This is a Draft Post
Declouding Your Robot Vacuum
autonomy, privacy, &drafted February 2026
Let's say you're considering buying a robot vacuum. "It'll clean for me and free up my time", even though "your time" is largely just scrolling Instagram reels.
But that's just you being self-deprecating. It really will help your life and keep your apartment clean.
It doesn't just vacuum. It mops hardwood floors too. And works surprisingly well.
You open the box and read aloud the instructions: "Please install our app to continue".
Download the App
You download the app and it prompts you to create an account. You give it your email and the password you use for every other service. It then asks for your GPS location.
"I don't care"–you say with indifference. "Whatever."
The app connects through the company's servers1, so you can control your robot from anywhere. You can schedule the Robot to run even when you're not home or ask it to clean when your plane lands from a trip. Not explicitly necessary, but still has a real purpose.
Every time you use the app, it's routed through the company's servers and databases in China even when you're already home.
╔══ Your Home WiFi ═╗ ╔══ China ═══════════╗ ║ ║ ║ ║░░ ║ ┏━━━━━━━━━━━━━┓ ║ ║ ┏━━━━━━━━━━━━━━┓ ║░░ ║ ┃ ┃ ║ ║ ┃ Vacuum Cloud ┃ ║░░ ║ ┃ Your iPhone ┃ ──────────────▶┃ Servers ┃ ─────┐ ║ ┃ ┃ ║ ║ ┃ ┃ ║░░ │ ║ ┗━━━━━━━━━━━━━┛ ║ ║ ┗━━━━━━━━━━━━━━┛ ║░░ │ ║ ║ ╚════════════════════╝░░ │ ║ ┏━━━━━━━━━━━━┓ ║ ░░░░░░░░░░░░░░░░░░░░░░░ │ ║ ┃ ┃ ║ │ ║ ┃ Your Robot ┃◀───────────── commands ───────────────┘ ║ ┃ ┃ ║ ║ ┗━━━━━━━━━━━━┛ ║ ╚═══════════════════╝
The robot uses LIDAR to map your apartment. If you pull up your iPhone camera, you can see the lidar lasers flashing on your screen. Wicked cool.
You inspect the device and see the robot vacuum also has a camera on the front of it. You open the manual which tells you it's used for "object detection". You test out the feature and it actually works, somewhat. It identifies chairs and cables and avoids them. But you wonder if they're sending pictures back to their servers.
Nothing here seems to be done with an blanketed desire to exploit you, your privacy, and your data. But it has the potential to. In cyber-security, an issue that could happen is just as risky as a situation that does happen. The only way to stop this is to find a way to obviate the attack vector entirely. You've already sent them your email and password.
As famously joked, the "S" in IOT2 stands for security.
Declouding the Vacuum
You do some googling and find out there is a piece of open source software that can de-cloud your robot. As it would happen, all of the functionality of the device, including the object detection can run directly on the device with no cloud needed. The only distinct advantage of the company app is remote control.
You're giving up an awful lot of security and privacy for what is really a secondary feature at best. So you decide to install the de-clouded software and now your device works without any company's servers or app. Now it never connects to the "cloud".
╔══ Your Home WiFi ════╗ ║ ║░░ ║ ┏━━━━━━━━━━━━━┓ ║░░ ║ ┃ ┃ ║░░ ║ ┃ Your iPhone ┃ ║░░ ║ ┃ ┃ ║░░ ║ ┗━━━━━━━━━━━━━┛ ║░░ ║ │ ║░░ ║ │ commands ║░░ ║ ▼ ║░░ ║ ┏━━━━━━━━━━━━┓ ║░░ ║ ┃ ┃ ║░░ ║ ┃ Your Robot ┃ ║░░ ║ ┃ ┃ ║░░ ║ ┗━━━━━━━━━━━━┛ ║░░ ╚══════════════════════╝░░ ░░░░░░░░░░░░░░░░░░░░░░░░░
Rooting your vacuum isn't an easy process to undergo and the point of this article isn't ultimately to encourage you to do this yourself. To add, the creator of this open source software is profoundly opinionated and espouses their beliefs loudly.
Some opinions that resonate as distinct truths and others that are outright hostile. Getting banned from the author's community chat seems to be a right of passage, as just an earnest intent to participate is enough to get disbarred. But to their credit, the software works and it works well.
A Mesh-VPN: Your Own Private Cloud
Once you root your vacuum, you find it's just running a simple linux operating system. You can ssh into it and run software on it. It's not super powerful, but it has enough resources to run some light software.
One of those piece of light software is Tailscale: a private mesh-VPN.
The internet is public. Go on any almost computer and type in Google.com and you'll get there. A private mesh VPN is not public–only you can access the services on it. You might already login to a VPN at work to access private company services.
Installing tailscale onto your vacuum means you can connect to it from anywhere in the world. Your private data is not routed through their servers3, it just connects your two devices (e.g. your phone and your vacuum) and routes encrypted communication. If you don't want to rely on Tailscale-the-company, you can instead install headscale instead4.
This opens up access from anywhere, privately and securely. And you get a little roving vacuum-VPN that putters around your apartment.
Now your network looks something like this:
╔══ World ══════════════╗ ╔══ Your Home WiFi ════╗ ║ ║░░ ║ ║░░ ║ ┏━━━━━━━━━━━━━┓ ║░░ ║ ┏━━━━━━━━━━━━━┓ ║░░ ║ ┃ ┃ ║░░ ║ ┃ ┃ ║░░ ║ ┃ Your iPhone ┃ ║░░ ║ ┃ Your iPhone ┃ ║░░ ║ ┃ ┃ ║░░ ║ ┃ ┃ ║░░ ║ ┗━━━━━━━━━━━━━┛ ║░░ ║ ┗━━━━━━━━━━━━━┛ ║░░ ║ │ ║░░ ║ │ ║░░ ║ │ ║░░ ║ │ ║░░ ║ ▼ ║░░ ║ ▼ ║░░ ║ ┏━━━━━━━━━━━━━━━┓ ║░░ ║ ┏━━━━━━━━━━━━┓ ║░░ ║ ┃ ┃ ║░░ ║ ┃ ┃ ║░░ ║ ┃ Tailscale VPN ┃ ──────────────────▶┃ Your Robot ┃ ║░░ ║ ┃ ┃ ║░░ ║ ┃ ┃ ║░░ ║ ┗━━━━━━━━━━━━━━━┛ ║░░ ║ ┗━━━━━━━━━━━━┛ ║░░ ╚═══════════════════════╝░░ ╚══════════════════════╝░░ ░░░░░░░░░░░░░░░░░░░░░░░░░░ ░░░░░░░░░░░░░░░░░░░░░░░░░
Autonomy Matters Here
You now have the full suite of functionality with your Robot, but nothing is passed through a random company's nor country's servers. You own your devices. You own your data. You own your functionality.
You might still be asking: why?. "I still don't care." This feels like an awful amount of headache. But what happens when the company you paid a one-time fee shuts down their servers in China? Does your robot vacuum, replete with all the functionality that exists just stop working?.
The answer is largely: yes. There are many instances of this happening. 1, 2, 3. If you care about wastefulness or losing the autonomy to operate the devices you purchased, then you should at least understand this inevitable problem. Hardware that works perfectly fine ends up being put out to pasture for no grand reason. This is called e-waste and it's a bad symptom of consumer culture.
So this isn't just a security or privacy concern. This is a basic functionality concern. If you don't want your working device to one-day become an expensive paperweight, it becomes imperative to retain control over it end-to-end.
Other Benefits
I've been running my vacuum this way for over six months and it works great. On top of which, rooting your vacuum means that you get to customize it to your liking. So, of course, there is only one thing left to do:
[video will go here of my robot playing dj roomba]
After going through this whole philosophical journey, I thought deeply about what other devices I run on my network. What other clouds I route my home's devices to. In doing so, I found an old thermostat5 that can be privately hooked up to my mesh VPN, totally secure and controllable from anywhere. No Google servers. No foreign-country's networks. Just private, controllable from anywhere in the world, and will consistently work for the genuine lifetime of the device. Controlling my thermostat remotely helps me keep my heating bill and energy usage down.
This isn't necessarily feasible for the layman to do right now. But we should at the very least understand what happens when we add a wi-fi device to our home, what the risks and ramifications are, and what we can do to improve our autonomy, privacy, and security. And maybe, all of our 'smart' devices should work without wifi–or at the very least, be de-cloudable.