Privacy-Focused Smart Home Hub Alternatives
Amazon Alexa, Google Home, and Samsung SmartThings process your automation data on vendor clouds. This means a record of when you turn lights on, when motion is detected, when you arrive home, and — for voice-based hubs — recordings of everything said near a device. Local hubs eliminate this. This guide covers three alternatives that run entirely on your network.
What Cloud-Connected Hubs Collect
Amazon Echo/Alexa:
- Voice recordings (7 seconds before wake word and after)
- Device state changes (on/off/dimmer level + timestamp)
- Routine triggers and schedules
- IP address and router details
- Skill usage patterns
Google Home:
- Same categories plus cross-device activity correlation
- Links to Google account: location history, search history, YouTube
Samsung SmartThings:
- All device events streamed to SmartThings cloud
- Automation triggers and schedules
- Camera snapshots (SmartThings/Ring integration)
All three platforms retain this data for months to years and use it for advertising profiling or share it with law enforcement on subpoena.
Option 1: Home Assistant (Most Flexible)
Home Assistant is the most popular local smart home platform — 700,000+ active installations. It runs on a Raspberry Pi, dedicated mini PC, or as a Docker container. With “Home Assistant Cloud” (Nabu Casa, optional) disabled, it operates 100% locally.
Install on a Raspberry Pi 4:
# Flash the Home Assistant OS image (easiest method)
# Download: https://www.home-assistant.io/installation/raspberrypi
# Flash with balenaEtcher or rpi-imager
# Boot → access http://homeassistant.local:8123
# Or install as Docker container on an existing server
docker run -d \
--name homeassistant \
--privileged \
--restart unless-stopped \
-v /opt/homeassistant/config:/config \
-v /run/dbus:/run/dbus:ro \
--network host \
ghcr.io/home-assistant/home-assistant:stable
Verify no cloud data is sent:
# Block Home Assistant from reaching the internet (whitelist exceptions for NTP/updates)
sudo ufw deny out from <ha-ip>
sudo ufw allow out from <ha-ip> to any port 443 # only if you use Nabu Casa
# Check what HA is connecting to
sudo tcpdump -i eth0 host <ha-ip> -n port 443 -w /tmp/ha_traffic.pcap
Zigbee and Z-Wave integration (no cloud required):
# configuration.yaml
zha:
database_path: /config/zigbee.db
# Or use Zigbee2MQTT (connects Zigbee coordinator to MQTT broker)
# No Zigbee vendor cloud required
Privacy-respecting automations:
# automations.yaml — local motion-triggered light with no cloud
- alias: "Living room motion"
trigger:
platform: state
entity_id: binary_sensor.living_room_motion
to: "on"
action:
service: light.turn_on
entity_id: light.living_room
data:
brightness: 200
# Presence detection without Google/Apple location sharing
# Use local Bluetooth scanner (HACS bluetooth_tracker)
- alias: "Arrive home"
trigger:
platform: state
entity_id: device_tracker.my_phone_bt
to: "home"
action:
service: alarm_control_panel.alarm_disarm
entity_id: alarm_control_panel.home
Voice assistant — fully local with Whisper + Piper:
# Home Assistant Voice (local processing, no cloud)
# Requires HACS Wyoming integration
# whisper (speech-to-text)
# piper (text-to-speech)
# openwakeword (wake word detection)
# All run on-device — nothing leaves your network
Option 2: openHAB (Enterprise-Grade)
openHAB (Open Home Automation Bus) is Java-based and focuses on enterprise-grade stability. It supports 400+ bindings (integrations). Its declarative configuration model is more structured than Home Assistant’s YAML.
Install on Ubuntu:
# Java requirement
sudo apt install -y openjdk-17-jdk
# Add openHAB repository
wget -qO- "https://openhab.jfrog.io/artifactory/api/gpg/key/public" \
| sudo apt-key add -
echo 'deb https://openhab.jfrog.io/artifactory/openhab-linuxpkg stable main' \
| sudo tee /etc/apt/sources.list.d/openhab.list
sudo apt update && sudo apt install -y openhab
sudo systemctl enable --now openhab
# Access at http://localhost:8080
Blocking cloud calls in openHAB:
# openHAB does not require cloud connectivity
# Disable usage statistics reporting:
# In PaperUI > Settings > System > Remote Access: OFF
# Verify no outbound connections
ss -tnp | grep java | grep ESTABLISHED
# Should only show local connections
Sample items and rules:
// items/home.items
Switch LivingLight "Living Room Light" (gLights) { channel="zigbee:zigbee_device:coordinator:bulb1:switch" }
Number RoomTemp "Room Temperature [%.1f °C]" { channel="zwave:device:controller:sensor_temperature" }
// rules/heating.rules
rule "Eco mode when empty"
when
Item PresenceSensor changed to OFF
then
Thermostat.sendCommand(16) // Set to 16°C when nobody home
logInfo("Heating", "Eco mode activated")
end
Option 3: Hubitat Elevation
Hubitat is a commercial hub (hardware device, ~$150) that processes all automations locally. Unlike SmartThings, nothing leaves the hub. There is no subscription required for local operation.
Privacy properties:
- Hub runs on-device; automations do not reach Hubitat’s servers
- Optional cloud dashboard (hubitat.com) — disable if not needed
- Z-Wave, Zigbee, LAN, and cloud integrations all supported
- Regular firmware updates from a US company
Disable cloud features:
Settings > Hub Details > Cloud Connection > Disable
Settings > Hub Mesh > Off (if not using multi-hub setup)
Backup locally:
# Hubitat provides local backup via web UI
curl -s "http://hubitat.local/hub/backup" \
-o hub_backup_$(date +%Y%m%d).lzf
Choosing a Protocol (No Cloud Required)
| Protocol | Range | Mesh | Cloud Required |
|---|---|---|---|
| Zigbee | 10–20m | Yes | No |
| Z-Wave | 30–100m | Yes | No |
| Thread/Matter | 10–20m | Yes | No (Matter = local first) |
| Wi-Fi | Home coverage | No | Depends on device |
| Bluetooth LE | 5–10m | No (BLE mesh exists) | Depends |
For maximum privacy: use Zigbee or Z-Wave with a local coordinator (ConBee II, HUSBZB-1). These devices talk directly to your hub without any internet requirement.
# Zigbee2MQTT — bridges Zigbee coordinator to MQTT broker locally
# No zigbee vendor cloud required even for commercial devices
docker run -d \
--name zigbee2mqtt \
-v /opt/zigbee2mqtt/data:/app/data \
--device=/dev/ttyACM0 \
-e TZ=America/New_York \
koenkk/zigbee2mqtt
# All Zigbee device events go to local MQTT broker, not any cloud
Network Isolation for IoT Devices
Regardless of which hub you choose, isolate IoT devices on a dedicated VLAN:
# Create VLAN 30 for IoT on pfSense/OPNsense
# Rule: IoT VLAN can communicate with Hub IP only
# Rule: IoT VLAN cannot reach main LAN
# Rule: Block IoT VLAN from internet (adjust per device)
# Home Assistant configuration for isolated IoT VLAN
# Set HA IP to 192.168.30.2 (gateway on IoT VLAN)
# All Zigbee/Z-Wave/Thread devices communicate only with HA
# HA on main LAN for dashboard access
Related Reading
- How to Run Zigbee2MQTT Locally for Smart Home Without Vendor Cloud
- How to Secure Smart Home Devices Privacy Guide 2026
- Privacy-Focused Cloud Storage Comparison 2026
Built by theluckystrike — More at zovo.one