[dimman]

I don't know where your getting the first part from? As I said earlier I don't know how they've chosen to protect themselves, I do hope they use certificates to authenticate camera/client to verify that the client has access to the camera and that the camera verifies that the client has access.

I don't think you understand how the technology works. Each camera does _not_ "punch holes to a small number of other nodes", it setups a direct connection between itself and the client device (you) using a technique called hole punching... It's just a simple connection between you and the camera, no server in between.

[KMag]

Ahh, my background in decentralized P2P systems engineering, along with the phrase "Foscam admits that disabling the P2P option doesn’t actually do anything to stop the device from seeking out other P2P hosts online (see screenshot below)." lead me to believe they were using a DHT or other decentralized P2P system. I'd need more details to determine if they use a set of centralized coordination hosts or if they use a DHT or other decentralized system for the hosts coordinating the hole punching.

[dimman]

I think (I still don't know the details of their implementation) the confusion is caused by them using the term P2P servers. I think thats actually STUN/TURN servers that they use as help to get P2P (direct) connections between camera and your application. So in that sense it's not a P2P server as you imagine it but just a bad name for what the server is meant to help out with :) Again, I don't know but given that I've worked with these type of technologies for years it would make sense.