[lvh]

That helps, but a remote integration doesn't _have_ to be hostile. I get that it's different from IoT, and most of my stuff is local Zigbee after learning the hard way, but my Home Assistant also talks to the Norwegian meteorological institute and Tailscale :)

One reason this is tricky to do is because up until let's say the last 6 months or so, myQ _wasn't_ hostile, even if it was Cloud-based. (I get that that aligns with your point! I'm not arguing with you there.)

[egberts1]

All remote are more potentially hostile than any local will ever be.

[justin_oaks]

And the company doesn't even have to be actively hostile for remote to be risky.

The company could go out of business and shut down their servers. Or shut down the servers because they're no longer selling the product.

Sometimes incompetence is as bad or worse than malice. The company could break an API accidentally. Or the API only works intermittently. Or they could add poorly-implemented rate limiting that unintentionally affects multiple users when they share an IP via NAT.

[egberts1]

Or worse, someone else spins up a server in its place.

[rjmunro]

And a local integration can be hostile if it's not publicly documented and they can update it / make it go away with an over the air update.

What matters is that they provide proper documentation for their APIs, encourage devs to use them, and don't have a history of breaking old clients with new firmware updates (without very good security reasons).

[lawn]

Yes, but some can't be local. For instance an integration that scrapes news from a website.

[TeMPOraL]

Sure it can be local - in the sense that all control and scrapping lives on your machine.

But in general, OK - some things are better done via an on-line service. But it's the minority of cases - almost none of IoT devices have a legitimate reason to route control and diagnostics through the cloud.