Can you have one without the other? Among the reasons I started using HA is to have a bit more control over how and to whom my information is exposed. I think these were once at least partial reasons behind developing HA. There seems to be no place for a discussion about it here. Even more disturbing is the responses from the community regarding security/privacy questions, mostly the sound of wind blowing over their lips, “pffft”. The lack of serious discussion has made me very uncomfortable.
I think there was something about this on the latest HA anual video. A lot of people “care” about privacy but do not do much to really protect theirs.
I see that also a lot on external forums where people just feed their internal and external camera screenshots to Google or Open AI so they get a funny description of the images.
Sadly still a lot of people believe the “I do not do anything bad so I have nothing to hide” mantra when privacy has nothing to do with that.
HA must be due a security audit soon. The last one in the Blog was October 2023.
And there was a big hoo-ha about encrypted backups recently. I think people do worry about these things.
But as @distante says, a lot of other people are their own worst enemies.
I know this was really a request for a place to discuss these subjects. But lacking that, I will discuss my thoughts here.
For me, HA was about three things. Of course, automation! But also get both privacy and security by bringing some things home and getting them off the line.
I was using Blink cameras. Now I use POE cameras with Blue Iris. The cameras are on their own network that have no direct path outside my network. The machine running Blue Iris has two NICs. One for the camera network and the other is on the main network that feeds the cameras to HA using webrtc to stream cameras directly from HA without needing to open ports to BI or the cameras.
I was also using Simplisafe for home alarm. Now I am using Alarmo with door, window, and motion sensors through HA.
Got rid of MyQ using RATGDOs.
So, I basically got rid of the major service providers I was using that both store and sell information. I brought the storage from those providers local. Nothing to be gotten if they get hacked and no more information to sell.
Is it perfect? Nope. We still need to access our info when we are out. So, a couple things here:
- The wife approval factor - If it is too difficult for her to do it, she won’t. For that, I use Nabu Casa HA Cloud. I have investigated their service and believe they do a great job.
- My possible need for access from outside for other things (not HA specific) - I have a certificate based VPN setup on a non-standard port.
- Of course, my router (not HA specific) - Keep the firmware updated and reboot early and often.
Encrypted backups - I am good with the backups going to Nabu Casa being encrypted. I am against local backups being encrypted as I feel I have this part covered. This has since been dealt with by HA.
And I do not do anything bad, so I have nothing to hide. But others do bad things and I do not want them to have anything of mine 
Also, not HA specific. But I self-host Vaultwarden. No more ‘pet name’ passwords. No more reusing passwords. No more passwords that I can even think about remembering.
Disclaimer: This is NOT meant to be a guide on your home network/automation security! It is nothing more than a list of items I believe have helped me be more secure than I was when I was using other services. You need to investigate all of your options and make informed decisions before making changes that could affect your data and security.
Any comments/suggestions/critiques are welcome and will be answered or investigated so I can make changes if needed.