UPDATE: this link includes a white paper on the vulnerability of the UPnP protocol used (?) by Tivo to enable Out of Home Streaming. Apparently, quite a few folks use this, and "Universal Plug and Play" may be at risk.
A couple of thoughts...
1. - this does not PLAY well with the notion of streaming out of home.
2. - the silence from Tivo is deafening. I suspect this feature, cool as it may be, might need to include a release waiver sparing Tivo from any liability pertaining to the significant security implications. Just saying...
Some firewalls do not allow UPnP to be "enabled". Mapping ports?... any ports opened represent a "potential" issue.
I can find no documentation from Tivo pertaining to this because if they reveal the ports they are using, OOH streaming becomes a backdoor to be hacked. I believe UDP 1900 is the only "standard" port associated with it? Hopefully someone in Tivo Engineering can chime in....this issue will bite Tivo in the rear until it is fully documented and made clear.
I am not saying it matters - that of someone gaining access to your Roamio - and what are the odds and why would a consumer DVR be a target? BUT...I'd like to hear how Tivo plans to address this.
If you happen to use a business grade firewall, you need to ascertain the ports Tivo uses and map them. If you have a commodity firewall which allows the service to be enabled/disabled - you should be perfectly fine. Enable it. Why not? But it is not "secure", according to how I am reading things. Neither is a home security video camera but many people use them without issue. Happy to hear other's thoughts.
It SHOULD be in the Tivo FAQ - I sent my feedback to them. The FAQ is simplistic. Networking is not that.
I'm not criticizing specific firewalls - some are built for home/commodity use and others are for business, that's all. Business typically has more skin in the game insofar as security and poking holes (dynamic or static).
Thanks to those of you who specifically identified this Open Source protocol being used by Tivo.