[mananaysiempre]

> UPnP is [...] a security liability

UPnP generally or just UPnP IGD (frequently referred to as “UPnP” in consumer router UIs)? I’d imagine the primary reasons a smart speaker would want to use UPnP are largely unrelated to punching holes in firewalls and NATs (what IGD is about). And however distasteful RPC over XML over jury-rigged HTTP over IP multicast may be, it’s hardly inevitable that it must create a security problem.

Even if we’re speaking about holes, though, I feel like I must object to the broad description of that function as a security vulnerability, as any instance of that moves us that much farther away from a true peer-to-peer Internet.