(no title)

You should choose the devices that are the most secure, using the information you have available at the time.

Choosing a foreign government to spy on you rather than your own government isn't a clear choice. While a foreign government is less likely to be interested in you personally and likely less able to directly cause you harm, you also have less recourse against them than against your own government and their interests are less likely to be aligned with yours.

Additionally, your government may be able to co-opt the compromised devices anyway and would certainly have an incentive to do so.

I'd also question that a device that is by-design-compromised is otherwise secure from bad actors. It is difficult to imagine the incentive structure that would make that possible.

Finally, once this personal data has been harvested by either government, there is nothing to stop these governments or rogue elements within these governments from trading or sharing that data with your own government or other actors.

Now I'm imagining a self destructing roborock vacuum burning down my house when China goes deep in anti US territory.

Best policy I abide by is to prevent any data from exiting my network or remote control period. I don't care who is spying.

My Sonoff Zigbee dongle presents itself on my Linux home server as a USB serial device (/dev/ttyUSB0) which gets forwarded to the zigbee2mqtt container which talks to it. Perhaps under a different host OS it might try to deploy something nefarious, but I'm not particularly concerned.