from jkaczman@lemmy.zip to selfhosted@lemmy.world on 24 May 21:22
https://lemmy.zip/post/64934975
Hey everyone,
We’ve built an open-source, privacy-preserving alternative to Ring cameras using a Raspberry Pi Zero 2W (called Secluso). It uses end-to-end encryption to send videos from the camera to a mobile app, which is available both in Google Play Store and Apple App Store. We also support Obtainium for people that do not wish to use Google Play.
We’ve put in a lot of effort to make it easy to set up! You can set up our camera on your own Pi in less than 5 minutes with minimal technical expertise using our easy-to-use GUI deploy tool. Here are our setup guide and open source release.
The image shows a Pi in an official Raspberry Pi enclosure that you can use for your camera. We’ve also been working on a HAT for the Pi to add night vision, audio, temperature monitoring for safety, all in a compact form factor. You can see the HAT and an enclosure for the whole camera in the photo.
We’ve been working on this for almost 2 years now, and we look forward to we look forward to seeing what you all think!
#selfhosted
threaded - newest
sus
Just out of curiosity, why?
GitHub content, profit website, automatic over air updates, content like “Earn $5 in Secluso credit for every qualifying referred pre-order.”
Just sounds like not actually secure marketing itself as super secure.
I could dig more, but i don’t care much.
Edit: also how super fast they commented on your comment with a copy paste answer. Or just a bot
Hi kibblebits,
I pulled the links from the cloud camera controversies page from our website. We already had them compiled there. I didn’t pre-write any answers. And you can see from our GitHub history that we’ve been around for over a year and a half, and that we’re real people. Not bots.
Our automatic updates rely on immutable releases, ensuring that we can’t pull them back to try to hide something malicious. Additionally, we have reproducible builds, proving that the binaries / deploy tool / OS were derived from our codebase.
Everything is self-host able, you do not need to pay us to get anything working. Our plug and play camera is completely optional, we’re using it to help support our open source efforts and provide something that benefits the community.
Your audience is people who don’t want a corporation involved in their cameras yet you’re trying to start a corporation who is involved in their cameras. You should prepare yourself for significant pushback.
There certainly would be a market for a network camera ecosystem provided by a company that people can trust. I don’t think it has to be all or nothing, plenty of people really are in no position to self-host.
I’m not sure if there is anything out there that regular consumers currently could migrate to in case they want to get away from questionable companies. There are completely local systems (local recorder, no remote access), but those are lacking the home automation features / notifications, and well-respected brands that have been around (let’s say, Axis?) that are still closed source, not cross-platform and with pricing often not aimed at end customers.
I didn’t check out this project, so I’m certainly not saying this is it and there habe been various criticism of this particular project here, but I’d love if a decent project would emerge in the space.
Would you consider using a managed cloud solution + app if it’s open-source and properly end-to-end encrypted? How would a hypothetical company have to behave to be trustworthy, while still being allowed to profit? People here seem to like e. g. tuta.io for encrypted mail, I don’t see why a similar model could not work for network cameras.
These are genuine questions btw., I myself am really annoyed at the status quo with its data breaches, blatant lies to customers about encryption, and corporations willfully cooperating with fascist governments by proactively providing video data. I’m not even going to talk about AI training.
I would consider someone making a system that would run on a VPS and made zero external connections in regard to the camera software.
The problem is auto updates, telemetry, how they probably require a phone app when a web browser is 100% capable. Did I compile that phone app myself? No.
Most people don’t even know what to look for. Poor education. 🤷♂️ it’s too hard to help them. They should just get a local closed circuit system. It’s just about Amazon packages anyway
Hi kibblebits, please see below!
We’d be happy to add an option to disable auto update in our next release.
If you have any other ideas for features we can add or changes we should make, please let us know.
What date is your hardware shipping? The exact date.
You can’t expect them to give away free Pi and cameras, you jerk
Open source hardware companies sell hardware. Are you surprised?
You’re purposefully not paying attention because you want them to not be shady.
Agreed, it’s all very commercial. It’s nice that there’s a way to run it self hosted but in that case I prefer something like LightNVR.
Yuuup some red flags going on. “Look at all these possible controversies and doubts you may have! We already have the answers because we really want you to use this product!”
At least with other cameras they may be stealing my data and selling it but at least I can join a class action lawsuit and get some free credit monitoring out of it.
Right, I was just thinking about that. These two people, allegedly, are going to sell hardware and software and cloud storage in an industry that could very easily sue them… ehhhhhh. It doesn’t seem too thought out.
Typically these things try to make a huge separation between the code and any actual hardware or cloud service etc.
“We are super not looking at the videos you upload to our private cloud that is definitely not audited”
I think they’re just a privacy-focused startup that just wants to make a living off their work
And that makes them a corporation that cannot be trusted. Because if they have any data or access in any fashion… it’s not actually private.
And from what I can see it’s two people? Who are they. I want to know where they live and how they vote. It’s a lot of faith in the very very unknown. How will they handle government data requests?
You can already run DietPi and cam software for a very secure camera setup on your own for like $40 per camera (I dunno about price hikes lately)
Matrix. Bitwarden. Nextcloud. There are many examples of open-source, self-hosted applications that have for-profit companies that offer to host them for you as a service. Now if you use one of those Nextcloud providers to store your notes, can that providers read all your data? Of course. But for people who don’t want to self-host, it’s often a more trusted option than Google.
You’re not listening.
And… people are now wondering just how fast Bitwarden can speedrun late stage capitalism with recent changes. And realizing just how much data Bitwarden Corp actually has.
We go through cycles of this. Company A is bad but Company B is good… and it is almost always based on marketing. Google used to be AMAZING because “do no evil” and “they gave me a bunch of gigs of email storage!”.
Hell, some of us might be old enough to remember when Spideroak was the bee’s knees and totally secure… until people started realizing there were issues with what they were saying. They have no copies of your encryption key… but you can recover your password. And then there was the brief debacle where people realized they could download any file they had the hash for. But hey, they weren’t Dropbox!
I don’t think a company being involved inherently makes it bad. I don’t even think a company that keeps keys on their servers are inherently bad. Data… gets murky but that is more because of the logistics of what that means for hosting and operating costs.
But it IS important to actually assess a product before using it and to understand the risks. Every year or so people lose their shit at Protonmail when they find out that, contrary to widespread belief, Proton Corp isn’t going to serve a century in a black site for their customers. And every single time, people point out that Proton never said they would. They are VERY upfront about what they do and don’t provide and… the reality is that most of the privacy oriented benefits of that service are in that they don’t require any kind of authentication to create an account. Which… is akward when you realize it is better to NOT pay if privacy is your concern.
But what makes a random start-up with no meaningful (professional) footprint “a more trusted option than Google”?
yeah, the 2 person startup big corporation. you lost your mind. if you want to make hardware, you can’t do it without a business, you’ll need to be handling money in quantities. not all businesses are bad.
I encourage you to put your money where your mouth is and preorder.
Additional comment,
Caligra.com
A computer that has its own Linux distro that does work but it clearly a demo.
Been taking $99 preorders for… two years?
Secluso will be taking “preorders” this month. Wanna bet how many years before it launches its hardware?
You don’t have to pre-order, just wait until it’s released and buy it then. And in this case you can get a raspi and test the product for yourself, so why spread FUD?
You’re not listening
this reply adds nothing. Please explain your position
No. I suggest you buy and use their product. Especially, you should put a deposit on it. Do it. Go. Now. Shhhhhh.
Ok so you’re a troll then. Fearmongering doesn’t help the community. If you’re against something give evidence. There’s a balance between fearmongering and blind hype.
You know this community is about privacy and distrusting. Me refusing to talk to you because I know you’re not speaking in good faith doesn’t make me any kind of troll. As I said in my top comment:
Sus.
And it is. If you need more than I’ve said in all my other comments, you go do your own research and come to your own conclusions about it.
ok first off, this community is about self-hosting, there just happens to be a lot of overlap between people who self-host and people who care about privacy.
And if you thought privacy was about distrust, that is a very unhealthy view. Privacy-minded folk simply have different principles than the mainstream. But if somebody comes along that shares those principles, then trust can be earned.
OP’s product is open-source and self-hostable. This is aligned with the community. I’m not saying to throw money at the product before it’s released, but it’s worth keeping an eye on, and showing support for.
Common commercial cameras such as Ring/Blink/Nest are privacy-invasive and have lots of controversies, some examples being…
We started on this project a long time ago to fix these issues by making it so that no cloud provider can see your home security videos. It’s completely end to end encrypted and private-by-default. It also is super easy to use and doesn’t compromise on features. As it’s a Raspberry Pi and it’s open source, it’s completely auditable and not a black box (unlike these common camera providers).That means you can verify that nothing bad is going on within your camera, instead of relying on a promise from someone.
Oddly ready with all the copy paste content.
Yep, 8minutes for the answer. A bit suss.
Not really. If I am posting something that I figure would generate discussion like this, I would have sources at the ready too. And though I am disabled now, I used to hash out 140+ wpm without errors, so this post would take maaaaaybe as much as 90 seconds, mostly formatting and a quick proofreading.
Not everything has to be ‘sus’, ‘dawg’.
No I meant why it was being questioned as “sus”. No agenda, just genuinely interested to hear opinions.
Just like standard ONVIF RTSP cams with a local NVR? It’s not like this is a new thing.
Hi Bloef, this is meant to be a drop-in replacement to WiFi cameras (and therefore easy to use and easy to setup). A local NVR is great, and we definitely recommend it if you have the time to get one up and running.
This isn’t the first project like this, motionEye OS has been around for years.
I don’t mean the topic, I mean the project itself.
Yes, I’ve used motionEye OS before. It was quite good, although a little bit choppy in video quality, and lacking the push notifications to make it useful to me (or at least that was the conclusion that I came to at the time, which may or may not have been correct!)
Thanks for the reply! Based on what I know about motionEyeOS, I would say the projects have different goals.
From MotionEyeOS’s website: “Get instant email notifications when motion is detected.”, “Save recordings to cloud services, network drives, or local storage. Automatic backup and archiving options.”
We differ because we specifically made this to not compromise on functionality. We offer push notifications, easy private access via our mobile app, and the cloud relay cannot decrypt videos.(whereas it seems if you were to use the cloud with MotionEyeOS, they would not be encrypted).
While you could go local in MotionEyeOS to avoid that, it would be more inconvenient for most people, and we wanted something that could be a non-feature-compromising private replacement to modern cameras that’s simple to setup and easy to use.
Exited to see more! Keep up the good work!
I’ve been looking for something like this. To be more accurate, I’ve been looking for something that works as a doorbell/intercom, that doesn’t rely on big tech in some way or other. But this seems like a promising start.
I ended up going with Unifi (G4 Pro Doorbell) after my test-run with Reolink went… poorly. It’s technically still ‘big tech’ but all the parts are on my property and my control, and (at least for the doorbell, that’s all I’ve got so far) it works nearly-perfectly with HA (I can’t get custom screen messages to stick when assigned through HA).
Curious what went wrong with your Reolink run. That’s what I’ve got. Doesn’t require an app or account, and works with home assistant.
I bought a unit + 4tb surveillance drive, to replace a (what we thought was a) dying nest hardwired gen2 doorbell. I was excited - pulled it out of the box, ‘oh, it has an AC brick too! I can set it up and make sure it works before we install it’
Prepped the camera, prepped the nas to ingest the feed and drives, setup the non-proprietary stream (the acronym/letters escape me), all on the AC plug… And the feed, from the cam to the reolink app absolutely ground to a halt. I’m talking like, after 5 minutes of uptime, the feed was 60+ seconds behind. Absolutely wild. I restarted the app, phone, doorbell, no fix. I turned off the open-source (?) feed, going with only reolink’s proprietary stream. Better, but after 10 minutes it was still 30+ seconds behind. Reset the doorbell, set it up again, no change…
So either I got a defective/malfunctioning doorbell, a bad AC plug (but wouldn’t it just die if it was pulling too much power…?), the AC plug isn’t rated for anything more than very intital setup (I saw nothing about that in the instructions, and why would you do that…) or that is ‘working as intended’ which, why even bother if that is true.
B&H accepted both doorbell and drive, opened, no questions asked. Was very excited and it genuinely ruined my day. :(
Sorry to hear your bad experience. Was the acronym you were looking for ONVIF?
Yeah, that’s it!
I thought ONVIF is just the control, not the stream. the stream is normally RTSP
Why did you opt for pro vs nonpro out of curiosity?
It’s been a bit but I do remember I wanted the bigger screen, the fingerprint and nfc readers are nice to integrate ‘eventually’, and I think it was only an extra like $75? Oh, and the secondary package cam, that was the main factor tbh.
I wanted to get the poe version + their chime, but I got vetoed since ‘we already have a mechanic chime’ and I don’t have PoE setup in the house. But my pitch for the pro model was successful and an easy sell.
Thank you for the response, very informative!
The only thing worse than your partner vetoing you is when they’re right.
From a quick glance at the repo?
The commits generally come hot and heavy. Going back to the earlier 2025 commits and the messages mostly look like what you would expect from folk raw dogging
main. Arrdalan in particular looks “real”-ish. Whereas jkaczman is already showing signs of the kinds of commit messages that claude et al generate, but those ARE based off certain style guides.Roll up to 2026 and I can see 11 commits on May 17 alone, they all look like claude messages, some are outright just arbitrarily changing magic hashes, and there are little to no comments.
Not gonna fully call this ai slop but, it is REAL flipping sus as it were. At best, this is enthusiast code without proper engineering and is immensely unmaintainable. Use at your own risk.
Those 11 commits were from a rebase-and-merge PR, which changes the date from the original commit. Notice how there’s a week gap between those and the prior commits on the main branch.
The only thing AI is used on in this project is strictly for user interface work (our website, the front-end for the mobile app, the front-end for the deploy tool). We carefully vet anything like that.
Fair enough. I’ll still say that is bad engineering but acknowledge that starts to get into the realm of taste.
Either way, in the past 24 days you have MR commits on 8 of those and April looks similar. The code is generally poorly documented and skimming the closed MRs, I am not seeing much discussion or review in any of them. So I stand by
Fair points. I appreciate the constructive criticism! Moving forward, we will improve on our documentation. In terms of review, we always review and test each other’s code (sometimes via other mode of communication), even if there weren’t any comments on the pull request.
What an amazing conclusion, and the best part is, no matter what you’ve been waffling about before - it’s always right. Can we stop calling random things AI slop and telling to be careful bEcAuSe iTs Ai sLoP, and go back to being cautious until something has been reviewed properly? Being careful with random stuff from GitHub you install and run in your private network?
Your whole comment may have been AI slop as well. “From a quick glance at the repo”, you should be careful! Thanks, Sherlock.
What temp ranges are these good for? Can it run off solar+battery?
How are you protecting against supply chain attacks?
Hi Brkdncr, thanks for the question!
We honestly do not have a concrete answer for the temp ranges. We’ve done some testing and made sure they stay under 150F in the 3D case shown in the picture.
We do not currently directly support solar/battery usage. You can probably DIY something together though!
For Software: We’ve started to thoroughly go through our dependencies by using the Cargo Vet tool, in addition to looking for unmaintained dependencies, dependencies that we can replace with a few lines of code, etc.
For Hardware: We’re using trusted hardware providers like Raspberry Pi to try to mitigate this.
Let me know if you have any other questions!
Cargo is a red flag. It doesn’t verify any cryptographic signatures of what it downloads, unlike apt and maven.
To help mitigate that, we use Cargo.lock files to pin all of our dependencies checksums (integrity validation) until we want to upgrade. When we upgrade, we’re working on having Cargo Vet to manually go through (in addition to trusted third party auditors) to ensure the changed code isn’t malicious.
Where can I read more about cargo vet and these third party auditors?
mozilla.github.io/cargo-vet/index.html
2.4 “Importing Audits” goes into these third party auditors (the registry).
Cool
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
8 acronyms in this thread; the most compressed thread commented on today has 15 acronyms.
[Thread #312 for this comm, first seen 24th May 2026, 22:40] [FAQ] [Full list] [Contact] [Source code]
I’ll wait.
The poster’s account is under 1 day old. There are multiple brand new accounts interacting with this post, too.
And one of them is replying with positive sentiment.
But the one calling it sus is also 5 days old, and making good points.
🤔
I guess its just us in here then, among these AI bots.
These comments are why privacy products will always be behind. Why open-source is full of dead projects. These people are just trying to make a living off making privacy-focused products. And all the comments are like “They’re a for-profit company? They had marketing material prepped to reply to people’s comments?!”.
The code is open-source, self-hostable, built using commodity hardware (raspi), and they’re just trying to make it sustainable by providing an optional paid service. This is not the enemy.
Yeah, free, open source is fun, but we should also just support companies that have good ethics and want to make enough money to earn a living and keep making good products that respect people.
I want utopian space communism, but I’m not going to hold out for only that ideal when I can support alternatives that are better than the current system.
You do you, but I’m holding out for it… and only in fully automated, luxury, gay form.
Yeah supporting companies which makes privacy focused products, will create incentives for selling them to people which want them not just gaining additional profits from selling your data or showing you with ads
I see this with open source hardware a lot.
People want free hardware. That doesn’t work. Give your money to companies like this.
Money for nothin’ and your chicks for free. What a blessed utopia that must be.
Agreed, however the number of positive comments from one-day old accounts is suspect for me.
This is a security product where trust is paramount, so I get a bit itchy about anything like that, but I could be overreacting.
I can’t speak to the account thing, I checked the guy you replied to and it seems like his is 3 months old, not yesterday.
I wanted to mention that we plan to get a third-party security audit by a reputable firm sometime this summer.
Yea I edited that part because Lemmy was not showing me the right info, but there are more below, which is… Odd.
In any event, great to hear about an SA, and I have starred the project to check it out.
I used to think Reddit users were too negative. Then I joined Lemmy.
Loud people are negative. Doesn’t matter the website.
A “privacy product” inherently involves a lot of trust. When the creators are academics with little to no professional footprint, you need to assess things based on what information they do provide you. Whether that be code (yay open source) or customer interactions (forum posts).
I know we all yearn for the days of “Use Google. Their motto is ‘do no evil’ so you know they are our friends!”. But… that was a much stupider time.
Like, even if you suckle at the teat of Saint Capitalism, you should at least want a good product. And… this looks like enthusiast code with minimal maintainability but a heavy emphasis on marketing.
I’m sorry, but it’s a pretty big oversight to push the security aspect so hard that you don’t say a single thing about the actual camera. Nothing on the functionality, specs, etc…
Sorry about that! Is there anything specific I can answer?
The base runs on a Raspberry Pi Zero 2W. This is capable of running motion and AI detection (human/pet/vehicle). It supports live-streaming and motion/ai-detected events, which sends a 20 second video clip to the mobile app. All of this is end to end encrypted.
With DIY, you’re able to pick between an OV5647 and IMX219 sensor (Raspberry Pi Camera Module V1 and V2 respectively). With V1, it’s 1296x972. With V2, it’s 1640x1232 (97.4% of 1080p).
If you’re selling a complete package you should probably tell people what the specs they’re getting. But there’s nothing about the software features either. Besides security what does the firmware and software offer?
I think they are not selling anything yet, they are just providing software for camera and client and build instructions for hardware
There’s no pleasing some people. 🤣
Now hack ring cameras so existing installed cams can connect to your own hosted network.
I like what this project is trying to do, self hosted security cameras need to be more accessible to get people to stop using corporate spyware.
Very cool!
How does it scale? Can I do 50 cameras?
Can I do 20 users with granular permissions?
We’ve only tested with a few cameras, and it’s able to support that well.
We have work in progress for users. We use OpenMLS for end-to-end encryption and it allows for creating groups. We’re using that to allow multiple apps/devices to receive encrypted videos from the camera. We have the core function implemented, but haven’t added UI support in the app for it yet.
Can I have the video pushed to a self hosted server (eg NAS or proxmox VM) and just have my android be a client of that server?
In theory, that should be possible. We haven’t tested it.
Why a pi zero I’ve seen something like this done with an esp32 and a pi pico pi zero seems like putting an nvidia 1080 in your nes emu machine
We like the Pi because:
Why not just Thingino?
Thingino looks like a great option for changing firmware of IP cameras to be open-source, and is useful in local NVR-like setups! Our goal is to different: provide an end-to-end encrypted, easy-to-configure and easy-to-use WiFi camera.
How much does it cost?
And add F-Droid
Thanks for your interest!
We tried adding it on f-droid, but it seems like they have a backlog of projects to add. They haven’t gotten to test it out yet it seems.
This is why we now support Obtainium for people that do not wish to use Google Play. It can be hooked up to our mobile_client repository releases to pull the universal APK.
We do not charge anything for DIY. For our future offering, we have some information on the main page (secluso.com) of our site in section 4, along with what you would get.
Great, can you make some promotion video.
With maybe camera feed at night and at day.
Because from information on your site I wonder how looks camera feed at night and at day.
Yes, we are working on such a video. I will follow up here once that is ready.
Great to see.
The ubiquiti bell is the best but it is american and overpriced. I want something that can record, two way talk and display a message. The parcel camera is a bonus. It also needs to be able to be silenced at set times.
Nice! I’ve been wondering lately if there was an open-source solution for this
This is interesting. Can you give me a ballpark on your hardware cost for an 8 camera system? What does integration for NAS look like?
You can also flash a Wyze Doorbell v1 with Thingino
github.com/…/Camera:-Wyze-Doorbell-(V1)
Lots of ways self hosting ways of doing bidirectional rtsp doorbell.
Any good open-source nvrs that support bidirectional rtsp? I know zoneminder didn’t last time I checked.
Frigate has support for bidir audio
Amazing work guys! Looks very promising. If I needed cameras I would use this.