Schaller: The long journey towards good free video conferencing

I understand that there is a reason these devices are being connected to the Internet so a truly local-only device is probably rare. One added point though is that the device could use is public address for client connections (NTP, download updates, DNS, etc.) and advertise its fe80:: address for management and local-only services using multicast-DNS as is standard now-a-days. That's very simple to implement and greatly reduces the attack surface for services that shouldn't be remotely accessible.