For many, the reliance on not just one but two externally hosted cloud services is a big negative. What’s best is going to depend on what one’s requirements and desires are. For some, a little bit of battery drain is more than worth it to no have to depend on any third party cloud service.
Same here but I’ve a ton of other services that I interact with on a regular basis like Nextcloud, Calibre, Plex, etc. So a ZeroTrust approach is attractive.
However, the biggest reason I use Tailscale (previously used OpenVPN) is I can route all my traffic phone, even when out and about, through my AdGuard instance and I can connect to wifi hotspots and know my traffic is reasonably secure. I live in the mountains, cell service can vary drastically even within a single building. Connecting to wifi often is the difference between being able to make a call or not (with WiFi calling turned on).
Tasker is fantastic for handling stuff like this (assuming Android). Though last time I checked Tailscale doesn’t have any intents or Tasker plugin so I’ve had to use the AutoInput add-on to Tasker to manage this sort of thing.
First let me say that I believe that myopenhab.org is reasonably safe and secure. And I’d love it to implement TOTP and Yubikey support (the former is more likely than the latter).
That being said, it’s often not a matter of being a juicy target and more a matter of being an easy target. It’s like a car thief going down the line of cars and trying the doors. They are not going to skip past the 1992 Honda Accord with its doors unlocked even if there’s a brand new BMW right next to it. The BMW is worth more but the Honda is easy so the Honda gets stolen.
So we cannot rely on security by obscurity here.
But I’ve no reason to believe that the openHAB Cloud Service is unsafe or insecure. I wouldn’t use and recommend it’s use if I didn’t.
Cloudflare is a great option if you’ve the knowledge and expertise to set it up (it’s really not that hard), and you don’t have a need for other things that won’t necessarily work through it. Beyond the already mentioned problem with the phone apps (has anyone opened an issue?) you need the openHAB Cloud Service for Alexa and Google Assistant integration as well as to support openHAB native push notifications (which if you are not using the phone apps you are not using anyway). It’s also a good choice if you don’t mind relying on cloud services which is a deal killer for some.
I’d probably use it myself were it no for the fact that I have parental controls and filtering implemented in part through AdGuard and opnSense and I end up in a catch-22 if I need DNS to access the Cloudflare login page but I need to log in to Cloudflare to access the DNS server.