Two things going on here. First, the cams are trying to resolve and connect to google.com presumably just to check network connectivity. But, it’s already doing that with api.wyzecam.com so not sure why it’s trying to talk to google,
Second, my DHCP server is telling all devices that DNS queries should be sent to 192.168.1.3 which is the Pi-Hole that blocks adware, malware, beacons, etc. So, the Wyze cams are going around that and trying to send DNS queries directly to somewhere else (I still haven’t run wireshark so I don’t know where). My router is now blocking all DNS requests (port 53 UDP/TCP) from devices on my network from going outside so whatever Wyze is trying to get around, they aren’t now.
One way devices are offered with low prices is to package and sell data as an ongoing revenue stream derived from a one-time purchase. You know, if you’re not paying for the product, you are the product. So, the Facebook model but for subsidized hardware. LG TVs are bad about this and so is anything Amazon running FireOS (they both have hard-coded DNS). For now, either changing IP tables on the router to point back to the Pi-Hole or outright blocking port 53 outbound works. But.
At some point, they are going to start using DNS over HTTPS so all DNS requests will go out encrypted over the same port 443 as all other HTTPS traffic and I can’t block that. Right now, I’m also blocking DNS over TLS (port 853) but DoH is going to be a large problem not just for me but for anyone using DNS to enforce policy (think businesses, schools, etc.).
I suppose at some point, someone will come up with a DNS blocker but that’s going to be much harder to implement. For now: Why is Wyze sneaking around?