I Use, Future Options and Ongoing Research

Software I Use

Not all smart home technology is hardware.

Airfoil
Why I have this: My music library has been 100% digital for many years, and I wanted whole-house (back when my house was a two-room apartment) audio. Solutions for doing it over WiFi were hard to find and very immature. Now that I have a larger home, I have no intention of running audio cabling all over the house.

Notes: I’m not entirely comfortable with hardware (TVs, amplifiers, speakers, etc) that have embedded digital streaming capabilities or Internet connectivity, since technologies and protocols change all the time. Not to mention that they might share usage data without consent (looking at you, Vizio!). I’ve had my current amplifier for nearly 20 years and it still works great.

Centriq
Why I have this: Maintaining a house involves keeping track a diverse array of appliances, each with their own maintenance requirements. I wanted an app in which I could record what appliances I had, and have it give me reminders when I need to do maintenance. Centriq is a great app that brings all the appliance manuals into one place and in some cases can be a marketplace for replacement parts or maintenance/repair services. It’s still growing, and it’s pretty clear that behind the scenes real people are still building the library. U̶n̶f̶o̶r̶t̶u̶n̶a̶t̶e̶l̶y̶,̶ ̶i̶t̶ ̶d̶o̶e̶s̶n̶’̶t̶ ̶g̶i̶v̶e̶ ̶m̶e̶ ̶m̶a̶i̶n̶t̶e̶n̶a̶n̶c̶e̶ ̶r̶e̶m̶i̶n̶d̶e̶r̶s̶,̶ ̶w̶h̶i̶c̶h̶ ̶w̶o̶u̶l̶d̶ ̶v̶a̶s̶t̶l̶y̶ ̶i̶n̶c̶r̶e̶a̶s̶e̶ ̶t̶h̶e̶ ̶v̶a̶l̶u̶e̶ ̶f̶o̶r̶ ̶m̶e̶.̶ They now support maintenance reminders, though I have yet to use this feature.

Notes: Registering an account for the app required me to put in my city, state, and zip code, but did not require my address. One of their business models is probably selling aggregated data on the distribution and use of appliances to manufacturers, retailers, and everyone in between. I could use a generic task management or calendar tool for reminders, but ultimately I’m was looking for something more integrated that not only includes the nudge to do the work, but also tells me what replacement parts I’ll need and instructions on how to do the maintenance.

Home (Apple)
Why I have this: The Home app is the main way to control HomeKit-compatible devices. It’s also the primary way I add, change, or remove devices. However, I use the Eve iOS app to program my more sophisticated automations — these automations are capabilities built into the HomeKit platform, but not available directly in the Home app.

Notes: The distinction between the Home app and the HomeKit platform is subtle but important. HomeKit is the underlying technology and a set of standards that power the Home app, but other apps can be used also. For example, the Leviton app connects to HomeKit to help manage all the Smart Switches and Dimmers you have, and provide more advanced configuration options (such as dimming speed and electrical load type).

Homebridge
Why I have this: A few plugins are useful to support home automation, specifically:

• homebridge-dummy, a virtual switch accessory. This is, surprisingly, really useful for supporting automations and “states” upon which I can base automation rules. For example, I have a dummy switch called “night mode”; human-controlled lighting in the house behaves differently when that switch is turned on.
• homebridge-unifi-occupancy-sensor monitors my network for the presence of specific devices and tells HomeKit whether or not anyone is home. We use this in combination with rules to close the garage doors and lock the front door when no one appears to be in the house.
• homebridge-harmony connects with my Logitech Harmony remote system, allowing me to turn on activities from the Home app, or shut off the entertainment center when I go to bed.
• homebridge-camera-ffmpeg connects to the RTSP streams of my Unifi G3 Micro cameras, and transcodes them into encrypted video streams which can be viewed in the Home app.

I am also developing my own plugin for WiZ (Philips) lights which I plan to publish in the near future.

Notes: I started out experimenting with homebridge just for curiosity’s sake, but my home automation has become dependent upon it to work smoothly. I’m writing a separate article about how I’ve set up my automations, which I’ll hopefully publish in the next couple of weeks.

Finally, I was reluctant to start using homebridge’s configuration UI, but it is awesome and does a great job. I also love that they are providing a plugin verification service. These tools are pushing homebridge to be a powerful addition to the smart home universe.

A screenshot of the homebridge configuration UI’s status screen, showing various metrics of system performance and a device event log.

Jump to: Overview, Principles, Implementation Strategy, My Network, Devices I Have, Software I Use, Future Options and Ongoing Research

Future Options and Ongoing Research

Here you can find some of my ongoing thoughts on stuff I am either experimenting with, want to try, am looking for inspiration, or just simply thinking about.

Pi-hole
I’m currently testing Pi-hole on a few devices to see how it impacts internet access and usage. Pi-hole attempts to provide an ad-free browsing experience by filtering out web addresses known to provide ads or other tracking. Setting it up requires some basic networking knowledge, particularly DNS and DHCP.

The key challenge with Pi-hole is it’s all-or-nothing approach. You can’t easily temporarily disable it (though there is a Firefox plugin which claims that ability), and you have to log into the administration console to manage exceptions to the block lists.

I have found the blocking to be somewhat effective, and it has blocked stuff which I actually needed in order to do my day job. It’s my opinion that tools like this still need to be used in conjunction with browser ad blockers and other privacy tools.

WiZ / Philips Lights
In a fascinating move which either undercuts their Hue line, or allows them to better compete with other WiFi lights such as LIFX, Philips introduced the WiZ line of products in the United States. Thanks to their comparatively affordable pricing, I have picked up a few different bulbs and have been experimenting with them. The WiZ lights don’t integrate with HomeKit, but instead have their own iOS/Android app. They are also connected to the WiZ cloud through the MQTT protocol, which in some situations is vulnerable to hacking. The homebridge-wiz-lan plugin works well for the color bulbs but the author of the plugin has said they don’t plan to provide broader support for dimmable or tunable-white bulbs. They also said their code is probably inefficient when it comes to managing large numbers of WiZ bulbs on a network. I have been writing my own homebridge plugin, including bulb auto-detection and automatic type recognition, but have not yet been happy enough with it to put it out there — I don’t even run my own home WiZ bulbs using it.

Motion Sensors
I’m not particularly interested in the home security aspects of motion sensing, but there are some places in the house that could benefit from motion-activated lighting. Bathrooms, hallways, closets, and a few other spots come to mind. I’m interested in sensors that can have either digital or physical masks to avoid being activated by movement outside the intended area of coverage, but I suspect much of this concern could also be reduced by careful sensor placement. There are a number of battery-powered wireless sensors available, though I would probably prefer something wired and more subtle. There’s also the “creep” factor to consider — the native apps which support these devices offer insights (a.k.a. data collection and analysis), and there for the opportunity for serious data leakage.

In the meantime, my homebridge-unifi-occupancy-sensor is essentially a whole-home sensor.

Visual Presence Indications
My homebridge-unifi-occupancy-sensor is currently set up to monitor a simple question — is anyone home? But I’d like to take that to a deeper level. Currently there is just one occupancy sensor for the house, but what if there were one for each resident? Those could be linked to automation rules, allowing, certain lights by the front door to be on/off, or even a simple Weasley-style clock by the front door.

Visual Weather
Similar to presence indications, what if devices like the NanoLeaf Aurora could display current and forecasted conditions. Some panels could display blue to red colors, showing the next few 12-hour cycles. Others could be yellow for sunlight, dim white for cloudy, or icy blue for snow.

Smart Vents
Over the last few years, there have been a few of these products to hit the market. There is some debate on whether they can reduce the performance or damage a central air system. However, my current system seems either poorly designed or under-powered to reach all the areas of the house it should. Smart vents may be an answer to this, by ensuring air from the central system is first directed to areas of the house that are likely to be occupied (either because of motion sensors or just habits and scheduling).

Full-time VPN for Privacy (and content restriction)
Your Internet Service Provider (ISP) collects tons of data about your Internet traffic. Unencrypted web traffic is also vulnerable to ad injection and more. Unfortunately, recent regulatory changes make it easier for ISPs to sell customer browsing habits to third parties, without consent. In the context of smart home technologies, from simple monitoring of traffic to what kind and how many devices you have (if you have an ISP-managed router) leave a lot of data in hands beyond your control.

One solution to this is to use a Virtual Private Network (VPN), taking all the Internet traffic that goes in and out of your home, and sending it through an encrypted tunnel to somewhere else that you trust, so your ISP sees none of it. I’ve been keeping an eye on this comparison chart for VPNs. In particular, Perfect Privacy may be my option of choice, because they also offer a content filtering service. There are some significant considerations to using a full-time VPN, the biggest one being that Netflix and other streaming services block them.

Secure Mobile Device Traffic
It isn’t just my house that needs more secure internet access; our mobile phones do too. The same concerns about household ISPs also apply to mobile phone service providers, not to mention all those free open WiFi networks at hotels, libraries, coffee shops, airports, and so on. I currently use ExpressVPN for safety on open WiFi, but I’m not yet shielding my normal traffic from my mobile phone provider. If I’m going to implement a full-time VPN at home and I have the network equipment to support it, why not permanently VPN the smartphones through the house network?

WiFi-enabled Circuit Breakers
All this smart home work requires fiddling with the circuit breakers. Each new fixture, switch, or receptacle installation requires multiple trips to the circuit breaker panel. The only breaker you’d probably never switch on/off remotely would be the one that powers your WiFi router. Imagine being able to quickly detect electrical faults and get data about them. Add in the ability to monitor power consumption on a per-circuit basis; you’ll work more effectively to increase energy efficiency. Combine that with real-time power cost data, and you can have a smart home that automatically minimizes grid load during expensive peak times. As of yet, there aren’t many residential consumer products to do this, although Leviton’s new Load Center looks like it could be interesting — although you can’t turn a circuit back on remotely.

IPv6
The United States has not been quick to adopt IPv6, and while it’s certainly better for the long-term health of the Internet, ISPs have not really been doing so aggressively. My network hardware supports IPv6 already. Assuming there are IPv6 benefits I want to take advantage of, the best option at the moment seems to be creating an IPv4 tunnel (similar to a VPN, but not as secure) via Hurricane Electric. However, it’s not clear if their platform collects data about network activity.