Think carefully and lock-it down (not as an afterthought), because unsecured IoT can be exploited to cause devastating harm.
Phoning home should be disclosed and disable-able because you're opening up an attack surface and a privacy risk. And, if there's no clock synchronization, it will be impossible to check the validity of X.509 certificates used in https://.
You should support APIPA and Zeroconf.
Bonus points for Bluetooth to allow configuration from a mobile app. The mobile app should also be able to securely download and send a firmware update.
ZigBee is also low-power and mesh oriented, but will need a bridge/gateway to the internet to be connected.
Device pairing like NetVue cameras having QR barcodes and/or Bose headphones with NFC might be Good Ideas™ too.
Phoning home should be disclosed and disable-able because you're opening up an attack surface and a privacy risk. And, if there's no clock synchronization, it will be impossible to check the validity of X.509 certificates used in https://.
You should support APIPA and Zeroconf.
Bonus points for Bluetooth to allow configuration from a mobile app. The mobile app should also be able to securely download and send a firmware update.
ZigBee is also low-power and mesh oriented, but will need a bridge/gateway to the internet to be connected.
Device pairing like NetVue cameras having QR barcodes and/or Bose headphones with NFC might be Good Ideas™ too.