view the rest of the comments
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Yeah, for that threat model, a VLAN is not needed in my opinion:
esphome devices are for sure not data collecting and pihole will block most of the phone homes with a good block list, where possible (like simple smart devices) they are flashed with a local open source version. Still the vast majority are KNX and Zwave which are local only
video cameras are local-only always and have completely blocked internet access via the router
This is probably the biggest threat unpreventable in other ways. Though definitely citation needed for them actually being caught recording conversations lol. People think phones do that too, but it is simply a lot easier (and more importantly, cheaper with a much higher ROI) to make a complete data picture through search/watch history + proximity to other devices.
https://www.theguardian.com/technology/2013/nov/21/information-commissioner-investigates-lg-snooping-smart-tv-data-collection
https://www.cnet.com/news/privacy/samsungs-warning-our-smart-tvs-record-your-living-room-chatter/
https://www.theguardian.com/technology/2022/jan/29/what-your-smart-tv-knows-about-you-and-how-to-stop-it-harvesting-data
Pihole by itself can't really block all the traffic as some device may be set to use different DNS server from factory. And with DNS over HTTPS, to block phoning home, you'd most probably have to completely block internet access for that device.
I'm looking at VLANs as groups of devices which shares the same access policies. So e.g. you create VLAN for cameras, create rules for accessing the NAS, HA, etc. and then just assign each camera to that VLAN. You don't need to recreate same rules for every new camera.