Its true that a proxy can see all events going through it. However the Ajax Proxy I have made use of during testing started supporting encryption for not to long ago. The idea was to support the “bring your own proxy” as a temporarily solution until we could get a dedicated Homey proxy up and running. The only proxies setup now are as far as I know setup by a single security company in Sweden, and the proxy code is developed and maintained by a national technical director for a Ajax country.
I would ofcourse prefer not using a proxy, but its really the only way for “normal” users who do not have enterprise keys, to get more functionality outside arm/disarm.
Without telling to much, we do have a lot of great progress now, so I hope and believe we will have a more elegant solution very soon! In the meantime it might make sense to add a warning in the app about not trusting proxies you dont know.
