Withings Home Camera Review

2 minute read

I am always in search of products that help me automate and secure my home. I have run a mix of Foscam, D-Link, and Panasonics cameras dumping to a Linux server for the longest time, but it was clunky and not without its horrendous maintenance. Additionally the cameras, as aptly pointed out by Wife, were less than aesthetically pleasing.


Enter the Withings Home Camera setup. It checked off most of the boxes of requirements I had moving forward:

  • Doesn’t look like an ugly box with wires and lights when sitting on the shelf
  • Local streaming – I want to view the video via WiFi versus going to the internet to retrieve. I have a slow rural internet connection and video out is not an option
  • Ethernet – I don’t care for wi-fi if possible
  • Local storage – If I want to hook up a drive for local storage, I should be able to
  • Power Over Ethernet (POE) – This one unfortunately is getting very hard to find
  • Wide view lens – I hate having to mount multiple cameras just to cover a single room

Just for those that find this looking for reviews, it is a great setup. You can tell it is still a new product, but compared to the homegrown solutions you cannot go wrong. It is missing a few things such as IFTT, external API, Motion/Alarm times (if I am home I don’t need to know I am in the livingroom), and the ability to lock down ports for external access. The VOC air quality thing is nifty, but the propane heater in the house drives it batty. Two way comms for the audio is good when it works, but not very reliable on less than desirable WAN connections. WebRTC is the backend so I believe that is partly to blame as the comms channel matures.

From a security standpoint….

  •  I run a pretty tight firewall setup. I noticed external video access while away wasn’t working. A quick traffic dump showed the device was attempting to use ports 1024-65000 randomly. I emailed support and was told this is how it worked and to open all the ports. Nope. Fix it guys.


  • XMPP is used heavily for the messaging and transfers which is nifty. Everything is encrypted via SSL on a secure XMPP port. You can see from the dumps that the timeline feature is all exchanged via XMPP to this server: prod-oregon-timeline-2-days.s3.amazonaws.com
  • Each device is given a unique ID for sending the messages and retrieval. I haven’t tried spoofing or decoding, but here is the XML stored on the server:
</span> </div>
</span>AccessDenied</Code> </div>
</span>Access Denied</Message> </div>
</span>8F0D4A4C05EDE740</RequestId> </div>
</span> </div>
</div> </div> </div>
  • Remotely checks into http://scalews.withings.net/ for status. I assume this is firmware or upgrades, but have not validated
  • When there is an alarm it uses a cgi-bin against the same scalews server for storing the alarm
  • Example Alarm