Hikvision's decision to discontinue their Hik-online.com DDNS service has brought attention to port forwarding. DDNS services typically are used with port forwarding to overcome the issue of changing dynamic public IP addresses.

However, port forwarding, by definition, places a device that is physically behind a firewall open to the public (for the ports forwarded). With the rise of directories like Censys and Shodan, one's device is likely to be indexed and available for hackers to attempt penetrating. Even if your device has no known vulnerabilities today, new vulnerabilities are regularly found (e.g., the Sony backdoor) making your devices at risk in the future (or even to dictionary attacks, etc.).

On the other hand, port forwarding is simpler for many users than having a VPN and many systems do not have a 'phone home' cloud service connecting to devices.

So, vote, comment inside: