Title text:
It’s important for devices to have internet connectivity so the manufacturer can patch remote exploits.
Transcript:
[A store salesman, Hairy, is showing Cueball a dehumidifier, with a “SALE” label on it. Several other unidentified devices, possibly other dehumidifier models, are shown in the store as well.]
Salesman: This dehumidifier model features built-in WiFi for remote updates.
Cueball: Great! That will be really useful if they discover a new kind of water.
Source: https://xkcd.com/3109/
You still have to have some device connected to the internet. This just transfers the problem from the humidifier to the outlet.
Zigbee is local and if you really wanted to you can use Home Assistant 100% offline it will be just neutered and basic.
im not sure why all these people jumped from ‘wifi’ to ‘internet’ as if they were the same thing. no one should be exposing their automation devices directly to the interwebs
Honestly, having any of these vulnerable devices on your network is exposing your whole network, assuming the network is connected to the web.
Your best off using either a separate network for your smart devices with its own router, or setting up a vlan to keep your smart appliances and actual computers separate.
Sadly, many wifi-enabled devices only work with some proprietary cloud-service and even if not, they’re only one configuration error (or intentional backdoor) away from talking to the outside. Better have something that isn’t physically able to talk to the internet no matter how badly I fuck up its configuration and my firewall.
Clearly I just trust my abilities to disable a devices internet access in my router more than you. I also know that my risk factor is really low, because I’m not a journalist or a politician.
As well, I only buy smart devices that I can lock down, brands like LIFX & Shelly that have cloud services, but don’t require you to connect to them for the device to function over LAN.
In this case the OP was explicitly about internet connectivity
I run home automation with lights, switches, outlets, heaters and some more and not a single device has internet access. They all use Zigbee (a simple radio protocol) to talk to homeassistant which is open source and hosted on a machine that lives under my desk.
Separating tasks between the dehumidifier and outlet has the advantage that each individual device can be a lot simpler, leaving less attack surface. My power outlet can’t read the humidity sensor, it doesn’t need to talk to an external server, it doesn’t even need to know that the thing connected to it is a dehumidifier. It’s just a chip that receives a radio signal and toggles a relay on or off. That’s it.
Separating the two concerns also lets me replace the devices separately if one breaks or my requirements change. If I suddenly need wifi or bluetooth instead of Zigbee or if it’s for some reason no longer supported by homeassistant, I can just replace a 9€ outlet instead of the whole dehumidifier that could get bricked by the proprietary app losing support.
Home automation is still a dark art as far as the common person is concerned. Full of fear mongering from the media.
Much like 3D printing was very mystical and full of “oh no 3d printed guns!” We have gone full appliance with 3d printing and it’s no longer gatekeeped by geeks in their basements.
I’m glad I still have at least one hobby that hasn’t gone mainstream and I can still geek out on ESPHome.