Well, I was ashamed to admit it, but I do have one entirely vendor managed automation device, and that's the "iAqualink" pool controller module that manages all the devices that make our pool work - the pumps, the lights, the valves, the heater, the salt chlorine generator, etc..
The iAqualink device is a black box on my local network - it starts up, gets an IP address via DHCP, and then sets up a back channel for clandestine communication to the iAqualink cloud service. To control it, I use their phone app or website to interact wtih the cloud service and send/receive data to the device. The device that sitting right here on my home network...
Anyway, I happily used the system for almost 4 years now without much to complain about other than the principle of the thing, and my inability to integrate it into my larger system. But as of yesterday, their cloud service has been down -they took it down for a 3 hour maintenance window yesterday morning, and it hasn't been back up since. As a consequence, I don't have much control over my pool (I do have some, but it's pretty stone-age button pushing on the main panel).
Anyway - case in point, concerning the dangers of vendor-managed home automation devices, and this is even without the privacy concerns. I'm looking into alternatives. They will all cost hundreds of dollars at a minimum, plus a bunch of my time (I don't mind the time part - I actually insist on it of course). But at least it can be done, or apparently it can. I wish I would have had the presence of mind to address this when the pool was installed in 2014.