We choose how we interact with certain technology. When the technology says it does one thing and does something else in the background, it seems fair to point out what else is going on for those that aren't aware. If the technology is a convenience and not a need, then it's something we have a choice about. Apps should always provide details about what they are doing in a way a common person would see and comprehend it. If it's buried in a 1000 page EULA, that's not really all that helpful for true disclosure.
IOW, in modern life, we don't have much of a choice about our phones (as an example). You could choose not to carry one, but that's not all that viable. Or, you could opt for a flip phone...which are actually still available at my local mobile phone stores. Or, we can pick one of the two OS manufacturers and attempt limit our exposure (though both Google and Apple have been known to have very similar outlooks on what they consider data privacy).
There have been applications intruding on our devices for years (I'm going back to the Packard Bell days of bloatware laden PC's) and people provided instructions (magazines, BBS, usenet) on how to clean the garbage out (usually format and install a bare OS). With a phone, most can't format and install clean because the vendor (Verizon, AT&T, Sprint, etc) control how the device is configured (it is possible with Android but it's beyond what most people would consider a viable option). But, that doesn't mean we have to accept the garbage on there draining the battery, eating our expensive data, and recording our daily lives (location, phone usage, conversations (depending on who you believe)) for the benefit of whoever the data is being sent. Root/JailBreak and you have many options.
Beyond what we don't have control over, you are correct in that many people freely post their specifics to FB etc. If someone wants to claim invasion of privacy then they probably shouldn't have a constant feed of information being sent to FB etc. FWIW, I don't and have never used any social media platform for this reason, but everyone is free to make their own decisions.
To get back to HA, there are trade offs for the use of different systems.
If you opt for X10 and no internet connectivity, you know that you have a secure system that nobody can track. Except someone who knows you use it could walk up to your home and attach a controller to an outside outlet and control everything. So, it's not really all that secure.
If you opt for Z-wave or Zigbee you can have a secure system so long as someone doesn't have a way to utilize the radio transmission to control your system (eg your door locks). This is not all that likely, but there have been articles written about hacks that do work in the lab.
If you opt for ESP8266 based devices, you can work with them locally or over the internet at your discretion and they are as secure as you have the capability to make them. That is, unless you choose to buy ready made modules which are not open source. Then you are limited to whatever the software architect chose to provide. And since most people aren't likely to make their own HA modules, that's pretty much everyone using ESP8266.
If you opt for cloud based devices, then everything (for the most part) will work together and your phone can control it relatively easily. You can use your voice to control it without the need to code anything. But, you also expose yourself to whatever the various software architects chose to do. Maybe they did everything right and are up and up. But, from what's been published about it, different vendors from different countries handle privacy and security very differently. And, if you have shoddy internet, then you may be limited on what the devices can do at any given time. Everyone doesn't live in downtown so fast, cheap, and reliable internet are not an option just like the power does go out periodically.
TL;DR: Buy what makes you happy and accept that there is no privacy or security in the world. But, do so with open eyes to what the exposure is. Don't go around with the opinion that "the gov't is tracking us so I don't care if Amazon does too" or "I'm not doing anything wrong so I don't care if anyone sees what I'm doing" and force others into the same opinion. I have nothing to hide but that doesn't mean that I want my specifics monetized without my knowledge and consent. And it's not all or nothing with HA. There are ways to get HA that are similar to what's offered by the cloud in a local, self managed system that the user can control his/her privacy exposure. Just because someone opts for a local HA system (which, btw, we all used just a few years ago), doesn't mean that we are not capable of attaining our personal HA goals. Amazon/Google are not required just because they are the new cool kid in school.
