Look for something that can do rtsp streaming. Reolink, amcrest, ect. Its all cheap Chinese cameras that almost definitely dial out to some Chinese server.

What I do is have all cameras connected on a wireless router with no internet, use zoneminder on a Linux that is connected to my home network via Ethernet and the camera network via WiFi, and allow https into my home network from my VPN

In the realm of firewall applications, i use the following: ° Ipfire is easy to use, but lacks ipv6 support and it doesn’t have otp. It has lots of packages though.

° Alpine is good, if you don’t want a GUI or want to spend time figuring out how to build a web ui (really good for beginners as its mostly xml)

° openwrt is good fit for low end hardware (SPARC or arm processors mostly) but also works on x86.

° opnsense - like pfsense, but more up to date. Has some quirks in it (like if you block both incoming and outgoing, but just want to allow 80/443, the rules look weird…like the direction you have to allow is in, but destination is 80/443. Very strange bug that isn’t in pfsense).

° hardenedbsd firewall - literally just opnsense but with hbsd’s fully patched kernel. No repo though.

That being said, you can make any distro a firewall, just use iptables/pf/ipfw/ipfilter rules through command line, and you can add anything in that distros repo you can think of.

Personally, I’d advise to use opnsense over pfsense. Opnsense kernels are more up to date, and the devs are less toxic.

Ipfire is a Linux alternative that is easy to use, just no otp.

The word you’re looking for is steganography

I’ve got a t620, and am using it as a firewall. It has aes-ni so I can generate certs. Plus it has a pcie slot, so I threw a nic in there. Its powerful for around the same price as a raspberry pi is going these days. I think I got it for about $80 plus $10 or $15 for the nic.

Just always browse incognito/private. I haven’t gotten hit yet. I strive for a leave no cookies behind type browser.