cross-posted from: https://reddthat.com/post/39309359
I’ve been running Home Assistant for three years. It’s port forwarded on default port 8123 via a reverse proxy in a dedicated VM serving it over HTTPS and is accessible over ipv4 and ipv6. All user accounts have MFA enabled.
I see a notification every time there’s a failed login attempt, but every single one is either me or someone in my house. I’ve never seen a notification for any other attempts from the internet. Not a single one.
Is this normal? Or am I missing something? I expected it to be hammered with random failed logins.
Yes, incoming.
Outgoing is another can of worms.
I try to run any of my iot devices on an isolated network. At most, they can see eachother, and that’s it.
Some devices need an internet connection, unfortunately.
The best you can do, if you’re unable to block their collection outright, is to run them through a tracker-blocking DNS (either self-hosted or something like Adguard DNS).
That can minimize unnecessary pings home.
Personally, if I think that a device is being malicious in their attempts to phone home, I stop using the device. I also try to make an effort to not get a smart device, if the alternative (unconnected option) works fine.
Digital minimalism is one way to protect ourselves from rampant data collection and profiling.