How paranoid should we be about these devices plus BT plus TR-xx?
Possibilities for the paranoid: Tracking what we do, or worse, monetising that data, or even getting up to all kinds of things far worse than mere listening, things that I'd rather not think about.
[I haven't entirely forgiven BT for the Phorm scandal. The best thing that happened was the PR disaster that came out of it, became all-consuming, and which ultimately swept the Phorm sleazy scumbags out of the UK off to some new third world adventures who knows where.
I wouldn't be happy with a device that can not easily be audited, never mind firewalled as this is all on the wrong side, the WAN L2
murky stuff.]
I wouldn't want to start having to run everything through a Firebrick tunnel, as I wouldnt want to have to pay the performance hit and the £15 p/m for hosting another Firebrick at the A&A end. There is an alternative for A&A Firebrick users, where all your IP packets are actually sent as PPP LCP funny packets, iirc, which is available to combat BT bugs and could deal with them getting up to no good.