Building a Smart Fortress

The threat model here was specific and documented: an abusive ex-partner with a history of stalking, physical violence, and demonstrated willingness to exploit institutional access. Standard advice — call the police, file reports — was not only insufficient in this context but occasionally actively counterproductive. The home needed to function as its own security infrastructure.

The result is a home that functions as its own security infrastructure — one where every sensor event is logged, every ingress point is monitored, and privacy is structurally enforced rather than assumed.

The design requirements followed directly from the threat: perimeter awareness without relying on a third party to relay it; logging that could not be tampered with; remote visibility into home status from anywhere; and reliable operation without vendor subscriptions that could lapse or services that could be subpoenaed for data that should remain private.

Apple HomeKit was the platform choice for one primary reason: privacy architecture. HomeKit processes data locally on Apple devices and syncs through end-to-end encrypted iCloud channels. Unlike most consumer smart home platforms — which route every sensor activation through vendor cloud servers — HomeKit data does not leave the device ecosystem in a readable form. For a threat model that included concern about sophisticated information access, this distinction was not academic.

HomeKit Secure Video stores motion-triggered camera footage in iCloud with end-to-end encryption, accessible only through authenticated Apple devices. No Apple employee can view it. A subpoena to the camera manufacturer would yield nothing — the footage exists in a form accessible only to the account holder. That design constraint was a deliberate selection criterion, not an afterthought.

Native HomeKit’s interface handles individual device control well but is limited for continuous situational awareness. Controller for HomeKit — a third-party iOS and macOS application that interfaces directly with the HomeKit API — extends this substantially. Its floor plan view (shown below) is a live monitoring interface: each icon reflects the current state of the device at that position in real time. Active lights appear in gold; door and window sensors show open/closed state; the climate sensor displays a live temperature and humidity reading. It provides spatial, at-a-glance awareness without navigating through multiple app screens.

The perimeter layer consists of door and window contact sensors on every ingress point. Each sensor sends an immediate notification when triggered and logs the event with a timestamp. This does not prevent entry — nothing in this stack does — but it eliminates the ambiguity that stalking situations routinely exploit: the question of whether something happened or whether you are overreacting. When a sensor fires at 2:00 a.m., the log is dated and precise.

Three motion sensors cover the interior across two rooms, providing zone-based presence detection. Three interior cameras running HomeKit Secure Video capture motion-triggered recordings continuously. The footage is not intended for real-time intervention — response time assumptions would be wrong in this context — but for documentation: timestamped, encrypted evidence of presence and activity patterns that is useful in legal proceedings and that does not depend on law enforcement to initiate, preserve, or provide access to.

Two ceiling fan and light fixtures in the living room run on scheduled automations — evening-on, late-night-off — that simulate occupancy patterns regardless of physical location. This is standard deterrence practice. The climate sensor (monitoring temperature and relative humidity in real time) provides environmental monitoring beyond comfort: humidity spikes can indicate water intrusion; anomalous thermal readings can flag open windows or HVAC failure that might otherwise go unnoticed.

I’ve set up Apple workflows to automate records management and document interactions with antagonistic individuals and institutions. I’ve used Claude to analyze institutional dynamics, draft strategic communications, and think through situations that are too emotionally overwhelming to navigate without a structured analytical framework.

A HomePod in the living room provides local voice control for HomeKit without requiring cloud connectivity for commands. It also functions as a room-level audio sensor for presence-based automations: the system can distinguish occupied from unoccupied states and adjust lighting and alert thresholds accordingly. The combination of motion, climate, and audio presence creates a richer environmental picture than any single sensor type would provide alone.

The primary value this system provides is not prevention but information: immediate notification, precise logging, and encrypted documentation. Every sensor event is timestamped and stored in a form that is tamper-resistant by design. These are the three things that have historically been hardest for survivors to establish credibly — and they are now available without depending on law enforcement to initiate or maintain them.

There is also a psychological dimension that is difficult to quantify but real. The ability to verify, at any moment, whether doors are locked and the perimeter is intact changes the quality of presence in the space. Anxiety that previously had no addressable object — the feeling that something might have happened — now has, in most cases, a data answer. That shift is not trivial for someone who has experienced the particular form of paranoia that targeted abuse produces.

Not everyone needs such a high-tech setup, and if they do, it must be handled responsibly. Those same tools, in the hands of a malicious agent, can be used for surveillance, harassment, and worse.

The limits of this system are worth naming. It provides awareness, not control. It documents, but it does not guarantee that documentation will be acted upon by institutions that have already failed you once. It is one component of a security posture that includes legal records, trusted contacts, and physical measures — not a substitute for any of them. It is the layer that did not exist before, and had to be built from scratch.