How isolated are we talking? A device that only has access to the internet can still get botnetted and send malicious traffic from your IP. Or burn your data cap, or spy on you for the vendor.
LAN is being used in an under specified way. To my reading, a separate VLAN or standalone LAN for the washing machine wouldn’t be on “my (main/primary LAN is assumed here) local network” if I mean that “my local network” doesn’t have untrusted devices on it. I tend to read these kinds of comments with a bit of wiggle room because sometimes folks disagree about if VLANs are actually isolated enough to consider them separate local networks, as the same device may do routing and firewall or VLAN tagging, so there is isolation in principle, but bad actors can’t be expected to comply with network security policies.
I guess I can see how each of you could be right to their own reading.
But when you responded, am I bound by their context or yours? For clarity, I am responding to you both in a good faith steelman manner, so please respond in kind.
I thought the ambiguity remained, because different people have different opinions about network isolation, what it entails, how it may be implemented securely, and how different implementations have different implications regarding failure to maintain isolation in the event of a security breach that compromises networking equipment. Most folks aren’t running diodes at home. If your isolation relies upon configuration of reconfigurable equipment and/or VLANs, that isn’t isolated to readings that require or imply a highly secure computing environment.
For untrusted IoT devices I’ve found that sticking them on the IoT VLAN (so no device-to-device communication, and either no or extremely limited internet access; but I let my trusted clients punch through to IoT devices) has allowed me to retain all functionality whilst being confident they’re not up to anything I don’t want or expect.
This is my setup. I find this to be a reasonable balance for comfortable life. Except my printer, that gets no Internet so it cannot update to some crappy firmware that nags about supplies.