Adds Secluso to Security Cameras (Smart Home & IoT)

[jkaczman]

Type

Addition

---

Changes

Adds Secluso. Adds Security Camera sub-category (in Smart Home & IoT). In response to my issue, #589

Summary that I wrote in the deleted issues

Secluso is an open-source, E2EE, privacy-focused DIY home security camera solution for Raspberry Pi. It provides full end-to-end encrypted remote access (live streaming, smart motion alerts, and playback via the mobile app) and runs on an open hardware platform (Raspberry Pi). It can be fully self-built (we've put together a build-your-own guide linked in the supporting material). Our recent release makes DIY accessible without technical knowledge, via a GUI deploy tool that handles image building and setting up a relay.

The relay server is treated as untrusted, and the project offers fully reproducible builds for the runtime binaries, the Secluso Deploy setup tool, the Android app, and the Secluso OS Pi image, so users can verify the published artifacts against our source code. We also support de-Googled distribution via Obtainium and UnifiedPush. The project has been tested on GrapheneOS and works well.

We've been actively developing this for almost two years, with a strong focus on privacy and security (see the white paper in the supporting material for the full security model: untrusted relay, forward secrecy, post-compromise security, immutable releases, reproducible builds).

---

Supporting Material

Primary repository (we also have mobile_client and os): https://github.com/secluso/core
Security Model: https://github.com/secluso/core/blob/main/WHITE_PAPER.md

Build Your Own Guide: https://secluso.com/build-your-own
Privacy Policy: https://secluso.com/privacy-policy
Main Website: https://secluso.com/

We plan to get a security audit very soon (sometime this summer).

---

Affiliation

I am one of the maintainers of the project (a co-founder)

---

Checklist

• I have read the Contributing guide, and confirmed my PR aligns with the requirements
• I have performed a self-review (valid Markdown formatting, spelling, and grammar)
• I have indicated whether I have any affiliation with any software / services added
• I agree to follow the repositories Contributor Covenant Code of Conduct

[liss-bot]

Hello @jkaczman

Thank you for contributing to Awesome Privacy! We will review your submission shortly. In the meantime, please ensure all changes are correct and inline with our Contributing Requirements.

Our automated checks detected some issues:

• Please fill in pull request template in full. You can find a copy of this here
• Smart Home & IoT > Security Cameras > Secluso: unknown field(s) securityAudit
• Smart Home & IoT > Security Cameras > Secluso > androidApp: invalid value https://play.google.com/store/apps/details?id=com.secluso.mobile — must be a package name like com.example.app
• Description length (538 chars) is outside the recommended 50–250 character range. Please see our Contributing Guidelines
• The link(s) you included seem to be returning a 404. Please double check all URLs listed are valid and publicly accessible

^{🤖 I am a bot, and sometimes make mistakes. If you feel that any info here is incorrect or inaccurate, feel free to add a comment below with any corrections or justifications. This bot does not use AI, and just runs preliminary validation checks against submission requirements. Human review is still needed.}

Summary of Changes:

• Added Secluso in Smart Home & IoT → Security Cameras
• Added section Security Cameras in Smart Home & IoT

Submission Info

Repo Stats

• 🟢 License: GNU General Public License v3.0
• 🟠 Repo Age: 1 year, 6 months
• 🟢 Last Updated: 1 day ago
• 🟠 Releases: 2
• 🟢 Stars: 1,548
• 🟠 Contributors: 3
• 🟢 Is Fork: No
• 🟢 Is Archived: No
• ⚪ Security Alerts: Unknown
• 🟢 Vibe Coded: 0 AI commits
• 🔵 Commits: 100+
• 🔵 Open Issues: 27
• 🔵 Website: https://secluso.com
• 🔵 Author: secluso
• 🔵 Languages: Rust, Shell, Svelte, JavaScript, Python, CSS, TypeScript, HTML, Dockerfile

Website Checks

• 🟢 Status: 200
• 🟢 HTTPS: Yes
• 🟢 Blacklist: Not listed
• 🟢 Redirect: None
• 🟢 Risk Score: 0
• 🔴 HSTS: Missing
• 🔴 CSP: Missing
• 🔴 X-Frame-Options: Missing
• 🔴 Security.txt: Missing
• 🔵 Server: 99.84.132.67, AS16509
• 🔵 Server Location: Atlanta, Georgia, United States of America
• 🔵 Title: Secluso | Completely Private Security Camera

Android App

• 🟢 Trackers: 0
• 🔴 Permissions: 19
• ⚪ Downloads: Unknown
• 🔵 Created: 1 week ago
• 🔵 Last Updated: 1 week ago

iOS App

• 🔴 Rating: 0.0 / 5
• 🔵 Created: 2 months ago
• 🔵 Last Updated: 1 week ago
• 🔵 Size: 109.1 MB

^{The above data does not determine a submissions eligibility. Human review is still needed.
Key: 🟢 = good. 🟠 = warning. 🔴 = attention required. 🔵 = info. ⚪ = unknown.}

^{For full details, please see workflow run 26961398716}

---

Updates

Edit 1: - 1 issue was resolved, but 4 checks are still failing, see here for details
Edit 2: - 6 checks are still failing, see here for details
Edit 3: - 5 checks are still failing, see here for details
Edit 4: - 3 checks are still failing, see here for details
Edit 5: - 3 checks are still failing, see here for details
Edit 6: - 1 check is still failing, see here for details
Edit 7: - 1 check is still failing, see here for details
Edit 8: - 1 check is still failing, see here for details
Edit 9: - 1 check is still failing, see here for details
Edit 10: - All checks are now passing 🎉, see here for details
Edit 11: - All checks are now passing 🎉, see here for details
Edit 12: - 1 check is still failing, see here for details
Edit 13: - All checks are now passing 🎉, see here for details
Edit 14: - All checks are now passing 🎉, see here for details

[lissy93]

Thanks @jkaczman
Secluso looks awesome! I'm just trying it out now :)

For the most part, this all LGTM. Thank you for the PR, and sorry the bot gave you so much grief! 😅

I did just have a few, small questions:

• Is it generally available? The website seems to imply that it's in alpha/there's a wait list (but it says it opens in May, which was last month?). But maybe that's just for the managed instance or pre-built device?
• In the whitepaper, you mention that event timing, live streams, notifications, etc isn't "hidden", but later in the website it says "neither can we see anything". Is metadata not counted as "anything"? But this isn't mentioned in the privacy policy, so am I missunderstanding?
• For a site marketed as "google-free", maybe don't load Google Fonts directly from Google's CDN (it shares all visitor data with Big 'G)
• Is it necisary to write GITHUB_TOKEN into the world-readable systemd service? Maybe a root-owned 0600 EnvironmentFile= would be better, given all the recent malware targeting these secrets at the moment. Likewise, on the Pi the secrets which let someone join the E2E group (credentials, cam secret, wifi password) aren't written securly (default nmask), and will also persist after a factory reset too. Again, QR code contains all this sensetive info, and is stored publicly in cleartext.
• Any plans to distribute the Android app via F-Droid or any non-google store? And can iOS users use a self-hosted relay?
• Small info leakage on the website, as it's possible to tell if a given email has signed up. Since the POST to /api/referrals/send-link returns a different response accordingly
• security.txt returns a 404 on your website (but SECURITY.md and GitHub reporting is enabled 👍)