Title text:
It's important for devices to have internet connectivity so the manufacturer can patch remote exploits.
Transcript:
[A store salesman, Hairy, is showing Cueball a dehumidifier, with a "SALE" label on it. Several other unidentified devices, possibly other dehumidifier models, are shown in the store as well.]
Salesman: This dehumidifier model features built-in WiFi for remote updates.
Cueball: Great! That will be really useful if they discover a new kind of water.
Source: https://xkcd.com/3109/
I'm still trying to figure out my network settings so that I can have my IoT one one network while still being able to access my home assistant from the other network.
Unfortunately, my ISP is also my cable company, and I have to use their modem/router combo else the cable boxes won't accept the cable signal. I'm using my own wireless access point (which also doubles as a switch for the handful of Ethernet devices I have), and it can split off a separate SSID, but that's not really doing much.
I have a separate IoT network. It's basically just a guest wifi for IoT. Anything coming in on that network gets a VLAN tag and only previous & established connections can get out. Honestly, it's kinda a pain in the ass with homeassistant because I keep HA on the other network so I have to manually find devices. It might be easier to just block it at the ip level or blacklist outgoing ip ranges to Tuya or whatever.
I have HA on a separate VLAN from IoT devices and have set up mDNS reflection so it can find them.