Confirmation of anecdotes or gut feelings is still science. At some point you need data rather than experience to help people and organizations change their perception (see: most big tech companies lighting billions of dollars on fire on generative AI).

Believe me it’s better to be ignorant about this…

I’ve been using this to automatically skip ads on my Chromecasts (youtube ads and in video segments) for the past year.

https://github.com/gabe565/CastSponsorSkip

It’s literally sponsor block but for all of my Chromecasts

I give it less than a week before someone has code for this exact feature in QMK. It won’t be as detectable as looking for “Is using Razer Keyboard”.

You’re aware that you can send whatever traffic you want over any port right? Using 123/udp for NTP is just convention. A light bulb that is updating its time over Tor is suspect. TP-Link would have their own infrastructure or use public pools to update the device’s time.

It’s been hacked, the light bulb is likely part of some botnet or under an attacker’s control directly. Which is why it’s sending that much data continuously. IoT/smart devices don’t send a lot of data in this sort of volume as most of the time they’re idle and maybe send a heartbeat or status update every once in a while to prove they’re alive.

This is what is called an indicator of compromise or IoC, it’s some behavior or pattern that can be used to determine what is happening or who is the one doing the attacking.

Likely OP would need to do some analysis to be able to get attribution unless it’s a very well known botnet actor in which case attribution is fairly straightforward.

It’s definitely been popped. Rip.

IANAL; However Usually the contracts have a severability clause, meaning even if some parts of that contract are null and void the rest of it stands minus the parts that are illegal. Does that mean those clauses are also null and void depending on locality? Again IANAL, but I believe it’s pretty settled contract law at least in the US.