Freelance IT tech here. I can totally relate to this.

There are selfhosted smart homes fyi

IT professional of 15 years here. I have all the smart home shit and I love it. It's all on a separate VLAN, I have MAC address filtering network-wide and I have a firewall. I understand being burnt out by your job and not wanting to deal with it when you get home, but I love my work and my smart home stuff is robust enough that all I ever have to do is replace alarm sensor batteries once or twice a year. You can have both.

Unless you want to live like a luddite, you can find ways to have the best of both worlds.

As a fairly seasoned IT veteran I think it boils down to the tradeoffs between security, privacy, and convenience--just like at work. I'm sure most of us have implemented things in less secure ways to accomodate a business need. When you do that at work, you just try to mitigate that risk as best you can by putting other measures or controls in place. I do that at home.

Everyones tradeoff decision will be different, but at some point, for me, the convenience of some IOT and smarthome devices outweighs the security and privacy concerns. Or at the very least I realized its a weird hill to die on as we use our android phones, google for searches, gmail, instagram, etc. I am sure some of you have completely divested yourself of all of those services and have GrapheneOS installed on your phone and use OpenStreetMaps to get yourself lost. Most of use still use a few of those.

That said, I think the nerdiest and most security privacy saavy among us in the IT field can implement it in a fairly secure way. Pfsense,Ubnt, ofsense,openwrt routers with vlan segregation for traffic. IDS/IPS, pihole local dns, etc. You can absolutely make it so devices only communicate in ways that you approve. With things like VPNs (tailscale), Cloudflare tunnels, etc you can access your stuff securely without exposing any admin things to the public web.

Digital locks are fine, just get one with a mechanical lock too. I have a digital lock on my front door that I can program with keycodes but it also has a key. I can give the cleaners a temp code if I need to. I can give my neighbors a code if they watch the house while I am away for a long time, then I can get expire it when I return. The analogue alternative is arguably less secure.

That is basically my requirement for smarthome or connected devices. I need to be able to control it to a level that I feel comfortable and if it fails or isn't connected it still needs to work. IE no smart light switches that don't function if the wifi is down--they still need to be a switch. My nest thermostat still works without wifi. My smart plugs still work without wifi. If any of those things was hacked or compromised, they are completely segregated from anything of actual value on my network--and depending on the device it wouldn't be able to see anything else at all.

For major appliances, I dont see the value of any 'smart' features built in (yet), so I won't be buying them anytime soon but if I did they'd still have to meet the "still needs to work in 'dumb' mode" requirement--smart, connected features are extra not required to function.

I hate "smart" devices. They're annoying. And you can't secure them.

I have very minimal smarts in my home. I'm jaded and over it all, and you can guarantee the shitty devs producing this stuff couldn't care less, while working for actively hostile mega-corps.

Fuck that. Having said that, there are compromises - my TV does get out to the internet and I have a win 11 PC in the lounge as the primary machine.

If I had the emotional energy I'd start fiddling with nessus or whatever the new flavour is, to confirm my suspicions but I just don't need the burnout

Your network is only as secure as it's weakest link, IoT devices are a liability unless they are on their own isolated network and who has the time to set that shit up to open their blinds from a phone?

I work in retail, which is the reason why my house is shit.

Can confirm. Technology is a disaster waiting to happen.

Has OpenWRT but doesn't know how to stop smart home gear from leaking data?

Back to school for this fella

When you see how the sausage is made you don't want it. Software engineers know how many corners are cut

IoT is terrible, and typically proprietary. I prefer the FOSS and SelfHosted route. But as it turns out, I too prefer a less online set of home items.

Goddamn right.

Actually, I hadn't thought about the router and I'm panicking now. My router is some MR9600, and the speeds through it are great, but I feel like I over paid for something that I can't install my own firmware on. I think my pi.hole is the DCHP anyway, and now I'm really thinking I need to find a new router

My strategy is just be unpredictable af. Use FOSS as much as possible. Dont use google services except maybe google maps. Make an active effort to decouple accounts. Treat phone number 2fa like the plague.

IT since the 90's.

I have all those things and more, and 6 seperate VLAN's with isolation, strong rules, alerting and honeypots in all the right places.

I can confirm most of the people who say and believe this shit don't have a clue what they're talking about and just want to appear superior to others.