Basically what the title says. Someone I know is building a house and they want all sorts of security and privacy added benefits one could have with no hold backs.
This post basically serves as a place for everyone to come contribute ideas, hardware, and software, even self hosting is possible to increase the safety, security, and privacy of the home. So feel free to contribute thoughts and ideas but please include how to implement your concept if you can!
Plug and play is preferred but a little reasonable amount of self hosting could be done, with a preference on mechanical hardware where possible but not a hard set requirement.
While money isn’t an major issue within reason, be realistic and preferably eco friendly. Thanks everyone ahead of time!
when building a private house, the same advice applies as when building a private pc.
avoid windows.
😂
Bunker.
Deep bunker.
Wired everything. However many network ports you think you will need in a room, double it.
Grounded wire mesh Faraday cage embedded in all walls.
A tall fence.
Consider shielded Ethernet cabling. Would be nice to also put in conduit for everything both electric, Ethernet, everything.
Hot take, but your local community matters infinitely more than the construction of your house. Build somewhere you have neighbors yoh get along with who will stick their neck out for you.
That being said, you can do the following:
-
Plant/build near large trees to cover from satellite/aerial photography
-
run conduit throughout so you don’t have to rely on wireless networking
-
install security cameras that feed somewhere local (I’m assuming nobody who breaks into your house gives enough of a shit to fins and destroy your recordings)
-
buy actually good locks, doors, and doorframes. Make sure you’re aware of what to expect from these, they wont actually keep someone out, they just make entrance louder and slightly more cumbersome.
-
build a secret sex room for you and your spouse. This is less of a privacy asset, and more just a fun thing to do.
I’m assuming nobody who breaks into your house gives enough of a shit to fins and destroy your recordings
Unless agent 47 do silent assassin suit only run.
-
As of the time I’m writing this comment literally none of the suggestions made actually matter for the ambiguous goal of “general security and privacy” more than building in a neighborhood or community that meets the occupants desires.
Pick a place with people you want to be around who you trust to look out for you.
Not directly your question, but:
- Propane for heating, off an underground tank separated from the house
- Generator
- Two sump pumps
- Solar panels
- Vegetable garden
Security doesn’t just mean security against surveillance and physical violence.
I saw a lot of people out of propane in the 2 weeks after Helene. Propane should be a strategic reserve- natural gas should be the primary for generator fuel and heating. Let someone else store it.
Privacy from what? What’s their threat model?
General security and privacy enhancements. Nothing threat specific as that can be handled seperate to this post.
Consider low maintenance materials. Simple roof line, with good landscape drainage away from the house. Metal, ideally stainless steel roof. Triple pane metal clad or fiberglass windows choose by the sun exposure in terms of coatings. Heavily insulated. ERV ventilation. Consider commercial grade doors, and hurricane approved windows, etc. Consider unpainted stucco or another low maintenance exterior. Ground loop heat pumps for heating. Enough electrical capacity for all electric house including eV charging, but with backup power source. Design for no maintenance in the first 50 or 100 years. You might consider a safe room.
Edit: Might consider hidden and/or locked storage too, a locked filing cabinet at least, or a safe.
Edit: You might also consider a security, home automation, and house monitoring system but choose carefully. One that you control, not some cloud service.
Draineage and runoff are so underrated. Thanks for this type of post. All good info when most focus on opsec and intenet based concepts.
Drainage is often done incorrectly in new construction too. Very common to have all the water drop beside the front door and create a pond. Very common to have beds around the house that create little swimming pools. If nothing else the ground will sink around the foundation and have to be filled quite soon.
Consider network boxes and structure of net. At a minimum segregate things on different network segments. Guest, IOT, Your Stuff, Wired, Wifi, etc. Your boundary router and everything inside it should be yours and get automatic updates. Ideally two network providers, one fiber, one wireless. Encrypt everything on the net.
Avoid wifi and bluetooth if you can, but probably you do not want to. If you use them, secure them the best you can. Strong keys, SSIDs that tell nothing, etc. You can set your wifi APs to ignore clients outside of a certain range at least. Also hardwire the APs. Airgap things that really matter. For example Airgap at least some of your backup archives, and take some offsite too. A nice way to do that is host mountable SATA draws on your backup server with high capacity real spinning magnetic disks (no SSD or Flash stuff).
On systems that matter at least use volume mirroring, or some level of Raid, and do have an UPS. Maybe consider a whole house UPS if your loaded with money. Your network boxes should be on have UPS support too, and at least one of your network providers (starlink, other sat provider, maybe cell or wimax, old style DSL, etc).
Actual network connectivity, consider how your going to do that. You could route all network traffic though a VPN or Tor, but you may not want to do that. Big downsides too. One could choose to route certain subnets that way though.
Actively keep everything patched, monitored updated. Remember, less is more. Minimize what needs to be patched, monitored, and updated. Put firewalls on everything and minimize the software and services and attack surface. Treat every device on your net as mostly untrusted.
Hardware recommendations such as Model and brands? Software recommendations brands/FLOSS? Thanks for the lengthy insights I will definitely pass it on. Simple is best. I believe everything will be tied into Home Assistant. Amongst other self hosted solutions.
I am a FOSS guy so I’d just configure Debian or Ubuntu to do most of the server, media center, desktop, and laptop stuff. Smart Phones Google Pixel 8a or another a series flashed with GrapheneOS. For network I would look at PfSense, OPNSense, OpenWrt, or DD-WRT devices. I have DD-WRT devices but have they do not get updates sadly, but there are some vendors that base their devices on DD-WRT. Not sure which ones. ASUS? Buffalo? Is there a list somewhere?
The other direction is to go more commercial which is probably what you want. Lot of people like Synology products. In particular they have nice NAS products (which actually can run other services too) which should be fine if you just run them on the LAN. If you want to connect while traveling, setup some sort of VPN. Do not expose any of this stuff to the WAN. For network devices I would consider Netgate, I think they have some PfSense firewalls. Some people seem to like Ubiquiti stuff.
I personally have generally favored Netgear but as I said, I mostly have just re-flashed with DD-WRT but am thinking of doing something different at least with regard to my boundary router. It has gotten so we all need to have our network devices rapidly updated, especially exposed ones like the boundary router.
True story, I knew a guy who set everything up inside a dormant volcano on tropical island somewhere. No wait that was a movie.
Zip it, Scotty
There’s a few places like that in Lanzarote. Pretty cool.
