These cameras are extremely suspicious -- just follow the money. I bought some cheap Chinese cameras in 2020 that by default send the video stream to a Chinese server, which you can watch with an app on your phone. The cameras were about $40 on Amazon, so my guess is the manufacturer was getting paid maybe $15-20 for them.
Bandwidth to and from China is not that cheap, and you could be running this stream 24x7. The streaming service still works 4 years later even though the company whose name is on the camera has vanished.
So, who is paying the server/bandwidth bill? The camera is too cheap to afford indefinitely providing this service, so you can only presume that you're paying in another way. Probably there is some third party in China that the camera manufacturer makes a deal with. The camera manufacturer may even be getting paid to pick a particular provider.
Something worth keeping in mind is that Chinese factories that makes things like IP cameras don't typically have their own (significant) R&D departments and instead work from examples provided by the makers of the chipsets. Sometimes there will be another company involved that provide an "IoT ecosystem" (Tuya is a major player here: https://www.tuya.com/solution/hardware/ip-camera ).
So it's not necessarily surprising that the backend still works even if the manufacturer (Amazon brands are not typically the factory themselves, for practical reasons frequently changing "brand names" are used) is no longer present.
Since the topic of the article is about reverse engineering, I think it is extremely important to remember this. R&D time is very expensive. As people predominantly in CS, we should be aware of this, as this is typically how we are classified. And I think everyone innately knows how much more difficult it is to create something from scratch, the help you get just by having a reference, and how much easier it is to copy (or modify) when you have the thing in your hands (or source).
And it is worth noting that prices are vastly different in China. Labor is much cheaper and licenses aren't respected. The cost of living is cheaper to a smaller profit margin goes a much longer way. As tfa mentions, there are identical cameras sold by different manufacturers. It is unclear if this is typical reskinning or designs being taken. Both significantly reduce the cost of things. I have no idea how much hosting costs in China.
Regarding hosting, it's a big pain point for companies building these systems out of China as the "great firewall" makes it really hard to have reliable connectivity between the Chinese Internet (and datacenters) and outside. The ap-east-1 zone of AWS, based in Hong Kong, is very popular in that context as it tends to be accessible from both sides (so cost is fairly typical of AWS costs in that case). Alternatively Alibaba also have cloud datacenters in Hong Kong with similar properties.
A lot of them the stream is just a relay to create a connection between you and the camera via Upnp or something similar. They aren't actually footing a bill for all the bandwidth.
That may be the case for live viewing, but those that record longer term generally do it to a server out there. I have some from a company called Yi that I now refuse to use: they used to support local recording to SD card instead but that broke and the support answer seems to be “use the remote recording”, the remote recording only supports a short time window unless you pay a subscription, and they started flooding the ap with adverts if you don't pay for the sub in any case. The streams are non-standard so the cameras require custom firmware to make work with open source solutions, so I've just bought some better cameras that are said to work out of the box. Now I just need to get around to setting them up…
I bought one on AliExpress for just under 18 EUR. Mine works similarly, that it streams to some server in the cloud. I knew this, and only connected it for testing a little bit and made sure to not put my face or any of my documents etc in view of the camera.
The company behind the one I bought does seem to have a slightly better business model though. With them you can use it free to see live or you can pay them a monthly fee for recordings.
As for me my plan is to put it on a LAN without internet access and figure out how to get the video locally.
I use a Raspberry Pi to run a Tailscale subnet router on the LAN. I installed some cheap IP cams but blocked all Internet access so they can only access my LAN. With the Tailscale subnet router I can still get remote access to the camera streams from my phone.
Make sure to also specify a domestic NTP server - it may refuse to work until the time is synced, and most of the cheap cameras I looked at sync time with China by default.
A network of always on, always connected IP cameras with synchronized time and position is a perfect supplement to reconnaissance satellites. My neighbours buy and install them all over the place and it infuriates me, as their only buying criterion is "cheap". I'm investigating ways to permanently disable or cook these cameras over WiFi frequencies.
This may come as a surprise, but it's not just hackers (or China) that you need to worry about. I've worked at a couple of FAANGs (risk, privacy, compliance) and was shocked by the lack of internal guardrails. Here's Amazon Ring settling with the FTC - company's own employees were watching customer video feeds for entertainment:
I use Nest cameras at home instead of ring because based on work at Google I expect there to be strong internal guardrails relative to Ring (also heard about their lax standards), but happy to hear anecdata from (ex-)Nest engineers about potential issues.
I would love to hear from ex-Nest engineers as well about internal access. As for hackers, I remember seeing multiple Nest hacking incidents in the press a few years ago, but it appears they've hardened the system since then:
Since someone mentioned 'declouding' here, my startup (well, scaleup now) makes a few privacy-first, autonomous (no cloud) video security products - on-prem video security hub, relays for automation, cameras.
I was also getting sick of cloud-based 'smart' cameras that ping random servers in China, so we made our own 'dumb' cameras that are fast (Uniview hardware with our firmware inside).
If anyone here is interested, I will happily share more info. Always interested in product feedback.
This is exactly what I've been looking for. There's plenty of cheap RTSP and ONVIF compliant cameras coming out of china, but I trust them exactly 0%. I also don't trust us-based companies with remote access via their services. So I'm learning how to partition my home network to not allow the cameras on a vlan to not access the outside world.
But then I need to figure out how to access the video streams.. from the network my computer is on that does have access to the outside world.
I'm a firmware engineer, so I haven't touched networking since my IT job in college.
Here's a setup that works. Get POE cameras. Get a powered switch with sufficient power to power the cameras. The cameras and the switch form their own subnet. Get a PC with two Ethernet jacks (or an Ethernet and a WIFI). Install NVR software, Blue Iris, iSpy, ZoneMinder, etc, on the PC to record and process the videos from the cameras. These softwares are all good with RTSP and ONVIF, with easy camera detection via port scanning. Connect the PC to the switch on one Ehternet jack and connect it to your general network with the other one (or WIFI). The cameras are running in their little isolated subnet. The NVR PC sits between the camera subnet and the general subnet. Access from outside reaches the NVR PC only, not the cameras. You can even open the WAN firewall to reach the PC's WIFI side to access the videos from Internet. Some of these NVR software can stream videos to outside phone apps or web apps.
Sorry if I came off negatively. I was responding to OP. Your products look good. Here's a bit of my experience on using NVR if that helps in better product design.
Most NVR's are PC + powered switch built into one. I found them to be running very hot most of the times since they need a fairly beefy power supply to power the cameras and the PC itself. The WIFI only NVR's are much better and the only power drawn is video processing on the PC. Blink Module is a good example.
Another problem is the tight integration of hardware. When I have more cameras than the PoE jacks on the NVR, it becomes obsolete. When some hardware fails on the NVR, the whole thing fails. My last integrated NVR developed a problem in the disk controller and the whole thing couldn't be salvaged.
In the next round of setting the system up, I decided to de-couple all the pieces for better maintenance and upgradibility. The sweet spot I found is: cameras + powered switch + PC + NVR software + external USB storage. It has work great so far. The old PC was underpowered and I swapped it out without impacting the other pieces. I added more disks as needed with minimum fuss. I replaced some of the cameras without much problem.
You're right in that ordinary customers probably won't do all those. For a customer product, a NVR that works with WIFI cameras makes the easiest sales. It has much lower hardware requirement thus keeping the cost down. WIFI cameras are easier to set up and thus plentiful. If it has an Ethernet jack, you can sell a separate powered switch to make it work with the PoE cameras. Basically it's a souped up Blink Module that works with other cameras, with storage, and can stream to apps and web.
I mean you can sell a whole package of the pieces, plus phone apps and cloud storage, to offer a complete solution. Most of the pieces are off the shelf, but you can still offer a complete solution with some critical proprietary pieces like your NVR software. Of course you can offer piece by piece as needed, as long as all the pieces can fit together. There're a lot of cross selling opportunities.
I appreciate this. This will definitely help with product decisions.
Btw, our video security hub (aka Spartan) has NVR capabilities built in - but it's more selective about what it's recording (based on the rules you've set). It can coexist with an NVR on the same network, or it can replace it entirely. And it can work with WiFi cameras, today (we just recommend wired for security).
> Also, this feels like my Dropbox moment (the infamous comment below) :)
Isn't that just the whole cloud (and also a gazillion other services)? I think the argument of "Why pay DropBox when you can just FTP" also applies to why pay AWS when I can manage my own servers? And then to further extend, why pay the supermarket when I can just grow vegetables at home?
Mine are ONVIF-discoverable and will expose RTSP (H264 and H265) URLs and a snapshot URL. As I mentioned, they are 'dumb' (video and snapshots are their main purpose), and it's the security hub that makes them smart. No cloud-based remote access, your data stays on your device.
If you decide to check it out, and feel free to ping me (email in profile). I am proud of these things, for the reasons you mentioned :)
If your cameras are PoE, you can use an NVR that doubles as a PoE switch and can create a separate network for the cameras. Some NVRs will also relay RTSP from them so it will be accessible on your LAN. Alternatively, adding static routes to devices will allow them to see the cameras locally.
Unfortunately, the NVR will probably have the same type of vulnerabilities as the cameras in question (they come from same manufacturers).
While I share your concerns about the security implications of sending video to the cloud, the way I see it if someone's burgling my house they're probably going to steal whatever I'm using for on-prem video storage while they're at it.
And while I could secure it in an impenetrable or hidden box - if I have such a box I can put all my valuables in the box, and feel peace of mind without needing any cameras.
These are good points. The main problem we're solving for people is real-time awareness and automation/prevention. The device monitors your cameras locally (no cloud), notifies you, and/or performs actions locally (play barkingdog.mp3, close gates, turn on the lights, etc) that act as a deterrent. Even if your uplink is down.
Now, if someone's broken in, that's a different problem. You want video evidence for investigative purposes. The device is small, energy efficient (10-20W typically) and can be easily hidden (provided you supply power and LAN ethernet to it). The storage is encrypted. And we'll be introducing an option for your own offsite backup (again, optional and not centralized).
I'm really interested to hear more about your work too! I've had a few situations where IP cameras would have been ideal, but I dropped the idea after examining a handful because the firmware is invariably too awful to contemplate running.
Reading your later replies, I gathered you took a standard camera but wrote clean new firmware for it. Is the SoC on these devices supported by mainline tf-a, u-boot and kernels, or are you stuck on ancient manufacturer ('BSP') kernel forks and so on? What does the userspace you've put together look like?
I've been looking for a camera to recommend for use with my open-source NVR. [1] This sounds promising, but I have a few questions.
* What's the status of Uniview? Are their cameras allowed in the US under the 2019 NDAA? still receiving FCC approvals since the Secure Equipment Act of 2021? Does Uniview participate in the Uyghur genocide?
* Do you have any models with large sensors, e.g. 1/1.8" or wider? I prefer good night performance if possible, which I believe requires each pixel to be physically somewhat large. There are a lot of many-megapixel cameras with 1/3" sensors out there, which aren't so great there.
* What's the pricing? Your camera page [2] has "contact us for info" instead of a price, and when that happens I usually assume it's too expensive for the DIY crowd and drop out.
1. Uniview [told me] they are NDAA compliant. Most (not all) of their NVRs and cameras are compliant. I was not aware of their involvement in the genocide, but I do see mentions of their facial recognition tech potentially being used. I don't know enough to comment.
This is their formal statement regarding their NDAA status:
2. we are now working in a new line that will have larger sensors, better low-light capabilities, better audio (2-way). We will publish more in Q4.
3. we've been working with professional installers primarily focusing on SMB, so our current 4MP (2.8mm and 4.0mm) cameras can be in $100-200 range depending on volume. 2MP cameras are sold in $80-130 range. With SMB, price hasn't been an issue. I understand this is not particularly useful for DIY, we're just preparing to start selling direct - and aiming to release cameras in $30-80 range.
You can ping me (contact info in profile) if you need more info, or how to evaluate risk-free. Just bear with me as we figure out the DIY route. :)
Man, so close. Your prices sound really reasonable to me, it's nice to hear that you're preparing for direct sales and for a larger-sensor line. But this does not look good: https://ipvm.com/reports/uniview-uyghur
> Perhaps for the new line, we should consider making our own instead of OEM.
I'd love that. I would buy and recommend these.
The big Chinese companies have good hardware and prices but as you can see I'm not a fan of their ethics. There are a few companies (e.g. GeoVision, and seemingly Reolink even though they're also Chinese) that at least don't seem genocidal but don't offer the good low-light performance. Axis hardware looks really nice but just doesn't seem within the realm of hobbyists price-wise. And then there are the various cloud options.
I have a few Reolink outdoor cameras (again using them as video sources, with cool features disabled) and I am generally happy with the performance. I've had one of them fail after a couple of years. Axis pricing is insane, but they work well.
I will keep you posted about what we roll out. Maybe do a ShowHN even (that's a scary concept)?
Good point. I don't know how to verify that from just the spec sheet though, where as if the sensor is tiny I know not to get my hopes too high.
Is there a question one can ask a camera vendor to reveal glass quality, or when the sensor looks promising is the next step to take the plunge and buy one to try?
This is a great run down of the process to extract the firmware from these types of devices without desoldering the flash. I've done a fair amount of reverse engineering and a lot of devices have similar vulnerabilities.
I think more time needs to be spent looking into these commonly used, cheap IoT devices and educating consumers on the risks of using a poorly secured device on their network.
The upside of these vulnerabilities is that you can run your own code on these! 'Declouding' is great as it can extend the lifetime of these devices and make using them more private.
"This first difficulty was to find information about the camera. Despite having a company logo printed on its front, I could not find any information about this company on Google. I found several identical cameras being sold online, but under different brands, all of them seem to be Chinese names."
Why does this continue to surprise people? So much sketchy garbage coming out of China is sold under numerous "brands". Just look at a lot of computer stuff sold on Amazon.
I mean, there isn't much the cameras have to do. They need an SoC that can process relatively low resolution video and output it over a network. Anything complex is intended to be done through a cloud service to sell a subscription. Consumers don't want to pay for expensive cameras, so they use an OEM that has designed a super basic camera that is built in high volumes to make use of economies of scale.
We've done exactly that with our cameras, I feel cameras are a commodity. Our Cameras are built by Uniview but run our firmware.
Outside of cameras (which also feel need to be very basic), we do have our own hardware design and manufacturing capabilities: video security hubs, PoE and WiFi relays.
Do you worry about the risks of using a Chinese OEM considering the rulings against Hik and Dahua for NDAA and the FCC? Seems like the smart move if you are using an OEM is to at least use one of the Taiwanese OEMs
Consumer grade cameras are definitely commoditized, but the higher end cameras with on camera analytics aren't.
I mean, what exactly do you need innovated? I have a bunch of these cheap cameras (firewalled to only be accessible via LAN of course) that are nearly 6 years old now. They stream 2K video reliably, my DVR records for me, they have excellent quality night-vision via infrared, and I can access them via VPN. What's to improve here?
Better on-device identification of objects and motion would be useful. I care more about a person standing on my porch than I do the neighbor's cat.
Better local integration would also be useful. (Axis cameras have supported writing (and recycling) video on a local SMB share for a very long time, with nothing special required on the back end -- but they're not consumer products).
Improved image quality would also be useful. There always seems to be a certain softness and definite lack of fluidity in consumer cameras that has been solved in things like cheap smartphones and GoPros for a over a decade.
Tight integration with local home automation systems like Home Assistant would be great, so I can observe and control all of the things from a central point using my pocket supercomputer.
But otherwise: If all one wants from a camera is for it to take OK-ish pictures and send them down the pipe, then that's a reasonably-solved problem.
This is really one of the use cases of TinyML. On-device ML to detect motion, etc. As microcontrollers are getting more powerful, more and more is possible. Just look at https://www.tensorflow.org/lite/microcontrollers
I guess that depends on who's asking, and what kind of response they want.
At home, I don't use Apple Home or SmartThings. It is unlikely that I ever will.
I own an iPad that I use every day and my phone is a Samsung, but I already have already adopted enough ecosystems with Google Home, Alexa, and Home Assistant, and I'm working on minimizing or eliminating two of those because they're clown-based.
But I am a geek that likes to tinker with electronics and software. I recognize that I am an outlier.
But I will cheerfully pay extra for stuff that Just Works with Home Assistant without using the clown, and that would probably apply to cameras as well.
It sounds like the space is already fragmented (with multiple ecosystems competing for your devices and attention). We will look into Home Assistant compatibility.
Smart camera. Attach a microphone and speaker with the camera. Any movement at odd times and you get a WhatsApp video call on your cell phone. You can watch the other person and can talk to him, "Hay! what are you doing at my home?"
I was wondering if that's already available or not.
I don't. I am happy with 2k video in most cases, and good picture quality in low light conditions (accurate color is nice also). 2-way audio can be useful but not a deal breaker.
What I meant when I said there's very little real innovation is exactly that - the fundamentals are good enough (and have been for a few years), and the bulk of product innovation is in how to make cameras smart with AI - which only makes them slower. I like my cameras dumb and fast.
Only thing I'd mention is that the old school "web server runs on camera" model is really dodgy when the average user just plugs it in, fires up a mobile app, and sees their camera - then assumes all is well.
So many security issues and exploits for those things. Hardcoded passwords, backdoors, and loads of exploits for gaining SSH or telnet access on very common models.
As much as I hate the current shift toward camera-remote server setups (and their inevitable subscription fees), I can't imagine expecting your average buyer at Amazon or Walmart to properly configure and lock those things down. At least if it only talks to Amazon or Google or whoever, you won't be able to find it in a port scan and pull an image using admin/admin or whatever.
So to avoid the risk of someone wardriving your neighborhood and hacking into your camera, it's better to...send all the data to China and trust them to protect it?
In all fairness (there are multiple precedents), a US-based provider won't protect your data (from internal employees) either. Any centralized video monitoring system is a ticking time bomb.
Sorry, why the downvotes? Is something here factually incorrect? Didn't AT&T just 'lose' private data from "almost all customers"? The only truly private option is keeping your data on-prem.
Agree completely, and the only times I've used IP cameras, they were separated from the main LAN, had no access from outside, and provided a stream to a NAS running NVR software.
That said, I can see the average user having a better outcome by "outsourcing their security" to Google, Amazon, and the like. Not ideal for exactly the reasons you stated, but seeing as very few people are going to set up or maintain an on-premises solution, I think the odds are still better than "random Chinese IP camera running a web server and viewable via a janky phone app outside the LAN".
The move to doing everything on phones has only made it worse. At least when you were expected to log in via a "proper" browser for initial setup, you could be prompted to set a new password, update firmware, or make changes to settings. The phone-centric ones I've seen are basically "plug in, scan QR/type serial/connect to temporary AP, (confusing techie stuff happens magically here), now you can watch your dog on your iphone from anywhere!"
Ignore the part about how this actually happens and how anyone can just scan port 8000 or whatever and connect with the hidden root login.
When I had my first child a decade ago, someone gifted me a PTZ camera that was viewable through a smartphone app.
I set it up, connected it to wifi, and it worked... for about 4 days. Resetting it didn't work. Called the company and they sent a replacement. Same thing happened.
I noticed that it had used UPnP to map a public port to itself. I never tried hitting it with anything, but I made the assumption that it was getting pwned. I threw it away.
That experience makes me agree with your assessment.
One piece of advice - when it comes to privacy and security, wired > wifi. I always recommend wiring (PoE). Jammers have recently become cheap and accessible, and burglars can now turn off whole neighborhoods.
I absolutely do. I don't find wireless cameras to be a compelling product in any personal or professional use case, but I see their appeal. I only used the thing because it was a gift.
When it comes to baby monitors, which the device I had was marketed as, I actually prefer analog (because static is better than non-functional) with a dedicated receiver, but I'll use just about anything without a TCP/IP stack :)
A new-ish project for a replacement firmware for Ingenic based cameras is here https://thingino.com/ . The developers are super active and very responsive.
I love firmware projects. It's not just about the security. Manufacturer's own software is often clunky, slow, and sometimes requires browser plugins (!!!). The hardware is usually OK, it's the software that makes these products horrible.
One thing I have setup on my computer is a custom DNS server that routes traffic by default to 8.8.8.8 (Google) but allows me to route certain domains (ex. ones you want to sniff) to your own webserver. Half the time there isn't even proper SSL protocols in place, making it very easy to see what these devices are sending over.
I was just testing a Roku camera (was on sale for $23 from roku.com, I think) and it had the same feature (setting up wifi by showing it a QR code), which I thought was neat. However, it doesn't look like it exposes RTSP and works with the Roku app only (even Wyze, seemingly using the same OEM hardware, has a way to enable RTSP).
It would be really good to see this kind of effort on the Amazon Blink cameras, I know people who are returning them because they are app-trash no differently than the no-name (multiple ghost names actually) hardware like this.
There's lots of garbage cameras now of various quality that behave the same way.
What's needed is a replacement firmware and simple flashing technique for the most popular units to appear, so it's not just one hacker getting proper performance that the hardware is capable of.
Yikes, that ASIC is so advanced that any product built around it will in some ways be designed for the landfill far more so than an equivalent that was generic.
I faced a similar problem recently, where the IP cam I had was streaming video through the internet and it was Chinese ofcourse. But I found a much simpler solution to avoid it. The camera had rstp support and internet forums have already guessed the rstp url so I used that to hook it upto my surveillance system. Regarding avoiding transmission to internet, I just disabled internet access to that device and boom it became offline camera.
This was great, I loved all the parts it was super thorough :) You have to love serial ports on embedded devices, especially non password protected root access
I am using an Amcrest camera to watch my feral cat Bob B when I am not there. (I am working on him getting enough trust to walk around in the floor when I am there but it is still something he does every other day)
I was amazed at how easy it is, especially the software experience. The mobile app is easy, the web app is easy, RTSP is easy. If I want to add more camers and set up a server to record (like ZoneMinder) that looks easy too.
So far I use the web interface to check in on Bob B live when I am in the other house (where I live) or in the house that he's in (which has two rental units under renovation)
One time I saw he was on the floor and I ran over to the other house to peek in through the window on him which seemed to piss him off. So I try not to do that.
works with many camera brands and can do all sorts of detection. It's a slight hassle because Zoneminder wants its own filesystem, I could install a spare SSD I have into my home server or maybe I could set up another computer to be a zoneminder server in the rental. I have a microwave link between the houses and it might be better to spare it, but I am worried that anything in the cat room could get sprayed on.
Sounds like a good DIY option. Do you have to pay for their remote access service to monitor the cat remotely? (asking because I saw it on their pricing page, wondering whether required or optional)
I wish I could run Tailscale on it and use it everywhere with my tablets, laptops, etc. but I can't. You could probably port forward the web server, but you could have a premium experience with ZoneMinder.
I picked that camera out because I was looking at ZoneMinder's web page and thought Amcrest had a pretty good product line in terms of value. At my Uni they've installed a lot of Axis IP cameras which are quite a bit more expensive and are definitely tougher and higher performance.
I did a similar thing with the Xiongmai camera's I bought to keep an eye on a newly built barn/stable/clinic here on the farm and used the information to create a CLI tool to control the camera's:
I never allowed these camera's or the included DVR (which I do not use since I use Zoneminder [1]) access to the internet, they are confined on their own subnet which does not allow egress other than to my own networks nor ingress from other sources. That is true for any and all network-connected special-purpose hardware, e.g. the Fronius inverter - made in Austria - does not get to access the internet either. I pay for the hardware and I provide my own service infrastructure, I see no need to pay again with my data.
As an example Lorex, a Canadian security camera company founded in 1991, is currently owned by Dahua Technology, a major Chinese video surveillance manufacturer. Dahua acquired Lorex in 2018, which has led to some security concerns and restrictions on Lorex products' use by U.S. government agencies.
Lorex cameras aren't banned for personal use in the US, but face restrictions for government agencies due to cybersecurity concerns. If you own a Lorex NVR system:
Update firmware regularly
Use strong passwords
Limit remote access
Consider network segmentation
Monitor for unusual activity
No need to discard your system, but stay informed about developments. Alternative options exist if you're concerned.
Lorex cameras were rebranded Chinese cameras before 2018, too. For example, the Lorex MCNB2151 is a Hikvision DS-2CD2032. I think they had Hikvision and Dahua models prior to 2018; maybe it's all Dahua now.
> Lorex cameras aren't banned for personal use in the US, but face restrictions for government agencies due to cybersecurity concerns.
Not entirely sure the first half of this is true. iirc not only are many banned for government use under the 2019 National Defense Authorization Act, but also they've stopped issuing FCC approvals for many of these under the Secure Equipment Act of 2021.
It'd be easy to get around this ban, but I won't. I believe Dahua and Hikvision are active participants in the Uyghur genocide. They've made custom software specifically to support this genocide (ethnic feature identification models) and have contracted to install their cameras themselves at "re-education camps". See e.g. https://www.theguardian.com/world/2021/sep/30/uyghur-tribuna...
I am still using some Hikvision and Dahua cameras I bought prior to learning about this. My network configuration does not allow them to contact the outside world. My NVR connects to them via RTSP. This is the only way to do it with cheap, untrustworthy closed-source IP cameras.
With my limited knowledge of network technologies, I still found it relatively easy to setup a Pi Zero + Raspberry Pi Camera Module system to stream video over RTSP to VLC software on my desktop or phone. The stream quality is pretty crappy, but I am hoping that, at least, this would not send my video to some Chinese servers. Anybody else experimented with such setup?
I've been playing for a while with various *Pi like boards (mostly Orange Pis) and the ustreamer software which is very light and well suited for small boards like those.
Yes, most of our early product prototyping was Pi-based. I've experimented with cameras, parallel stream processing, opencv, even voice assistants. It's a great platform. Happy to answer any questions. Also, lots of tutorials (on Medium and YT) for your exact setup.
I looked at some tutorials and videos, but I can't seem to be able to create a smooth stream no matter what I try: different frame rates, different resolutions, etc. RTSP streaming works reliably for me, but the stream is always choppy. Have you had a better experience?
You mentioned VLC playback is choppy on your desktop or phone. Have you tried local playback (VLC on your Raspberry Pi that's doing the capturing), is it smooth there? Also, what does CPU and memory usage look like when you a) play locally, b) stream RTSP over the network to your desktop/phone. These should steps should help narrow this down.
TL;DR: Some dude didn't spend effort identifying a product suitable for his expectations / requirements, now instead wastes it post-purchase on trying to understand the product in order to solve the situation.
Bandwidth to and from China is not that cheap, and you could be running this stream 24x7. The streaming service still works 4 years later even though the company whose name is on the camera has vanished.
So, who is paying the server/bandwidth bill? The camera is too cheap to afford indefinitely providing this service, so you can only presume that you're paying in another way. Probably there is some third party in China that the camera manufacturer makes a deal with. The camera manufacturer may even be getting paid to pick a particular provider.