For IOT devices that need internet to work adequately, such as home alarms (to send alert notification to the user's phone) or security cameras (for live feed), what would be a good way to allow these essential communication with the user while blocking all spying telemetry? I don't want these devices sending my data back to their servers.
And I'd like to do it at the OpenWRT router level for convenience and ease of maintenance down the line.
use adblock to block the dns names they use ?
This is not always easy, sometimes impossible. You would need to find out exactly what the devices in question do for their connections to the internet - in other words inspect the details of the connections it establishes to cloud services and then test what happens if you block some of those connections. (Also possible that it only connects by one port, which would make it impossible to block some activities but not all)
It is possible that blocking any of the connections will render the device partially or completely useless. Especially if the processing is performed in the cloud. For example, if it is a camera and the notifications are generated by the cloud service after analyzing the video itself, blocking the video feed would mean that it can’t generate the notifications at al.
It's not easy to distinguish good from bad traffic on the user level, much less in the network level...