I set up Home Assistant Cloud on a server in a remote place. Technically it is working fine.
However I was quite surprised when I checked where my xxx.ui.nabu.casa gateway is hosted. Turns out it’s on AWS. That at least reveals my communication attempts with my HA instance to an untrusted third party.
I did not analyze the setup in-depth, but it looks like the AWS portal acts as a proxy inbetween my browser and the remote site. If that is the case, there is no end-to-end encryption, meaning not only can AWS monitor communication times, but the content is also available to them - logins, passwords, all HA data.
I have to say I am very disappointed.
We provide a home automation solution that is built from the ground up with privacy in mind
(from the Nabu Casa website). I do not think they have delivered on that promise.
It feels especially bad as NC has its roots in the Netherlands. It is not hard to find a reputable European cloud provider.
I will now look into building a VPN tunnel to an endpoint I have control over.
Mine is a local installation and the only thing I don’t like about VPN access from outside is the two setep process that you have to fire up your VPN every time you want to access the system. Originally using DuckDNS but started having reliability issues, currently I use the Cloudflared addon which does not force me to port forward. What are you going to set up - Tailscale, or ?
There are ten’s of thousands of web sites hosted on Amazon remote versus on premise (including many banking, financial institutions). That said, you have alternate options for external access should you not trust that path.
Redarding the setup, the place has only limited internet access (private IP on the router WAN interface), so there’s no port forwarding option. I will probably set up a tunnel to a VM I control and use a proxy on it. I chose HA cloud because, technically speaking, it is hassle-free for this use case. I have used port forwarding in other scenarios before.
I also would not mind supporting NC, HomeAssistant is a great product. I can not say the same about HA cloud privacy unfortunately.
My point was more about the disappointment, though. I realize that the ‘Installation’ forum may not be the best place for such a post, but I found the other categories even less fitting.
