I’m looking to replace my current thermostat with a “smart” one. The key requirement, however, is that I don’t want my data to transit through (or be stored on) a third-party server.
This rules out neat products like the Nest, Honeywell, and Ecobee. People seem enthusiastic about the Radio Thermostat CT50 and CT80, though, and it does fit the bill… except that the API is horribly insecure (it uses unauthenticated HTTP post requests). This means that after I set it up, any website that I visit on Wifi from my phone or laptop can trivially turn my heater on or off, or change its target temperature (CVE-2013-4860 and CVE-2018-11315).
These problems haven’t be fixed in 5 years, so that option is out, too.
Do I have other options? (Safe, under $250, and can be configured through LAN without setting up an account on a remote server?)