Or, if your technically competent, just give it a static ip on your local subnet, and give it a device as its default route that can't route out the subnet. Everyone on the local subnet can still access it, but it can't phone home.
If you need it "on the cloud", zoneminder on a trusted machine that can route out but doesn't have made in shengzen budget firmware. Or let it upload its images to a local server and rsync over ssh that somewhere public etc.
We should be designing routers with firewall features like isolation zones for devices like this out the box. But then the routers themselves would have to be made properly and tested.
Can we swap IoT for a PLoT model please? (protected lan of things). Then we can at least get normal people to make a attempt to bolt the stable door. Add a outer layer to the onion and all that?
Biting the hand that feeds IT
