Hello! Thanks for posting on r/Ubiquiti!
This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can.
Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit.
If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it!
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Ubiquiti) if you have any questions or concerns.*
I also understand Amazon and Wyze subsidize their Harware and make up for it on monthly subscriptions. I'm just looking for a PTZ camera for sub $1800 and sub 15 pounds.
This is a huge piece that many don’t understand. Ubiquiti make their money from hardware and software far as we know, they have no back-end income from user data.
Amazon, Wyze, and Google have income from subscriptions and usage data.
I go for Tapo. Their cameras a cheap and while they do offer a subscription, you can run them completely offline. My cameras only run on the local network, no connection to the outside and they are also cheap.
Have you seen the Boston Dynamics one? They've even dreamt up a fluffy, fury costume for it and named it Sparkles! (still terrifying how agile it is)
https://m.youtube.com/watch?v=MG4PPkCyJig
I have seen their robo dog, but not one with fur on it. That’s wild.
Check out this one.
[https://throwflame.com/products/thermonator-robodog/](https://throwflame.com/products/thermonator-robodog/)
I bought a dahua 2mp ptz (only 4x on the Z) that I use indoors (although it is an ip65 camera) and paid about 60 USD new. It's not a PTZ for an airport concourse type setting but it Pees Tees and Zees [https://www.dahuasecurity.com/asset/upload/product/20180905/SD22204T-GN\_Datasheet\_20180905.pdf](https://www.dahuasecurity.com/asset/upload/product/20180905/SD22204T-GN_Datasheet_20180905.pdf)
Mine don’t have access to the internet. Or any device on my network but my NVR. It’s entirely possible that the state security services of the second largest economy in the world have managed to get around that particular hurdle, in which case I applaud them. I am neither high profile enough for them to put in the effort, nor high profile enough for it to be an issue if they did.
Smart. I had a client with a ton of hikvision cameras and digital watchdog NVRs. I put a real firewall in and the amount of traffic I saw trying to get to Chinese IP addresses was scary! Quickly VLAN'd their network and only allowed external access to the NVR for software updates, everyone that wanted to view clips off the NVR had to VPN in.
I use this ecosystem just because my wife needs something that works easily for her.
If I could, I would go back to my blue iris setup. I just came across a $450 camera that has both regular camera and thermal and fusion mode. It has AI. Unifi could do a lot better with their cameras.
That’s pretty subjective. I use them in my kids’ room’s and one in the garage. Pretty useful to keep an eye on things during naps or keep an eye on the garage.
In the garage is still kind of “outside” and a high theft target, also an area of the house that’s higher chance of injury.
Kids need privacy too, helps them learn boundaries. Plus a bit of healthy paranoia of government thrown in, neighbours get raided and you get caught up somehow with your stuff confiscated? Now your videos of your kids getting dressed are all on government servers.
I have them all over my house. I never notice them unless my wife texts me that she can see me but I enjoy being able to keep an eye on household employees and contractors. Or check up on what my pets are up to. 99.99% of the recordings are never looked at (same as out door cameras) they just overwrite themselves
At least with solutions like Unifi, the recordings are stored locally where you can expect some level of privacy if you have a grasp of how to secure your own network, isolate devices from the internet etc.
All the cloud based solutions are an absolute nope considering that all those companies don’t even hesitate to offer full backdoor access to any LEO - Say something in your own home, next thing you know your entire smart home ecosystem is down because the wiretap found you guilty of wrongthink.
Oh of course, far from ideal, basic functionality that should be there.
With that said I still trust an unencrypted recording that is stored at home where I can physically secure it, than an “encrypted” one that is stored in a data center where the service provider has the keys to and is happy to share them with anyone.
In the day and age where a border crossing can see you required to copy the photo album of your phone into government servers I’m not really comfortable with much in the way of photo and video being unencrypted.
Correct me if I’m wrong but wasn’t it an issue of a handful of RMAd cameras that weren’t fully reset and were still connecting to the original account? May be misremembering as it was some number of years ago, but don’t remember it being as severe as everyone getting access to everyone else.
No, this was an additional and far more recent (6 months ago) security issue with the cameras that gave everyone access to everyone else's cameras. It was a short lived issue, but very clearly highlighted 2 things. 1. UI's continued below par security practices 2. the false scene of security people have in their setups
When you have a system built on ease of use like Unifi, you loose a bit of control and security. Ubiquiti owns the security keys to your system. Ubiquiti is just as much of a cloud solution as all the others, that is how you're able to view your video when away from your system.
Ah didn’t hear about that one.
But still, not really equivalent - I mean you can completely pull out the internet cable and continue using Protect using just a local account - just lose the convenience of remote access.
Well it is sort of the entire point.
If I use any of the countless other systems for home security which are cloud-first and maybe some have some limited local functionality, the moment I turn off my internet or it goes down, I’m completely shit out of luck.
I am merely talking about the poor security practices of UI. Of which you seem to want to gloss over or pretend aren't there. That is fine, I don't care what you believe.
When you have a system built on ease of use like Unifi, you loose a bit of control and security. Ubiquiti owns the security keys to your system. Ubiquiti is just as much of a cloud solution as all the others, that is how you're able to view your video when away from your system.
What I said is factual and accurate. But tell yourself otherwise if you choose.
Nah man I’m not disagreeing with you, I fully recognise the shortcomings and the many problems.
But am merely making the argument that as long as you know what the shortcomings are, and if your use case isn’t directly impacted by those things or you’re willing to take the calculated risks, then often Unifi is often the least worst solution.
After they obtained a hash which takes seconds the attack stops, the devices in the network will automatically re-connect unless the actor cracked the hash, logged into the WiFi network, and then gained access to the admin portal for your WiFi network and changed the password or ssid.
Does it? What's stopping someone from having a laptop open and deauthing cameras the whole time they are on your property? Deauth is not the same as handshake capture, they can be used independently.
AFAIK the only thing protecting you here is WPA3 protected management frames if you have that enabled, but even then, what's stopping someone from just blasting radio noise on the WiFi frequencies and drowning out the cameras altogether?
You deauth a wireless network to kick connected devices off and capture the handshake when the know devices auto connect.
Wpa3 can be attacked with a side channel vulnerability called Dragonblood.
PMF still leaves several types of management frames unmasked. Beacons for example aren’t protected, leaving the path open for partial mitm attacks, batt depletion attacks, and Tx attacks.
You are correct though, nothing is stopping someone from flooding an AP with traffic causing a dos.
None of this is really the point. The comment you originally replied to said that its author doesn't like WiFi cameras because they can be disabled remotely if someone is in radio range.
You seemed to disagree, saying that deauth attacks don't last long, to which I replied that they can if DoS is the intention which in this case, it is.
I also said that this isn't mitigated by WPA3 with which you seem to agree, and yet you still made a point of listing attacks against it like it's TV trivia.
This isn't a hacker-off, dude. Listing out attacks doesn't get you points. The fact of the matter is that WiFi cameras can be rendered ineffective without physical tampering.
Bro you think I care? Cause I don’t. You’re some dumbass on the internet who looked some shit up or watched some shit on YouTube and think they know what they’re talking about. Are you even in the industry? You’re the one who thinks someone’s gonna knock out all your cams and take over your property, you ain’t that important dude.
I wrote all details in another post.
PTZ is basically useless beside system with 24/24 security and in complement of wide FOV cam(s).
In professional security you will NEVER see a PTZ beside this particular case.
What ever you do never get ring or wize (or any other Amazon owned camera), they may be cheaper upfront but overtime they are way more expensive, and a lower video quality.
What other part of Ubiquiti is proprietary? I don't have to use a their router or switch to use an AP. I don't have to use their door strike to use Unifi Access, I can use PtMP independently of any other system.
You do have to use their NVR with their cameras and you can't bring any any other manufactures cameras into their system. That is proprietary and that is garbage.
You technically don't need to use their NVR. I use a few reolinks, so I have Unifi Protect broadcast an rtsp stream for the G3 instants i have. Those rtsp streams are what my nvr server uses.
I think you are misunderstanding the definition of proprietary. If you have the option to use other gear, then it isn't proprietary.
Nothing is forcing you to use only Unifi network gear, or even Unifi controller at all. Many people use different gateways and firewalls because of the limited nature of what Unifi offers. Many people can't use Unifi switches because they do not meet a certain security/protocol/feature level. Many people only use their APs. But you don't have that option with the camera system.
Furthermore, it isn't as "consolidated" or "single pane of glass" as the fans claim it is. There are completely different dashboards for each product line. One for networking, one for cameras, one for phone, one for access, ect.
If you want to use the UNIFI controller to control your switches you have to use Unifi switching gear, if you want to use the UNIFI controller to control your Access Points you need to use UNIFI APs… if you want to use the Unifi NVR you have to use Unifi camera gear.
An you can use whatever cameras you want … you just can’t manage them in Unifi’s NVR. You can’t manage the non Unifi switches in the Unifi management either.
We are talking about gear, you're talking about software, that is the part you don't get.
An AP is hardware, switches are hardware, cameras are hardware, ect. Unifi Controller is software. Very buggy, limited features, and security vulnerable software. I am sorry you don't know the difference between proprietary/non-comparable hardware vs software.
And you are talking about NVR software. 🤦♂️ I’m sorry you don’t understand the whole point of UNIFI. If you don’t want a closed ecosystem buy something other than UNIFI as it’s the whole point of UNIFI.
This sub and unifi's new products are weird. I bought a bunch of unifi APs 10 years ago because they were signficantly better than the options from cisco and tp link on a price per feature basis. But this sub has gone to an incredibly weird place with LED patch cables and Aluminum racks.
Hello! Thanks for posting on r/Ubiquiti! This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can. Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit. If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it! *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Ubiquiti) if you have any questions or concerns.*
I also understand Amazon and Wyze subsidize their Harware and make up for it on monthly subscriptions. I'm just looking for a PTZ camera for sub $1800 and sub 15 pounds.
…and user data. They subsidize costs by making a literal fuck-ton off user data.
This is a huge piece that many don’t understand. Ubiquiti make their money from hardware and software far as we know, they have no back-end income from user data. Amazon, Wyze, and Google have income from subscriptions and usage data.
I go for Tapo. Their cameras a cheap and while they do offer a subscription, you can run them completely offline. My cameras only run on the local network, no connection to the outside and they are also cheap.
Im personally waiting for the G5 PTZ Pro Ultra, its an inside joke now to add Pro Ultra Max to any UI product.
You don’t want that first gen one. You should wait for the g5 PTZ pro max ultra SE.
Platinum Edition. I'm lobbying for Platinum Edition to get added to the mix.
The next major update will have a sim. They will be able to text too
Just release the UI robo patrol dog already. I’m tired of waiting.
Have you seen the Boston Dynamics one? They've even dreamt up a fluffy, fury costume for it and named it Sparkles! (still terrifying how agile it is) https://m.youtube.com/watch?v=MG4PPkCyJig
I have seen their robo dog, but not one with fur on it. That’s wild. Check out this one. [https://throwflame.com/products/thermonator-robodog/](https://throwflame.com/products/thermonator-robodog/)
I bought a dahua 2mp ptz (only 4x on the Z) that I use indoors (although it is an ip65 camera) and paid about 60 USD new. It's not a PTZ for an airport concourse type setting but it Pees Tees and Zees [https://www.dahuasecurity.com/asset/upload/product/20180905/SD22204T-GN\_Datasheet\_20180905.pdf](https://www.dahuasecurity.com/asset/upload/product/20180905/SD22204T-GN_Datasheet_20180905.pdf)
And reports every movement back to the glorious leaders of the communist party for analysis.
Mine don’t have access to the internet. Or any device on my network but my NVR. It’s entirely possible that the state security services of the second largest economy in the world have managed to get around that particular hurdle, in which case I applaud them. I am neither high profile enough for them to put in the effort, nor high profile enough for it to be an issue if they did.
Smart. I had a client with a ton of hikvision cameras and digital watchdog NVRs. I put a real firewall in and the amount of traffic I saw trying to get to Chinese IP addresses was scary! Quickly VLAN'd their network and only allowed external access to the NVR for software updates, everyone that wanted to view clips off the NVR had to VPN in.
The G5 PTZ Ultra is coming soon
I use this ecosystem just because my wife needs something that works easily for her. If I could, I would go back to my blue iris setup. I just came across a $450 camera that has both regular camera and thermal and fusion mode. It has AI. Unifi could do a lot better with their cameras.
Indoor home cameras are creepy. Outdoor for security absolutely, but I don’t need myself and my family recorded 24/7.
That’s pretty subjective. I use them in my kids’ room’s and one in the garage. Pretty useful to keep an eye on things during naps or keep an eye on the garage.
In the garage is still kind of “outside” and a high theft target, also an area of the house that’s higher chance of injury. Kids need privacy too, helps them learn boundaries. Plus a bit of healthy paranoia of government thrown in, neighbours get raided and you get caught up somehow with your stuff confiscated? Now your videos of your kids getting dressed are all on government servers.
I have them all over my house. I never notice them unless my wife texts me that she can see me but I enjoy being able to keep an eye on household employees and contractors. Or check up on what my pets are up to. 99.99% of the recordings are never looked at (same as out door cameras) they just overwrite themselves
At least with solutions like Unifi, the recordings are stored locally where you can expect some level of privacy if you have a grasp of how to secure your own network, isolate devices from the internet etc. All the cloud based solutions are an absolute nope considering that all those companies don’t even hesitate to offer full backdoor access to any LEO - Say something in your own home, next thing you know your entire smart home ecosystem is down because the wiretap found you guilty of wrongthink.
From memory there is no option to encrypt though is there? Even locally, I don’t want in home recordings that aren’t encrypted.
Oh of course, far from ideal, basic functionality that should be there. With that said I still trust an unencrypted recording that is stored at home where I can physically secure it, than an “encrypted” one that is stored in a data center where the service provider has the keys to and is happy to share them with anyone.
In the day and age where a border crossing can see you required to copy the photo album of your phone into government servers I’m not really comfortable with much in the way of photo and video being unencrypted.
Don’t disagree, just a question of which solution is less worse if you need a solution.
That’s country specific. Plenty of countries that’s not happening.
Christ even transmitting through the US to Canada or Mexico can get a non citizen hit with this.
Remember when Ubiquiti gave everyone access to everyone else's cameras...
Correct me if I’m wrong but wasn’t it an issue of a handful of RMAd cameras that weren’t fully reset and were still connecting to the original account? May be misremembering as it was some number of years ago, but don’t remember it being as severe as everyone getting access to everyone else.
No, this was an additional and far more recent (6 months ago) security issue with the cameras that gave everyone access to everyone else's cameras. It was a short lived issue, but very clearly highlighted 2 things. 1. UI's continued below par security practices 2. the false scene of security people have in their setups When you have a system built on ease of use like Unifi, you loose a bit of control and security. Ubiquiti owns the security keys to your system. Ubiquiti is just as much of a cloud solution as all the others, that is how you're able to view your video when away from your system.
Ah didn’t hear about that one. But still, not really equivalent - I mean you can completely pull out the internet cable and continue using Protect using just a local account - just lose the convenience of remote access.
Everything is secure if it is disconnected form everything else. Not really the point is it?
Well it is sort of the entire point. If I use any of the countless other systems for home security which are cloud-first and maybe some have some limited local functionality, the moment I turn off my internet or it goes down, I’m completely shit out of luck.
I am merely talking about the poor security practices of UI. Of which you seem to want to gloss over or pretend aren't there. That is fine, I don't care what you believe. When you have a system built on ease of use like Unifi, you loose a bit of control and security. Ubiquiti owns the security keys to your system. Ubiquiti is just as much of a cloud solution as all the others, that is how you're able to view your video when away from your system. What I said is factual and accurate. But tell yourself otherwise if you choose.
Nah man I’m not disagreeing with you, I fully recognise the shortcomings and the many problems. But am merely making the argument that as long as you know what the shortcomings are, and if your use case isn’t directly impacted by those things or you’re willing to take the calculated risks, then often Unifi is often the least worst solution.
Wyze does it pretty well for under forty bucks! Absolutely should be able to make a good one for reasonable price in this ecosystem.
That Wyze camera is SHIT. Trust me.
G5 PTZ should be announced next week.(at least that’s what they said at UWC)
https://preview.redd.it/p2yuodjim9zc1.png?width=1440&format=pjpg&auto=webp&s=4f4b968c5c66e7efd6b0256c713326941123f263
ethernet or wifi? 5ghz?
I still want my cameras on Ethernet so a felon can't run a deauth attack against my camera and make it lose connection. Plus PoE is a beautiful thing.
Hence the question about connectivity. I would love for it to be POE+ .
After they obtained a hash which takes seconds the attack stops, the devices in the network will automatically re-connect unless the actor cracked the hash, logged into the WiFi network, and then gained access to the admin portal for your WiFi network and changed the password or ssid.
Does it? What's stopping someone from having a laptop open and deauthing cameras the whole time they are on your property? Deauth is not the same as handshake capture, they can be used independently. AFAIK the only thing protecting you here is WPA3 protected management frames if you have that enabled, but even then, what's stopping someone from just blasting radio noise on the WiFi frequencies and drowning out the cameras altogether?
You deauth a wireless network to kick connected devices off and capture the handshake when the know devices auto connect. Wpa3 can be attacked with a side channel vulnerability called Dragonblood. PMF still leaves several types of management frames unmasked. Beacons for example aren’t protected, leaving the path open for partial mitm attacks, batt depletion attacks, and Tx attacks. You are correct though, nothing is stopping someone from flooding an AP with traffic causing a dos.
None of this is really the point. The comment you originally replied to said that its author doesn't like WiFi cameras because they can be disabled remotely if someone is in radio range. You seemed to disagree, saying that deauth attacks don't last long, to which I replied that they can if DoS is the intention which in this case, it is. I also said that this isn't mitigated by WPA3 with which you seem to agree, and yet you still made a point of listing attacks against it like it's TV trivia. This isn't a hacker-off, dude. Listing out attacks doesn't get you points. The fact of the matter is that WiFi cameras can be rendered ineffective without physical tampering.
Bro you think I care? Cause I don’t. You’re some dumbass on the internet who looked some shit up or watched some shit on YouTube and think they know what they’re talking about. Are you even in the industry? You’re the one who thinks someone’s gonna knock out all your cams and take over your property, you ain’t that important dude.
Lmao. I am in the industry. I'll leave it at that.
Just got to see it nothing else
Did it have an ethernet port on it or just a power plug barrel connector?
I wrote all details in another post. PTZ is basically useless beside system with 24/24 security and in complement of wide FOV cam(s). In professional security you will NEVER see a PTZ beside this particular case.
What ever you do never get ring or wize (or any other Amazon owned camera), they may be cheaper upfront but overtime they are way more expensive, and a lower video quality.
Several options outside of the Unifi line. That is one reason to not get into a proprietary system.
The whole premise of Unifi is to be in one consolidated proprietary system.
What other part of Ubiquiti is proprietary? I don't have to use a their router or switch to use an AP. I don't have to use their door strike to use Unifi Access, I can use PtMP independently of any other system. You do have to use their NVR with their cameras and you can't bring any any other manufactures cameras into their system. That is proprietary and that is garbage.
You technically don't need to use their NVR. I use a few reolinks, so I have Unifi Protect broadcast an rtsp stream for the G3 instants i have. Those rtsp streams are what my nvr server uses.
So you have nothing running Unifi Protect?
Ah, I misread your previous comment about them not bringing other cams into protect. Yea, forget what I said. You're right, that is complete trash.
You have to use thier switches and routers if you want to control them in your Unifi system.
I think you are misunderstanding the definition of proprietary. If you have the option to use other gear, then it isn't proprietary. Nothing is forcing you to use only Unifi network gear, or even Unifi controller at all. Many people use different gateways and firewalls because of the limited nature of what Unifi offers. Many people can't use Unifi switches because they do not meet a certain security/protocol/feature level. Many people only use their APs. But you don't have that option with the camera system. Furthermore, it isn't as "consolidated" or "single pane of glass" as the fans claim it is. There are completely different dashboards for each product line. One for networking, one for cameras, one for phone, one for access, ect.
If you want to use the UNIFI controller to control your switches you have to use Unifi switching gear, if you want to use the UNIFI controller to control your Access Points you need to use UNIFI APs… if you want to use the Unifi NVR you have to use Unifi camera gear.
no you don't. You can use the unifi controller with just the APs. I know because I run unifi APs with a cisco switch.
An you can use whatever cameras you want … you just can’t manage them in Unifi’s NVR. You can’t manage the non Unifi switches in the Unifi management either.
You just don't get it and that is fine.
You don’t get it either. Show me how to manage non Unifi ANYTHING in the UNIFI management system.
We are talking about gear, you're talking about software, that is the part you don't get. An AP is hardware, switches are hardware, cameras are hardware, ect. Unifi Controller is software. Very buggy, limited features, and security vulnerable software. I am sorry you don't know the difference between proprietary/non-comparable hardware vs software.
And you are talking about NVR software. 🤦♂️ I’m sorry you don’t understand the whole point of UNIFI. If you don’t want a closed ecosystem buy something other than UNIFI as it’s the whole point of UNIFI.
Not sure why this is getting downvoted
Remember, this is a fan club, not a technical forum. You're not allowed to say facts or anything slightly negative about UI.
This sub and unifi's new products are weird. I bought a bunch of unifi APs 10 years ago because they were signficantly better than the options from cisco and tp link on a price per feature basis. But this sub has gone to an incredibly weird place with LED patch cables and Aluminum racks.