it's hard work trying to get information on how bad these devices could spy on you
The orange flag is when setup requests my wifi password.
But the big red flag for me is when configuration fails without unfettered WAN access. In this case, the product goes back in the box. If you allow this, you allow anything. Someone else effectively owns the device.
An easy test for this --- simply unplug your network from the WAN modem and see what happens.
For the most part I just stick to zigbee devices and I can be sure they're fully under my local control because their only gateway to the network is the zigbee modem attached to my Raspberry Pi running Home Assistant. Sometimes requires messing with some quirks to get the full functionality I need out of them, but the community is pretty good about supporting most devices out of the box.
The orange flag is when setup requests my wifi password.
But the big red flag for me is when configuration fails without unfettered WAN access. In this case, the product goes back in the box. If you allow this, you allow anything. Someone else effectively owns the device.
An easy test for this --- simply unplug your network from the WAN modem and see what happens.