Privacy-Focused Smart Home Hub Alternatives
Amazon Alexa, Google Home, and Samsung SmartThings process your automation data on vendor clouds. This means a record of when you turn lights on, when motion is detected, when you arrive home, and. for voice-based hubs. recordings of everything said near a device. Local hubs eliminate this. This guide covers three alternatives that run entirely on your network.
What Cloud-Connected Hubs Collect
Amazon Echo/Alexa:
- Voice recordings (7 seconds before wake word and after)
- Device state changes (on/off/dimmer level + timestamp)
- Routine triggers and schedules
- IP address and router details
- Skill usage patterns
Google Home:
- Same categories plus cross-device activity correlation
- Links to Google account: location history, search history, YouTube
Samsung SmartThings:
- All device events streamed to SmartThings cloud
- Automation triggers and schedules
- Camera snapshots (SmartThings/Ring integration)
All three platforms retain this data for months to years and use it for advertising profiling or share it with law enforcement on subpoena.
Option 1 - Home Assistant (Most Flexible)
Home Assistant is the most popular local smart home platform. 700,000+ active installations. It runs on a Raspberry Pi, dedicated mini PC, or as a Docker container. With “Home Assistant Cloud” (Nabu Casa, optional) disabled, it operates 100% locally.
Install on a Raspberry Pi 4:
Flash the Home Assistant OS image (easiest method)
Download - https://www.home-assistant.io/installation/raspberrypi
Flash with balenaEtcher or rpi-imager
Boot → access http://homeassistant.local:8123
Or install as Docker container on an existing server
docker run -d \
--name homeassistant \
--privileged \
--restart unless-stopped \
-v /opt/homeassistant/config:/config \
-v /run/dbus:/run/dbus:ro \
--network host \
ghcr.io/home-assistant/home-assistant:stable
Verify no cloud data is sent:
Block Home Assistant from reaching the internet (whitelist exceptions for NTP/updates)
sudo ufw deny out from <ha-ip>
sudo ufw allow out from <ha-ip> to any port 443 # only if you use Nabu Casa
Check what HA is connecting to
sudo tcpdump -i eth0 host <ha-ip> -n port 443 -w /tmp/ha_traffic.pcap
Zigbee and Z-Wave integration (no cloud required):
configuration.yaml
zha:
database_path: /config/zigbee.db
Or use Zigbee2MQTT (connects Zigbee coordinator to MQTT broker)
No Zigbee vendor cloud required
Privacy-respecting automations:
automations.yaml. local motion-triggered light with no cloud
- alias: "Living room motion"
trigger:
platform: state
entity_id: binary_sensor.living_room_motion
to: "on"
action:
service: light.turn_on
entity_id: light.living_room
data:
brightness: 200
Presence detection without Google/Apple location sharing
Use local Bluetooth scanner (HACS bluetooth_tracker)
- alias: "Arrive home"
trigger:
platform: state
entity_id: device_tracker.my_phone_bt
to: "home"
action:
service: alarm_control_panel.alarm_disarm
entity_id: alarm_control_panel.home
Voice assistant. fully local with Whisper + Piper:
Home Assistant Voice (local processing, no cloud)
Requires HACS Wyoming integration
whisper (speech-to-text)
piper (text-to-speech)
openwakeword (wake word detection)
All run on-device. nothing leaves your network
Option 2 - openHAB (Enterprise-Grade)
openHAB (Open Home Automation Bus) is Java-based and focuses on enterprise-grade stability. It supports 400+ bindings (integrations). Its declarative configuration model is more structured than Home Assistant’s YAML.
Install on Ubuntu:
Java requirement
sudo apt install -y openjdk-17-jdk
Add openHAB repository
wget -qO- "https://openhab.jfrog.io/artifactory/api/gpg/key/public" \
| sudo apt-key add -
echo 'deb https://openhab.jfrog.io/artifactory/openhab-linuxpkg stable main' \
| sudo tee /etc/apt/sources.list.d/openhab.list
sudo apt update && sudo apt install -y openhab
sudo systemctl enable --now openhab
Access at http://localhost:8080
Blocking cloud calls in openHAB:
openHAB does not require cloud connectivity
Disable usage statistics reporting:
In PaperUI > Settings > System > Remote Access: OFF
Verify no outbound connections
ss -tnp | grep java | grep ESTABLISHED
Should only show local connections
Sample items and rules:
// items/home.items
Switch LivingLight "Living Room Light" (gLights) { channel="zigbee:zigbee_device:coordinator:bulb1:switch" }
Number RoomTemp "Room Temperature [%.1f °C]" { channel="zwave:device:controller:sensor_temperature" }
// rules/heating.rules
rule "Eco mode when empty"
when
Item PresenceSensor changed to OFF
then
Thermostat.sendCommand(16) // Set to 16°C when nobody home
logInfo("Heating", "Eco mode activated")
end
Option 3 - Hubitat Elevation
Hubitat is a commercial hub (hardware device, ~$150) that processes all automations locally. Unlike SmartThings, nothing leaves the hub. There is no subscription required for local operation.
Privacy properties:
- Hub runs on-device; automations do not reach Hubitat’s servers
- Optional cloud dashboard (hubitat.com). disable if not needed
- Z-Wave, Zigbee, LAN, and cloud integrations all supported
- Regular firmware updates from a US company
Disable cloud features:
Settings > Hub Details > Cloud Connection > Disable
Settings > Hub Mesh > Off (if not using multi-hub setup)
Backup locally:
Hubitat provides local backup via web UI
curl -s "http://hubitat.local/hub/backup" \
-o hub_backup_$(date +%Y%m%d).lzf
Choosing a Protocol (No Cloud Required)
| Protocol | Range | Mesh | Cloud Required |
|---|---|---|---|
| Zigbee | 10, 20m | Yes | No |
| Z-Wave | 30, 100m | Yes | No |
| Thread/Matter | 10, 20m | Yes | No (Matter = local first) |
| Wi-Fi | Home coverage | No | Depends on device |
| Bluetooth LE | 5, 10m | No (BLE mesh exists) | Depends |
For maximum privacy - use Zigbee or Z-Wave with a local coordinator (ConBee II, HUSBZB-1). These devices talk directly to your hub without any internet requirement.
Zigbee2MQTT. bridges Zigbee coordinator to MQTT broker locally
No zigbee vendor cloud required even for commercial devices
docker run -d \
--name zigbee2mqtt \
-v /opt/zigbee2mqtt/data:/app/data \
--device=/dev/ttyACM0 \
-e TZ=America/New_York \
koenkk/zigbee2mqtt
All Zigbee device events go to local MQTT broker, not any cloud
Network Isolation for IoT Devices
Regardless of which hub you choose, isolate IoT devices on a dedicated VLAN:
Create VLAN 30 for IoT on pfSense/OPNsense
Rule - IoT VLAN can communicate with Hub IP only
Rule - IoT VLAN cannot reach main LAN
Rule - Block IoT VLAN from internet (adjust per device)
Home Assistant configuration for isolated IoT VLAN
Set HA IP to 192.168.30.2 (gateway on IoT VLAN)
All Zigbee/Z-Wave/Thread devices communicate only with HA
HA on main LAN for dashboard access
Related Reading
- How to Run Zigbee2MQTT Locally for Smart Home Without Vendor Cloud
- How to Secure Smart Home Devices Privacy Guide 2026
- Privacy-Focused Cloud Storage Comparison 2026
Built by theluckystrike. More at zovo.one