WeMo Insight plugs are vulnerable to takeover:
One of the reasons to come to Hubitat is the attempt to make things as local as possible. It would be nice for Hubitat (maybe a marketing point) to shine some light on which devices are completely local, which have limited internet requirements (for remote access, to update, but not operate), and those which require internet to function at all.
I absolutely agree. I have been interested in home automation for a very long time, and but I could never bring myself to buy into the cloud-based controllers. It's such nonsense for home automation, imo. Having everything local is important for more reasons than being able to survive an outage by your "provider" (whether that's your ISP or SmartThings or whatever).
Wow.
Hopefully it doesn't affect their switches. Worse case I can turn off network access to them and still be able to use them via hubidat, but that will also block any updates they may roll out. 
Confirms my paranoia to put my IOT on a seperate vlan.
I must be paranoid too.. lots of vlans here 
"Just because you are paranoid doesn't mean they're not out to get you"
Can you set up VLAN's on a domestic all in one router?
I am using ubiquiti switches, routers, and access points.
Yes, as long as your router also supports a custom firmware such as Tomato or DD-WRT or something similar. The best Tomato developer is possibly on permanent leave so there aren't a lot of quick or updated builds going on in Tomato land but DD-WRT is still very popular.
There is also a group of Asus Routers that supports a modified stock firmware by somebody named Merlin. These firmwares, as far as I understand, support all of that stuff as well but some of it must be configured via SSH because there is nothing in the GUI to do a lot of it.
I prefer Tomato by Shibby but I abandoned it recently for Merlin. So recently in fact that I haven't bothered figuring out how to setup VLANs yet. Instead I just stopped using all of my Chinese WiFi IoT devices (the ones I couldn't flash my own firmware on) and sort of slimmed down instead.
Anyway, back to the question at the top. It's my understanding that everything that could run locally does unless it needs to communicates with a third-party cloud service. That to me would mean that anything connected directly to the hub and configured through 1st party device handlers and apps would all be local. This would also include all third party device handlers and apps as long as no dependencies on the internet are created by the developer.
For somebody who has actually checked into this, does that sound about right?
Download the Hubitat app
