I guess if the relationship we have with our devices is full-on adversarial and yet still need them, they should be put on a dedicated subnet with a default deny rule in place.
I guess, at this point, the other commenter's solution of "just stop using those things" may be the best.
Even a dedicated subnet won't be enough, because these devices could be made to connect to any open wifi until they can phone home or even use the cell network, without the user even knowing about it.
> I guess, at this point, the other commenter's solution of "just stop using those things" may be the best.
Yeah. Assuming this doesn't change, this is the end result for me, at least.
Perhaps, but blocking 53 is better than not, IMHO. I've seen devices fall back once blocked to a hard-coded dns, so it works today. DoH is another that devices will eventually employ, so that's another whack-a-mole situation.
