[fabianhjr]

I am more worried about US stuff with the whole PRISM thing and other three letter shenanigans.

Aditionally the comment you are replying to is a dongle to provide a single board computer (or a computer in general) with ZigBee conectivity.

Ideally you would run a trusthworthy open source OS and hub software.

[jquast]

Agreed, I would rather a foreign agency with no power or authority over me to have my personal data than a government that has the authority to wrongfully tax, investigate, jail, prosecute, and imprison me for that same data.

[cgriswald]

You should choose the devices that are the most secure, using the information you have available at the time.

Choosing a foreign government to spy on you rather than your own government isn't a clear choice. While a foreign government is less likely to be interested in you personally and likely less able to directly cause you harm, you also have less recourse against them than against your own government and their interests are less likely to be aligned with yours.

Additionally, your government may be able to co-opt the compromised devices anyway and would certainly have an incentive to do so.

I'd also question that a device that is by-design-compromised is otherwise secure from bad actors. It is difficult to imagine the incentive structure that would make that possible.

Finally, once this personal data has been harvested by either government, there is nothing to stop these governments or rogue elements within these governments from trading or sharing that data with your own government or other actors.

[jquast]

I don't chose to be spied on by any government! But if I could chose only one, it would be an opposing country like China or Russia.

American businesses are forced to share our private data witn three letter agencies. Conversely, I can't imagine any leverage, money or lawful, that would cause a Chinese citizen living in China, with families in China, to be so stupid as to collaborate with the US government in any way, unless they wish for their families to be sent to labor camps.

My data is safer with the Chinese. I don't like it, but that's where we stand with our privacy.

[vGPU]

The problem is that the American government has shown time and time again that their interests are not in any way, shape, or form aligned with that of the public.

At this point, I’d trust a (likely) disinterested state actor over one that has been proven to be actively malicious.

[brandensilva]

Now I'm imagining a self destructing roborock vacuum burning down my house when China goes deep in anti US territory.

Best policy I abide by is to prevent any data from exiting my network or remote control period. I don't care who is spying.

[paledot]

Most likely you won't have that problem because the power grid will be offline.

[NicoJuicy]

A dongle loads drivers through USB fyi.

If you're more worried about the US then China, we must live in a different world :)

[BHSPitMonkey]

My Sonoff Zigbee dongle presents itself on my Linux home server as a USB serial device (/dev/ttyUSB0) which gets forwarded to the zigbee2mqtt container which talks to it. Perhaps under a different host OS it might try to deploy something nefarious, but I'm not particularly concerned.

[NicoJuicy]

And what about the non technical people, the majority :)?

Will they have the same setup?

[BHSPitMonkey]

Those people probably aren't buying USB dongles that depend on a server in the first place; They're using one of the many "hub" devices out there instead (with varying degrees of privacy and network security).

[NicoJuicy]

Why wouldn't they buy a zigbee USB dongle? ...

[BHSPitMonkey]

Because it presupposes owning and administering a server to host it, which seems like it would exclude someone from the "non-technical user" segment?