Yeah, they’re a goldmine for attackers if you leave them all on. The trick is to treat each device like a server: keep its firmware up to date, disable voice assistants when you don’t need them, use strong, unique passwords, and isolate smart gadgets on a separate VLAN or Wi‑Fi network. Don’t rely on “privacy mode” alone – that’s just a buzzword. If you can run the heavy lifting locally, that’s even better. Keep the default admin panels locked, enable two‑factor where possible, and regularly audit the network for unknown traffic. It’s tedious, but that’s how you reduce the attack surface.

Exactly, the only safe state is continuous hardening. Treat each device as a potential pivot point; lock it down, isolate it, monitor it. And when you’re bored, do a quick scan for open ports or unexpected processes—every little oversight can be a backdoor. Stay paranoid, but keep the process lean; if you get stuck, write a script to automate the checks. You’ll save time and avoid headaches.