It is considered a fail, and then inputting passwords in the form is a super fail.

we do monthly phishing tests and some of our people are so bad that we put in the test email “this is a phishing email, do not click sign in” above and below the sign in box and they still give creds

Verizon and ATT just rebrand nokia ONTs and roll some of their own software that is mostly enhanced or changed encryption at L1. Can’t speak for Comcast, I only know about the other two as I’m in a smaller ISP that competes with them.

They use have L2 onts that don’t have any gateway functions, just fiber to ethernet with some extra overhead to monitor the connection between the hose and shelf.

The ONT-on-a-stick units do the same thing, just a more compact and expensive interface that doesn’t have great support, unless comcast or running all home run fibers where they can just provide a straight SFP instead of doing any optical splitting.

No, you are likely looking at an ONT (optical network terminal), and it is not a router. Even with a port that accepts the fiber (sfp or sfp+ for 10g) on your equipment, the OLT (optical line terminal) likely will not provide you with service.

If you were to match the wavelengths the ISP is using you are likely to become a “rogue” on their PON that can knock out service for other customers that share the same passive network as you.

I make assumptions about you being on PON since you say AT&T, generally all I have ever seen from them are passive networks (one fiber with splitters for 1 port to many customers) unless you are paying extra for “dedicated” ($$$$$) internet.

If they are using a ONT with an “RG” (residential gateway) which is the typical “all in one” you can request the gateway service can be removed and replaced with a layer 2 bridge, where you’re router/firewall gets the “external” addressing and there is nothing being done by the ISP equipment other than sending you traffic and OAM (operations, administration, and maintenance; usually check or alert for light levels, software status, if a part of the ONT fails etc).

it detects that it is not elon’s child and just continues to destination, wild.

For indoor cameras, I use TP-Link tapo wireless cameras, and hikvision for outdoor. I put all of them on an isolated camera wlan and vlan without internet. the tapos work fine without internet access, but the status light will always be orange as it tries to reach some tplink aws IP to verify connectivity.

All the hikvision cameras and tapos support rtsp.

Use your own router, if you don’t want your traffic/activity watched, you must use a VPN. There are several routers that have built in VPN clients, that should be more convenient then per client VPN.

For reference on what your ISP is using to watch your traffic from the subscriber through the core and to the internet, you will want to read about sflow/netflow, which reads packet headers. Technically, the ISP can capture all traffic and would have the full ability to read unencrypted data. There is also the ability to do MITM TLS shenanigans, but typically you see that at the enterprise level as end devices need to trust the certificate issued to the proxy. Also note that there is such thing as lawful intercept, which in the US means that law enforcement agencies can also snoop your traffic “with a court order” at any point, often without the ISP being explicitly notified.

typically you only need one power supply to run it, once you move to redundant power you can use the second one in case the first one fails. when you plug both in it will just balance across both until one fails.

in my opinion, hardware should only be hypervisors that run virtual machines, then you can provision VMs, similar to using VPSs. going this route you will need a vga monitor for initial setup, eventually everything is done over the lan with a web ui or ssh.

i use proxmox which is Debian based for the hypervisor.

As far as what you do with it, is that you can in theory replace the VPSs or test software in your lan.

to compare, i have my router (vyos), homeassistant, a docker server for hosting small services, a network lab (gns3), windows and mac VMs, and more running on a cluster that is using similar hardware.