this post was submitted on 17 Feb 2024
67 points (97.2% liked)

Privacy

31975 readers
239 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Is there a community specific to FOSS or just general privacy oriented IoT? With plenty of hardware discussion along with software. Routers, piholes, Meshtastic, anything IoT but open source. If it touches a network but you want it to do something it doesn't. Flashing a doorbell camera with FOSS firmware. Hosting media servers on your phones Hotspot. Loading gcode to a printer from anywhere. There are so many things and possibilities.

If there isn't someone should start one, OpenIoT or something catchy and relevant.

top 25 comments
sorted by: hot top controversial new old
[–] [email protected] 41 points 9 months ago (1 children)
[–] [email protected] 2 points 9 months ago
[–] [email protected] 15 points 9 months ago (1 children)
[–] [email protected] 2 points 9 months ago (2 children)

Kind of, there's a lot of relevant posts that would be good cross posts. But they really concentrate on just networking and software. Id like a place that's also a lot of hardware tinkering.

[–] [email protected] 1 points 9 months ago

I'm on mobile and autocomplete isn't available on this app, but there's some hardware specific communities. Also, this is Lemmy, I know that I appreciate cross-posting, so always do it when you can.

[–] [email protected] 1 points 9 months ago

The company behind Home Assistant also maintains ESPHome, so I'm sure hardware hacking conversations are welcome.

[–] [email protected] 12 points 9 months ago (2 children)

There is an entire ecosystem of open SoC devices, code, platforms, development boards, etc. One of the most popular is the ESP32/8266 boards, which is a pretty good place to start.

[–] [email protected] 3 points 9 months ago* (last edited 9 months ago) (2 children)

I know, Meshtastic is almost entirely built on esp32 devices. Where is the community for this ecosystem? If there isn't one on a widely federated instance there should be.

[–] [email protected] 4 points 9 months ago

Matrix(#meshtastic:matrix.org) and their forum

Also, meshtastic is not only esp32, but also nrf which is really cool

[–] [email protected] 2 points 8 months ago* (last edited 8 months ago)

There's also [email protected], but it's inactive at the moment.

[–] [email protected] 2 points 9 months ago (1 children)

A Chinese WiFi chip with binary blobs is about the farthest you can get from privacy, though. Or free software.

[–] [email protected] 5 points 9 months ago* (last edited 9 months ago)

That's fair, since it's possible these chips have some backdoored bootloader or something, I've never personally analyzed them with an electron microscope, but the architecture and wire traces are published, so you could start a chip fabrication plant and roll your own silicon.

The actual running code on them is usually GitHub hosted though, or you can write it yourself and just import the libraries you need, again usually from GitHub or the platform specific repositories.

If you're worried about Chinese chips in your open source though, I have some real bad news for you.

If you're using FOSS specifically as a control against Chinese spying, and not analyzing the commit logs of every package you download, I have more bad news for you.

[–] [email protected] 10 points 9 months ago

Home assistant, ESPhome and Tasmota form a core of this. The self hosting community also has a strong mindset towards security.

The stuff I self host is mostly because I don't trust the "free" services a lot of techies seem fine relying on. I've seen too many providers suddenly go belly up, and screw people over.

I also use defence in depth. The "S" in IoT stands for security.

[–] [email protected] 3 points 9 months ago* (last edited 9 months ago) (2 children)

Probably homelab/self-hosted communities, but you'll have to preface that you're focussing on the security aspect than the usability of the application/device. With that said, I'd like for the kind of community you mention to be big and have a lot of engagement but I think it's too niche even amongst niche communities like self-hosting.

With that said, the principles are largely the same. Netsec applies to everything that touches the network, FOSS or otherwise. If you're using Zigbee, you're going to have to read about RF and how to secure yourself (Zigbee uses symmetric encryption from what I've heard and I really don't like the idea). Funnily enough, when I had posed a question on RF privacy here I was ridiculed and downvoted, seemingly by a community that "cares" about privacy.

Yes, there's a lot of hypocrites here. Which is also another reason why you probably won't find much traction for the community you're thinking of. But I'll stop there.

Edit: I completely missed the HA, Node-red and OpenHAB communities, but you'll probably find them in other forums and not particularly active here other than Home Assistant

[–] [email protected] 7 points 9 months ago (1 children)

Your Https connections are also symmetric, so that's a silly thing to dislike.

The handshake and key exchange are asymmetric, and used to establish a symmetric session key.

ZigBee encryption is fine for the use case, because you're only adding devices you know are being added. You inherently trust that your physical ZigBee device is the device it claims to be.

There's potentially an opportunity to hijack the key exchange between devices at network join, but you'd have to approve the listening device to your network in the first place.

https://development.libelium.com/zigbee-networking-guide/security-and-data-encryption

[–] [email protected] 6 points 9 months ago (1 children)

Thank you for clarifying, and my apologies

[–] [email protected] 4 points 9 months ago (1 children)

No apology needed, one thing about security is that paranoia is good. One problem with security is that paranoia leads to assumptions and misinformation, rather than understanding.

Symmetric key encryption is much faster than asymmetric, and can use much larger keys with less compute penalty. So we use acPU intensive asymmetric TLS handshakes to safely exchange the keys, and then switch to the faster method for the data.

So when ZigBee use AES 128, you can be reasonably sure the data packets are safe. The next question to ask is "do they exchange their keys safely?"

Which in this case would be "no" if you just leave the ZigBee controller in pairing mode all the time. However, you only allow pairing when you want it, and only pair with devices you explicitly allow. Unauthorized devices never get your network key.

[–] [email protected] 1 points 9 months ago (1 children)

Could you tell me more about how secure the key exchange is?

[–] [email protected] 2 points 9 months ago (1 children)

Check the link I posted above, or you can look at the 802.15.4 wiki for an overview.

https://en.m.wikipedia.org/wiki/IEEE_802.15.4, scroll to the security section.

[–] [email protected] 2 points 9 months ago
[–] [email protected] 5 points 9 months ago (2 children)

Yeah I know about all those, but unless they're someone that's privacy oriented, most people end up using closed oem solutions. It's kinda weird how some people will get angry at people not using full open Linux, and then go and login to their ring account to check their door if the notification for their Amazon package is correct. I didn't want to say it was a niche in my post but it is, so I wanted to expand that.

I'll crack anything open to solder some jumpers to the rom(or more likely the existing open pin placements where they flash at the factory) and poke around or just fully flash hardware. Where are the other people that do this? It's both hardware and software skilled. Lots of software people, lots of hardwares people. There should be a community to connect and build FOSS systems.

[–] [email protected] 3 points 9 months ago

People like this usually hang around the microcontroller spaces since these people will almost always make a case with a 3D printer and order ESPs from Aliexpress and program their own device/install Tasmota or something. Some people maintain a happy medium with purchasing pre-built hardware and running FOSS on them, but IMO the real fun is when you do most of it yourself. Not discounting how good OEM hardware can be in terms of overall functionality, of course.

The downside to writing your own code is maintaining its security which is a pain though.

I don't think you'll find many people like the type you're looking for here outside of the few in the communities I mentioned previously. You'll have to look at other forums, unfortunately.

[–] [email protected] 1 points 9 months ago (1 children)

I am interested and also looking for good resources, buddies that do similar.... So if you find the spot or create something I could see myself in there. I like to hardware tinker, solder, flash tasmota to sonoffs31 plugs, esp3266, esp32.

[–] [email protected] 1 points 9 months ago (1 children)

I guess I could make it, but I have zero desire to be a mod. Maybe if I make it I could pass it off relatively quickly to someone relevant that wants to do that type of thing.

[–] [email protected] 1 points 9 months ago

Yeah I hear you on that.

Maybe just find a spot to start a conversation and see what comes of it. Maybe list a couple recent projects and what you want to do next. See what other folks are working on and If enough interest.

I'm currently working on some VLAN segmentation for IOT and have several IOT things blocked from accessing the Internet (like my network printer and some smart lights) (I run openHAB for home automation locally) , I also have some DNS blocking.

I have some USB logic analyzers and want to play with sigroc but haven't got around to that. Also built an oscilloscope and want to learn to use it more (might make a signal generator so I can use some known frequencies and such) to ensure the oscilloscope is dialed in.