Home
use cameras to:
detectevents
notpeople|

Configure what your cameras detect — without building a surveillance system. No face recognition. No tracking. No biometrics. By architecture, not settings.

View Source How It Works

This is the output. All of it.

Notice there are no images on this site. That's intentional. The system outputs semantic events — text that describes what happened. The surveillance data on the right? That code doesn't exist. Not disabled. Not hidden. Missing.

Event Output
HOME
Not Captured — No Code Exists
facial_identity:███████
race:███████
gender:███████
age_estimate:███████
body_description:███████
license_plate:███████
gait_signature:███████
tracking_id:███████

Your robot vacuum needs to see. Your doorbell needs to see. Your elder care system needs to see. None of them need to identify, track, or remember faces.

The cameras of the future will have eyes — they just don't need to surveil.

Privacy by absence, not by setting

Most camera software can be configured for privacy. This software lacks the code to violate it. There's no setting to turn off — the capability was never written.

Motion & object events

"Package detected at front door"

Face recognition

No code for this exists

Cross-camera tracking

No code for this exists

Solo video export

Requires multiple trustees to approve

Design

Three intentional constraints

This isn't a feature gap — it's architecture. Every limitation is a deliberate choice.

Events only, not video

The output is a log of what happened. There's no API to stream or export continuous video.

No biometric code

Face, license plate, and gait recognition aren't disabled — the code was never written.

Multi-party video access

Raw footage requires approval from multiple trustees. No one person can extract video alone.

Technical

How privacy is enforced

Six mechanisms that make surveillance architecturally impossible.

I

Frame data is private

Raw pixels are inaccessible. Analysis modules only receive abstract representations.

II

Export requires multiple approvals

No single user can extract video. A configurable quorum of trustees must authorize.

III

Timestamps are coarse

Events are bucketed to 10-minute windows. Precise timing isn't stored.

IV

Log is tamper-evident

Each event includes a hash of the previous. Modifications break the chain.

V

Access tokens are single-use

Emergency access tokens work once, for one time window, then expire.

VI

Rules apply forward only

New detection rules cannot be applied to historical data. No retroactive surveillance.

Architecture

Data flow

Data Flow
Camera ──▶ RawFrame ──▶ InferenceView ──▶ Module ──▶ SealedEvent
            (private)    (no pixels)               (hash-chained)
               │
               ▼
         FrameBuffer ──▶ BreakGlass ──▶ VaultEnvelope
           (30s max)       (N-of-M)       (if authorized)
Status

What's built, what's in progress

This is prototype software. Here's where we are.

Frame isolation types

Hash-chained event log

Break-glass quorum

Event contract enforcement

Cryptographic signatures

RTSP video ingestion

WASM module sandboxing

Encrypted vault envelopes

Read the source. Verify the claims.

Everything on this page is checkable. We're not asking for trust — we're asking for review.

View on GitHub