This ^ I start by blocking any new device to the network, even if it needs internet access (e.g. a new mini PC or something) and monitor for odd activity. If the device needs internet activity and has shown no signs of trying to phone going to something suspicious, I grant it from there (note my devices are under constant monitoring though). If it doesn’t need access (tv, home automation, printer, vacuum, etc) it stays where it’s at.
But yeah agreed completely. I avoid all IoT that won’t work without a third party cloud or internet access. Using Nextcloud (which does my rss feeds too), HA, pihole, and Emby (also blocked from internet access via firewall rules) for me. Also a few apps I created for myself for things where there weren’t any useful or good FOSS alternatives for.