It depends heavily on what your threats are and what you are trying to control/prevent. For myself and for most Americans (making a big assumption here I know), the Chinese State is not a serious threat to be concerned about. This due to the fact that they are across an ocean and have close to zero effective physical force projection capability in the US. A greater concern should be domestic criminals (I.E. burglars) or the domestic government because both of those potential threat actors have the capability of using information from a home security system to cause one harm in some way.
They are fundamentally tied into the US economy and are known to effectively share data and behaviour across industries. If you were plausibly competing with a Chinese company and working from home, the question on where the HikVision information goes is a curiousity.
How much does it matter where the hardware was made if it is using local storage? If you are worried about this sort of thing, there is no reason you need to provide routing for the devices outside of your local network (e.g. VLAN). Unlike any hardware relying on cloud services.
Yeah I have to agree with this. If you're savvy enough to setup your own close-looped surveillance system then you're savvy enough to check if the camera is pinging home to a China-based server. And if it is then just block all WAN connections from that IP.
"Hikvision is fighting for its survival after the U.S. banned the company in October, accusing it of helping Beijing crack down on Muslim minorities in the far-western region of Xinjiang. "
Agreed that most electronics have China influence. But there’s a pretty big difference between influence and actual state control.
I have no insider info but from reading the news it appears that what China is doing is several levels sketchier than Amazon/Ring when it comes to infringing on civil liberties.
Protecting your self is one thing; supporting that kind of regime with your money is another.
What are your options for local-network-only cameras built in, say EU or North America? I suppose you can go with commercial surveillance cameras but I'm not sure how practical that is for the average home user...
Unless you monitor the network it is very likely that it is pinging a Chinese server.
Many years ago we bought a treadmill with LCD screen and Android running on it with a browser and other stuff. Connected it to WiFi and were happy.
A couple of years later I got a Ubiquiti edgerouter, configured it and decided to check its deep packet filtering. It started showing me an odd Chinese domain being pinged periodically, like every 5 min. Don't remember the domain but it was some Chinese search engine/portal I had never heard of (not Baidu). It took me a while to figure out that it was the treadmill that was doing this. At which point I had to just disconnect it. I have no idea why it was doing what it was doing and what data it was sending and if I was running a backdoor in my home all this time.
Point I'm trying to make is, don't assume. Mistrust and Verify should be the modern day mantra for Internet connected, especially Chinese, devices.
I have a Hikvision NVR and 4k camera setup. I keep them on a separate subnet and have blocked all access to other subnets and the internet via a Mikrotik router.
In the year or so I have had this setup there hasn't been a single packet from the NVR or cameras in an attempt to access the internet.
I don't have the above mentioned cameras, but I do have cameras that are completely blocked from the internet.
The way I do it is: When I leave my home my home assistant will enable the FTP upload on motion detection feature of the camera. If there's motion then the camera will upload the recording to a ftp server running locally (synology), this then gets synced to google drive.
Home assistant can also do push notifications if there's movement detected.
yes and no.
its a little work but you could whitelist a domain the NVR can connect to or maybe an IP. Block anything else.
for example:
if you want the NVR to upload to Dropbox, you would whitelist the list of domains that are needed for Dropbox to work.
if the NVR tries to connect to 'heartbeat.hikvsn.cn' it would fail.
I was in China recently, and the number of surveillance cameras there is bewildering. I suppose when you buy this brand you benefit from cutting edge technology funded by the investment the state has made...
Fascinatingly, China has a mix of public - private infrastructure. E.g. wireless payments are provided by WeChat and AliPay (although in the West it's not much different, it's Visa/MasterCard), and I guess in the US, Amazon is the private side, and the cops are the public side.
Pretty sure that's the brand I noted in my local McDonalds too. I wondered why there was so much lag to the display, so I checked the brand to look into it later. Dumb of them to write it on the side if they are profiling.
