[michaelt]

> Isn't that a good thing for me as a consumer? I like the ability to decrypt and modify my own devices.

If you're the sort of person who buys wifi-based-internet-enabled door bells, but you don't want someone who steals your doorbell to (a) be able to extract your wifi password or (b) be able to get the thing to work at all, you might appreciate resistance to the thief's attacks.

Of course, you can also address this security concern by just not buying an internet-enabled doorbell.

[zaarn]

This could still be addressed by not putting the wifi part of the doorbell into the doorbell itself or alternatively using something like LoRaWAN where at worst someone could compromise the device keys (which you can reprovision) so your Wifi isn't compromised at all.

Another solution is to use a second gateway inside the house that manages the Wifi part and secure communication with the doorbell via short range radio.

[labawi]

Or you could use a dedicated SSID (vlan) with AP client isolation enabled.

[lvturner]

Or reduce the severity of a breach by using a limited guest network for your IoT devices

[zigzaggy]

This is how I handle all the IoT devices in my household. It’s one of the first things I implemented after I flashed my router over to DDWRT.