> for easy off site access Exactly. The WebThings Gateway on an RPi is behind a firewall. How to access it? Mozilla makes it easy for users to securely access their gateway when remote, by setting up a tunneling service for the .mozilla-iot.org subdomains that users configure during the setup process. Mozilla has to pay* for running the https tunneling services that allow this security. Mozilla wants to protect your security; they do not want your data. The subdomain enables Mozilla's setup process to download and install the cert for the subdomain you create (from LetsEncrypt) onto the gateway, so you don't have to figure it out on your own. If you have your own registered domain name and know how to install its cert and then expose and port forward 443 from your router to the WebThings gateway, Mozilla would be happy because that reduces their tunneling expense. The goal was to make it easy for users to run a secure gateway by default. But with an OpenWrt router approach, appropriate firewall rules and dynamic dns can help reduce the need for the tunneling service, yet keep things secure. Maybe eventually ordering your own complete domain could be part of the setup process, but you'd be paying some 3rd party to make that happen, whereas the subdomain approach keeps it free.