Is there a reputable and updated list posted anywhere?
Not that I have found. That would be too much work for not enough online ad exposures.
Right now the only IoT type devices I have connected are a Buffalo router (DD-WRT out of the box)
Not sure if Buffalo is good about not putting in backdoors. Check that busybox is over v1.20.0. If not see if you can upgrade (maybe to OpenWRT), or set "domain" and "hostname" to hardcoded values before they get used in udhcpc/default.script or whatever script udhcpc first runs... though that may be a bit paranoid if your ISP is good about not letting users see each other's DHCP traffic. (There are a couple other options also affected, but they are likely not used by DD-WRT)
No clue on the Ooma.
Perhaps we could add features to DD-WRT and similar that look at our usage patterns, and notify us when it sees a usage pattern that just seems odd.
That's harder than it sounds... usage patterns depend a lot on server side code that can change anytime the vendor pleases, and cloud services are always moving around these days.