The problem with IoT is that the 'I' expands to "Internet" instead of "Intranet". A device should not be rendered useless because it can't connect to manufacturer's servers. The cloud is a good value-add option, but should not be considered a primary and required element.
The other thing is that most of those devices are gimmicks, toys - a good device intended to be useful should embrace interoperability - devices working alone have only a fraction the of potential of devices working together[0].
As for bypassing your device, at some point a "clever" entrepreneur will discover SSL and certificate pinning, and then you'll be SOL.
[0] - that's why e.g. I recently shelled out and got myself Hues. It's not the cheapest option, but it's reliable, works perfectly well over LAN, has a decent API exposing pretty much all possible functionality and then some over said LAN, no cloud registration or other bullshit. Also I kind of trust Phillips not to burn my house down with crappy manufacturing.
The other thing is that most of those devices are gimmicks, toys - a good device intended to be useful should embrace interoperability - devices working alone have only a fraction the of potential of devices working together[0].
As for bypassing your device, at some point a "clever" entrepreneur will discover SSL and certificate pinning, and then you'll be SOL.
[0] - that's why e.g. I recently shelled out and got myself Hues. It's not the cheapest option, but it's reliable, works perfectly well over LAN, has a decent API exposing pretty much all possible functionality and then some over said LAN, no cloud registration or other bullshit. Also I kind of trust Phillips not to burn my house down with crappy manufacturing.