It always make me think (probably I am just over thinking) since I am new to HA which hardwires to my router via ethernet and it has Internet access. My question is what stops the devices that are integrated with HA from talking to some random cloud server) ?
I have not connected any of those smart devices via wifi its all on Zigbee
Proper isolation is what stops them.
HA/IoT should be on it’s own isolated SSID (wifi name) and Vlan with only the hub connecting to it. This becomes the one thing you have to trust but between open source and reputable vendors you have plenty of choices here. It’s also the device that provides a modicum of security since you can keep it up to date.
On top of ZigBee/zwave/other protocols, I would recommend setting up pihole or some other similar traffic blocker so that you can control what is allowed in and out of your network
In the case of ZigBee (or Z-Wave), devices have the ability to talk to each other and to the controller. But they don’t directly have the ability to talk outside the mesh, even if something like the hub has Internet access.
My question is what stops the devices that are integrated with HA from talking to some random cloud server) ?
You can use your firewall/router to stop any if your networked device to go to the internet.