How _does_ it work then, without imposing IP addresses, NAT routing, keys, etc?

One method (for many trans-NAT routing issues) is the manufacturer provides a proxy on the Internet, creates a secure connection between camera and proxy (controlling both ends, they should be able to navigate NAT issues, etc.), and then securely publishes the video. The manufacturer could encrypt the video E2E so they can't see it. This also hides the camera's location and IP.

All with informed consent of course.

Edit: Come to think of it, video chat apps (WhatsApp, Signal, etc.) seem to do this, at least sometimes.

▲

ryandrake 4 hours ago | parent [-]

But then you’re tethered to the device manufacturer and probably need other Terrible UX like an account/credentials, password resets, and so on. And that tether also opens the door for the company to remote control the product, spy through telemetry, and remotely “alter the deal” at their whim. Some people might be ok with this but a “tether to the company” is a deal breaker to me for most products.

	▲	mmooss 4 hours ago \| parent [-]
		For me too, but we can manage keys, firewalls, routing, IP addresses, etc. The issue is a solution for the vast public of end users who can't do those things. Anyway, the vendor could offer the proxy as an optional service, and let you and I do what we want in some advanced mode.

▲

ertian 2 hours ago | parent | prev [-]

I mean, realistically: let us run your thing, uploaded all data to our cloud, and then let us handle access control.