💾 Archived View for jagtalon.net › doggy-cam.gmi captured on 2024-02-05 at 09:27:14. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
A screenshot from the webcam of Finn on the floor.
There are times when we wish we had a way to keep an eye on the dog whenever we go out of the house. I've been meaning to use either an old phone or an old computer for this, but I don't exactly trust the easy-to-use, cloud-based IP cameras that I'm finding so I've been putting it off. This is sending out sensitive data, 24/7 over the internet!
So if I was going to do this, I want to make sure that I'm using open source software, I'm able to access it when I'm outside the house, and that it's not out on the public internet.
First thing I did was to look for software that is able to live stream, and I found Motion which runs on a lot of different platforms and architectures, and has apparently been around since 2000. The old computer that I have runs Void Linux, so to install it, I ran `$ doas xbps-install motion`. I have computers running Debian and OpenBSD as well and it looks like it exists on there, too.
After that, I created the config file by copying the example over `$ doas cp /etc/motion/motion-dist.conf /etc/motion/motion.conf` and modifying it to limit access to localhost and to add a username and password as well. This will be relevant later when we allow access from outside the network:
# We'll only be able to access the device on localhost:8081 stream_port 8081 stream_localhost on # Add a username and password as well. stream_auth_method 1 stream_authentication username:password # Change this
The hardware: a laptop with a built-in camera with a USB camera attached to it
I have two different cameras that I want to set up (one USB camera and one built-in camera) so I also added the following lines to `motion.conf`:
camera /etc/motion/camera0.conf camera /etc/motion/camera1.conf
The file `camera0.conf` has the line `video_device /dev/video0` in it and `camera1.conf` has the line `video_device /dev/video2` in it. How do I know which files map to which device? On Linux, you can run `$ v4l2-ctl --list-devices` and you should see something like this:
C922 Pro Stream Webcam (usb-0000:00:14.0-2): /dev/video2 /dev/video3 /dev/media1 USB2.0 HD UVC WebCam: USB2.0 HD (usb-0000:00:14.0-5): /dev/video0 /dev/video1 /dev/media0
Ok! After configuring all that, you can now run `$ motion` and you should see something in localhost:8081/1/stream and localhost:8081/2/stream after you put in the username and password. Ok, so how do we see this camera when we're outside the house?
We can use something like Tailscale, but I personally don't like depending on the services of companies. I try to go with community-based solutions whenever I can. Also, there's a lot of metadata that Tailscale collects:
... we collect limited metadata regarding your device used to access the Tailscale Solution, such as: the device name; relevant operating system type; host name; IP address; cryptographic public key; user agent (where applicable); language settings; date and time of access to the Tailscale Solution; logs describing connections and containing statistics about data sent to an from other devices (“Inter-Node Traffic Logs”); and version of Tailscale Solution installed.
But fortunately we have Tor Onion Services to the rescue! Onion Services are not only metadata-free, but they also have this incredible ability to "punch through NAT" which basically means you can connect to a computer even when it's within a restricted home network.
So install Tor (`$ doas xbps-install tor` for me), enable the service (`$ doas ln -s /etc/sv/tor/ /etc/runit/runsvdir/default/`), and add the following to `/etc/tor/torrc`:
HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 80 127.0.0.1:8081
Save and restart the Tor service. On my computer, that's `$ doas sv restart tor`. Inside `/var/lib/tor/hidden_service/hostname`, you'll find the onion address. Open this up using the Tor Browser (make sure to add the /1/stream at the end of the URL though), type in your username and password, and hopefully you see it working! You can access this URL from anywhere now with end-to-end encryption!
If you're worried that malicious Tor relays would find out the address, and access your cameras, you don't have to worry because Tor is designed to hide this from relays:
However, clients still need to ask the directory for information about a specific onion address, which would again allow mass collection of onion addresses. With V3 onion services, this is prevented by using key derivation to derive a daily-rotated identifier ("blinded public key").
So instead of asking the hidden service directory for facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion, the Tor client automatically calculates the current identifier from the onion address and the current date (e.g. 2021-08-19), and asks for that blinded public key (here: ek4gJEtlHmwwadLvMNG7tYx/lJuJN1zQl6pMVkGmAcM).
Buuut of course there's a chance that the URL could leak in some other way that's why we add a username and password in the first place.
I also have an old iPhone lying around the house, and I wanted to see if I could use it as a third camera. On the phone, I installed the app called *Live-Reporter Live Camera* which starts an RTSP stream (Real Time Streaming Protocol). The app displays the IP address on the screen when you open it. I copied that address and put it in `/etc/motion/camera2.conf`:
# The full URL of the network camera stream. netcam_url rtsp://123.456.7.891
Then in the `/etc/motion/motion.conf`, I added `camera /etc/motion/camera2.conf`. I ran `motion` again, and I was good to go!
No copyright. Everything is in the public domain.
