Amazon Sidewalk: privacy threat or kind of cool?

In My Humble Opinion
1

Amazon Sidewalk is a shared network that allows enabled Amazon devices, including Echo, Ring doorbells/cameras and Tile trackers, to connect to the internet when out of range of your network. It shares a small amount of your bandwidth (up to 80 Kbps) with nearby devices. It could be useful if you have a device on the edge of your wifi range, if your wifi goes down, or if you lose your Tile-clipped keys outside of your home. Amazon is launching the service June 8.

It’s essentially a mesh network, which allows connections between devices without going through a central routing hub. Mesh networks got some media attention after Hurricane Sandy, when neighborhoods were able to communicate through them even though most network services were down.

So on the one hand, it’s pretty cool and expands the functionality of some devices, especially the Tile. It might enable you to unlock your Ring door even if your network is down. It’s neighbors looking out for each other!

On the other hand, what are the privacy concerns? We’re so conditioned to being told to protect our network lest it get hacked, that something like this just immediately sounds wrong. Amazon didn’t do themselves any favors by making it opt-out, meaning it’s turned on by default unless you explicitly turn it off. But of course, it would fail out of the gate if they made it opt-in, because no one would bother to turn it on.

So where do people stand? I started in the camp of disabling it immediately. But I’m slowly moving toward the other side as I get a better sense of just what privacy concerns there are. I don’t see a viable path to network hacking through this. And if the concern is with Amazon doing shady things with data, then as one of the linked articles below says, why have one of these devices in the first place? You’re already opening up a much bigger can of worms with the device than you are with Sidewalk.

Links for more reading…Ars Technica (not a fan): Amazon devices will soon automatically share your Internet with neighbors | Ars Technica
Slate (actually pretty cool): The Amazon Sidewalk mesh network experiment is pretty cool. (slate.com)
Popular Science (there are risks, but not what you think): The privacy concerns with Amazon Sidewalk, explained | Popular Science (popsci.com)

Finally, it’s inevitable that a thread like this will have comments about fools who trust any of their data to Amazon/Google/Apple/etc. Which is valid and all, but I’m hoping to keep this focused on Sidewalk.

2

I think the privacy and network security of this change is probably rather limited. That is, there are minor additional concerns, but they’re generally dwarfed by existing concerns about those devices. Like, it’s possible that there’s going to be some vulnerability in the Sidewalk implementation specifically that will let someone root your network, but that additional attack surface is probably small compared to the existing stuff, and making your (and your neighbors) various smart devices more resilient against local network problems is a pretty good improvement for that minor cost.

If you are willing to give Amazon access to live video feeds from your front door and a microphone in your house, you shouldn’t worry about the rest of this. I will respect your wish to not call those who do fools, and simply say that I am not remotely comfortable with doing so, so I don’t own any of those devices.

I think the concern about LE Bluetooth tracker tags being a stalker tool is a legitimate one, but the cat is already mostly out of the bag on that one with Apple’s implementation, which will almost certainly be the preferred StalkerTag given the ubiquity of iPhones and the fact that there’s OS-level support for it. I’m not convinced that Apple’s protections against this are very good, but I do believe that Apple will keep working at it.

3

I agree with the first two paragraphs of @iamthewalrus_3 and I don’t know what he’s talking about with the third.

It’s interesting to me that Amazon’s user agreements allow them just hijack a person’s internet connection to offer services to other people. Although this is a limited bandwidth use, what is the limiting principle here? What in the user agreement stops Amazon from using all the devices they have installed in people’s homes to offer almost-anywhere cell service and broadband? Sure, if too many took advantage of it, everyone’s performance would suffer (tragedy of the commons) but that’s a problem for later.

4

The context is in the last of the links in the OP.

5

Having already read the first two articles, I commented without clicking the third link. Sorry I missed it and thanks for pointing it out.

6

I would assume the opt-out button (and their bandwidth and total usage cap) would protect them in this case. For the broader concern, I’m not sure there’s much other than market forces. They can modify the user terms & conditions if they want, but if they did something ridiculous like that, no one would buy their devices.

7

Apple tried to develop its own mesh network for its iPhones and other such connected devices to connect directly, bypassing the carriers, I think facetime and their imessage was all that remains of that effort, bypassing cell companies calling and messaging. IDK if Amazon can break through to create such a network.

Additionally what about contracts with IPS’s? How is it OK for me, via end user agreements with an Amazon connected device, to let my neighbor, use my connection for his Alexa? And if that’s allowed how come I can’t share my connection with my neighbor?

8

You optimistically assume people read and understand the user agreements. I believe that if you explained to most owners exactly how these devices worked, they would generally say, “they can do that?”

And there aren’t a lot of market forces to bring to bear when there are really only three big participants in this segment and two of them have nearly indistinguishable practices.

9

I just heard about this for the first time today. Doesn’t appeal to me even one little bit. How do I opt out? (I will poke around in my user agreement, but if someone knows off the top of their head how to opt out, do tell.)

10

I read about this and went into my system to opt out. The instructions say in the Alexa app go to: “Settings” > “Account Setting” > “Amazon Sidewalk.” I didn’t have that last one, but then I realized that my only two echo dots were second generation and sidewalk only works with generation 3 and later. (see How to opt out of (or into) Amazon’s Sidewalk network - The Verge) So if you’re like me and slow to update, you may need not do anything to ‘opt out’.

ThelmaLou. That page tells you how to opt out as well.

11

Thank you! I located the setting, and it was pre-enabled, the sneaky bastards! I disabled it.
:+1:t4:
ThelmaLou aka OldLady

12

Geoffrey Fowler, who reviews home electronic products and privacy issues for Washington Post, is not amused. He recommends opting out, and I think links to instructions.

13

Legal question: If your neighbor is downloading kiddie porn, or planning the August Insurrection in DC, and it happens to pass through one of your devices, are you legally liable?