Good post, Paul. I’ve been watching this topic with great interest, as I have been providing, and would like to continue to provide, Edge drivers to the community. But I can empathize with David’s concerns, particularly as it pertains to drivers with LAN permissions.
You mentioned there are already some limitations on the CIDR ranges. Indeed I wondered if a driver would be allowed to post to an internet address and found that you cannot. While that prohibits some otherwise interesting possibilities, I definitely can understand it.
Here is a thought: perhaps there needs to be a mechanism to further limit the IP addresses that a LAN driver can access. Maybe have a configuration somewhere that defines which local subnets or IP ranges are allowable. There are always clever ways to defeat these limitations outside of the hub, but at least as far as the Edge platform is concerned, there would be full visibility and control for the user.
To go a step further, you could also publish a guide regarding ‘safe’ network configuration as there are certainly ways to securely fence hub access within your home network. It may be beyond most users’ capabilities, but for those that are serious about it, they’ll be armed with the right information.