I'm surprised he's surprised about this. What they claim to be doing is totally reasonable, and
pretty much every IoT device works like this. There's simply no good way to get out-of-the-home
communication to work reliably without having the device connect to the cloud. At least they (claim to)
use NAT punching when possible.
I guarantee Nest, Canary, Ring, etc. all do the same thing. HomeKit and Weave do to (although they use
Apple/Google's servers which you probably trust more).
>> What they claim to be doing is totally reasonable, and pretty much every IoT device works like this. There's simply no good way to get out-of-the-home communication to work reliably without having the device connect to the cloud.
None of these devices need out-of-the-home communication for the users benefit. Not even Nest.
To change the temp on my Nest when I'm away from home there are 4 options I can see;
- central control via the manufacturer (thermostat talks to nest server, my app talks to nest server)
- dyndns with NAT hole punching or upnp (a way for my app to know what IP the nest is listening on and connect directly to it
- a vpn from my phone to my home and the app discovers the nest as a local network device. You still need a way to make the VPN connection to your router, bringing us back to dyndns or some way to discover your IP or hope it is static
- a P2P overlay network, such as what Krebs is complaining about, or more securely, a Tor hidden service.
I guarantee Nest, Canary, Ring, etc. all do the same thing. HomeKit and Weave do to (although they use Apple/Google's servers which you probably trust more).