Competition

Hubless IoT

Stay away from pure cloud hubless IoT services (see IoT Paranoia). These devices go straight to the cloud with no opportunity of local control. This means they must always have access through your firewall and can be controlled by and through the vendor's cloud, in fact they are useless without this access. Vendor lock-in is a problem, as is the concern of remote access to your home network from unknown parties.

Vendor Clouds

Many vendors (e.g. SmartThings, Belkin, TP Link, Amazon, Tuya) use devices that provide both local and cloud based control. Their apps usually failing over to cloud based when the devices cannot be found locally (which can be quite often as the devices/apps cannot navigate anything other than a simple 2.4GHz flat network).

Vendors are also trying to control you with vendor lock-in to their interfaces. Take Wink for an example - they have just announced a transition to a mandatory monthly subscription service for $4.99 (that's $60 per year! for switches and bulbs!). If you choose not to use the service your expensive hub, switches, and bulbs are now "dumb", no improvement over than the $1.50 *reliable* devices they replaced.

Many of these services are free. Ask yourself for how long? More important, ask yourself, "why?". If the product is free, you (your personal data, location, habits) are the product.

AutomationManager leverages the local APIs in these devices and bridges them to your Google account (which you own and control) for remote access and internet IoT service integration. You can then deny those devices any and all access to the internet using your router's firewall.

Don't be fooled by "disable remote access" in their apps as this simply means YOU cannot access your devices. The devices themselves are still communicating with the vendor cloud. To be safe you must configure your router's firewall to prevent them from escaping.

IoT Hubs

Proprietary hubs like SmartThings and Wink (which is now a paid subscription service) will soon be a thing of the past. They're a little better than dedicated vendor clouds, but like them you're also locked in and subject to their clouds and whims. SmartThings is a little better as it supports open source like contributions, but that carries with it other risks (see below), and it still allows cloud access.

Wifi devices based on the ESP8266 chip family are seeing a dramatic price reduction (think moore's law). Your wifi router is already a secure network integration point - most everyone has one and they provide all the encryption that's needed. The need for the variety of custom local networking protocols (which are often open and leave your devices vulnerable) will be dramatically reduced as modern devices switch from proprietary and obscure protocols to wifi/tcp/udp. The need for a separate, proprietary hub/gateway will quickly evaporate (as will the need to buy and maintain an extra piece of hardware from a vendor).

Community/Open Source

Examples include home-assistent.io and open-hab.org.

Generally community source teams start off with skilled people and the best of intentions. Unfortunately the projects grow and eventually age. Bugs may be introduced that cannot be found and fixed, the original authors move on, less skilled developers pick up the reins. There's risk of unscrupulous developers introducing back doors increases which puts your home network and security at risk. And while it can be argued that open source is more easily subject to skilled peer review it often is not unless it's very widely used. OTOH it may well be examined by unscrupulous reviewers that will spot and exploit security gaps without reporting them.

One of the more frustrating aspects are the number of folks building your IoT adapter introducing themselves with "I've been a [fill in an occupation here] all my life. I don't know much about computers but I think I can jump in and help". If they're helping you drywall that is very generous. Unfortunately IoT is much more risky - you're putting your home automation (and often safety) and especially your privacy and security in the hands of an amateur. The keys to your internal network can be synonymous to the keys to your home, or even to your bank account.

Using IoT community/open source can be risky: https://it.slashdot.org/story/18/12/01/2217231/nodejs-event-stream-hack-reveals-open-source-developer-infrastructure-exploit. IoT connected devices can be hijacked to serve as bridges into your network which can then open your network completely: https://arstechnica.com/information-technology/2018/11/mass-router-hack-exposes-millions-of-devices-to-potent-nsa-exploit/

The Home Assistant team found built in vulnerabilities that were exploited by some extensions: www.home-assistant.io/blog/2021/01/22/security-disclosure/ and https://www.home-assistant.io/blog/2021/01/23/security-disclosure2/.

AutomationManager was built by and is maintained by a programming professional with many years of experience and that actually uses the app daily. Great care has been taken to protect your privacy by leaving control in your hands vs MPP owning/storing your data. The small cost is enough to fund development of new features, maintaining the app and providing support. No one else has access to the application source code nor the encryption keys to replace it. Any application bugs are my own, the buck stops with me.

You may also find that AutomationManager, while somewhat complicated due to the delegated security approach, is easier and safer to deploy than open source projects. You may also note that many of the original AutomationManager concepts and ideas have have since been adopted by these teams.

Raspberry Pi

Good enough for hobby and educational purposes. AutomationManager (for java) will run there with a slightly reduced feature set. Bit expensive compared to a low end android phone that comes with its own touch screen, power supply, and battery backup, and somewhat more difficult to manage.

PC Based

Fine as an IoT host if you've already got one and leave it on all of the time. AutomationManager will run with a slightly reduced feature set.

It is counter productive to use an always on PC constantly consuming a few hundred watts as an automation server if your goal is to save electricity by controlling device that consume > 10 watts.

Cloud Services

Cloud based integration through services like IFTTT and (the now defunct) Stringify will be the open integration platform on the internet. This will be the choice of most consumers - bring home a device, connect it to wifi, then integrate it into the cloud. Automate it with the integration services, including voice automation, through a vendor neutral cloud service.

The more savvy will realize the privacy risk this exposes. Those cloud services (including SmartThings) have access to your email address, other service accounts, your external IP address, your GPS location and home address, your SSID and password, and often your current occupancy (home or away). Rather than investing in a custom hub to keep private information in house (or worse, using it as a way to ship that information overseas!), a gateway/hub can be built from a recycled android phone and put to use as an open automation platform. It can also be the secure gateway to the cloud for broader integration without exposing more information than necessary. If the service is free, you are the product!

Voice Services

Alexa and Google Home provide voice services which, once a keyword is heard locally, will record your conversation, then upload it to their cloud for analysis and action. This does require a lot of trust on our part that voice recording only happens as promised.

Integration with these services also requires permission be granted to outside vendor clouds to access your voice accounts ("enable skills") and your voice accounts have access to your device on the vendor cloud ("turn light on") which in turn has access to your local network.

Personally I prefer the alexa/belkin model (which unfortunately is no longer being developed) where the echo/dot device has direct access to your wemo switches locally - no need to involve the belkin cloud. AutomationManager supports this model and will do so until it's withdrawn by amazon.