One threat model I think is being missed here: the fact that scanners and geolocation services both exist, makes the job of burglars much simpler in an insecure IOT world.
Basically they go to their friendly shodan-alike and get a list of ip running IOT cameras (etc). Then they pipe that list through a geolocation service and grep for their target region. Then they just monitor for good targets, and when they are unoccupied.
Much like the big hubub when people pointed out that mentioning vacations on an open facebook feed was burglar bait.
Both take away a lot of effort for reconning homes, so they are probably being used to narrow the search for good potential targets.
This isn't the threat it is made out to be. Most homes are empty every day when people are at work. It isn't really necessary to perform advanced analysis to find an empty home.
Most homes, but not all homes, especially with home offices being an actual thing that's becoming more popular. I doubt many burglars want the risk of running into somebody during their "heist", so they will stake out possible targets. Staking out a target used to be time-consuming and a bit risky, because the burglar needed to be on location for quite some time to conduct surveillance themselves, in person. Now they can stake out multiple targets at the same time, from anywhere they want, with all the anonymity the Internets allow for.
While the addition of anonymity would certainly be appreciated by would-be burglars you seem to be leaving out a small detail. It is trivially easy for a burglar to determine if someone is home. They can just walk up to the front door, knock and see if anyone answers.
If someone is there ask for a glass of water, ask if they have accepted Jesus, ask if Steve lives there or whatever other BS excuse they have ready before simply moving on to another prospect. If no one comes to the door then the home is very likely empty and they can proceed.
This has the added benefit for the burglar that anyone seeing them enter the property will assume they have good reason to be there. After all they marched straight up to the front door and rang the doorbell which is what non-thieves do so its less suspicious if they then go around the side of the house when no one answers.
In some ways, this is just another class of "Thieves are following you on Twitter so don't let anyone know if you're going on a trip." Sure, for some high profile individuals, keeping your movements secret may make sense. But for most people this is sufficiently far down on the list of threats that it probably doesn't matter.
I think you way overestimate how clever or diligent criminals are. If you have the skills and persistence to pull something like this off there are almost certainly more profitable (and quite possibly legal) avenues of work available to you than breaking and entering.
Not necessarily - research shows that burglars enter a flow state when robbing a house, meaning that they have expertise and routines familiar enough to get pushed to subconcious processing.
Skills and persistence get used for many things, from english phds, triathlons to code.
Basically they go to their friendly shodan-alike and get a list of ip running IOT cameras (etc). Then they pipe that list through a geolocation service and grep for their target region. Then they just monitor for good targets, and when they are unoccupied.
Much like the big hubub when people pointed out that mentioning vacations on an open facebook feed was burglar bait.
Both take away a lot of effort for reconning homes, so they are probably being used to narrow the search for good potential targets.