[bluGill]

I agree until I discover I'm doing something where I want to access/change that device. It is really nice when I'm returning home early that I can change my thermostat out of vacation mode. I've often wished I had a way to tell if I left a door unlocked.

Security and privacy is of course critical to all this, but the concept of internet itself is not wrong.

[craftkiller]

That's what a VPN is for. Every router I've had in the past decade has had support for running a VPN server so you can have one running 24/7 without any additional hardware. Even my retired elderly parents run a VPN server on their home router.

[timewizard]

> retired elderly parents run a VPN

Does that VPN use certificates or a pre shared key? Do they understand the different security implications between those two choices?

[craftkiller]

I hope you're not implying that allowing IoT devices access to the internet is not a massive security vulnerability. IoT devices are notoriously insecure and poorly maintained. I'd much rather have LAN-only IoT devices and an internet-accessible VPN server than letting IoT devices access the internet.

But theirs uses certificates (the router UI generates the openvpn client config files with the certificate embedded inside it) and no, they do not understand the security implications between those two choices.

Mine is a wireguard VPN with both the pub/priv keypair and PSK.

[timewizard]

I'm implying that a VPN is not a "silver bullet." In particular since they don't understand the model, are stuck with a vendor implementation, and probably never update their router firmware.

There's a reason IoT vendors try to do this all "in device."