Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Amazon Sidewalk - Sharing is Caring, but maybe not wifi

Do you have an Amazon Echo or Ring Device? Are you a greedy bastard who doesn't like sharing your pencil with a coworker, let alone sharing your wifi password? No worries, with Amazon Echo, you don't need to share your password with complete strangers, it does the wifi sharing for you!!

 

...Maybe. It's a bit more complicated. This is out of my expertise so this might be more question than answer for my part, but here goes:

 

What is it? According to Amazon, Sidewalk is

Quote

a shared network that helps devices like Amazon Echo devices, Ring Security Cams, outdoor lights, motion sensors, and Tile trackers work better at home and beyond the front door. When enabled, Sidewalk can unlock unique benefits for your device, support other Sidewalk devices in your community, and even locate pets or lost items.1

So essentially, your Sidewalk capable devices will take a small chunk of bandwidth to create a neighborhood mesh network useful in connection reliability, finding lost items, and helping neighbors do the same. 

A lot of articles have come out earlier saying that you're giving strangers access to your internet connection at the worst and losing bandwidth involuntarily at best. I just heard about this and started looking into it because we got a notice at work to be ready when people ask about this thinking we have something to do with it (I work for an ISP). But reading into it further, it sounds like it's not as bad and evil as originally thought. But maybe still not good. 

Amazon released a paper that apparently had a lot of experts impressed, answering a lot of questions about security concerns.A few concerns it attempts to answer:
 

Quote

 

Amazon adds that it deletes the data used to route Sidewalk transmissions every 24 hours, and that it uses rolling IDs to prevent those transmissions from being tied to any specific user. 
Community Sharing is OPT-IN
"Neighbors using Community Finding won't be able to see the exact street address of your Sidewalk Bridge. They will only see an approximate location. This setting will apply to all of your Sidewalk Bridges."

It's important to note that Amazon anonymizes that location data.3

 

 

OK now what ISN'T it?

It is NOT sharing the internet, just the network connection
It is NOT sharing info of other devices on the network
It is NOT handing out your wifi info to anyone else

But it COULD. 
So here come the concerns. 

John Sinderman, the CEO of Pivotal IT, has some serious concerns about the possible security implications for Sidewalk

Quote

Amazon is quick to point out that Sidewalk “does not share your wifi” but Sinderman says while technically correct, that’s splitting hairs.

“They’re putting a device on their network that now will allow other devices from as far as a mile away to connect to that device on their network. In our world that is a potential vulnerability. It could allow access into your network from a network that’s not trusted,” said Sinderman.2

Amazon has boasted that Sidewalk is 
 

Quote

designed with multiple layers of privacy and security to secure data traveling on the network and to keep customers safe and in control.1

They've also noted that 
 

Quote

It's all on your own terms
Don’t think you need Amazon Sidewalk? No worries. You can update this anytime from the Ring or Alexa mobile apps.2

The problem with having the service on user's terms is users are typically very lazy about security. In the 2nd source, Sinderman expressed concern over the Opt-Out nature of the service. Amazon might be banking on people's lazy tendencies to create a large userbase and reliance on the program. Furthermore, their rollout has been questionable due to lack of notification.

Quote

 

No text or email notifications went out to customers like The Orszaks in Greenville.

So when we showed up on their Ring they were surprised and not just by the TV crew.

“It’s the first I heard of it is when you came up. I think it’s wrong,” said Midge Orszak.

“It seems like they should have emailed everybody and told them about the change. It shouldn’t be opt out, it should be opt in,” said Jeff Orszak.2

 

I don't know how widespread the lack of communication was but I'm just now hearing of it and I am an amazon member, so I can believe more people aren't aware.

Finally we have what are in my opinion the 2 worst implications of this service and many experts biggest concerns.

 

A. Lack of Abuse Mitigations

Quote

While we all empathize with someone whose pet is missing, and we’ve all wondered where we left our keys, any system that allows one to track a pet allows one to be a stalker. So Sidewalk creates new opportunities for people to stalk family members, former romantic partners, friends, neighbors, co-workers, and others. Just drop a tracker in their handbag or car, and you can track them.
Sidewalk amplifies the existing risk of a surreptitious tracker by giving it the extended reach of every Echo or Ring camera that’s participating in the Sidewalk network. If Sidewalk systems don’t have proper controls on them then estranged spouses, ex-roommates, and nosy neighbors, can use them to spy from anywhere in the world.
We also are concerned about how Amazon might connect its new Sidewalk technology to one of its most controversial products: Ring home doorbell surveillance cameras. For example, if Ring cameras are tied together through Sidewalk technology, they can form neighborhood-wide video surveillance systems. 2

Simply put, like most other forms of technology, it is a tool. When used correctly it can be very helpful, but if used poorly...
This has me very concerned, especially with the increasing prevalence of IOT devices and security cameras.

 

B. Vested Interest and possible monopoly

I mentioned this in the article about forcing contracted drivers under heavy surveillance in their own vehicles, but I'll reiterate it now as I feel this is 10x more concerning. 
Amazon has a vested interest in data. Amazon and data go together like Abbott and Costello (and a hooting owl, 10 pts to Gryffindor if you get that joke)
Anything Amazon does, any service or product it adds not only adds the profit of that sale (Sidewalk is free btw), but it increases their core business of DATA, which they then use to advertise and sell to you in their other parts of the business. I'm not accusing amazon of being evil or having any malice, but I'm stating that Amazon has a large financial reason to make business choices that negatively affect their customers. So any time a business decision is made that could hurt others, I'm going to naturally give them less benefit of the doubt as they simply have large motive. ArsTechnica takes on a lot of my concern here:

Quote

 

To be fair, the paper is fairly comprehensive, and so far no one has pointed out specific flaws that undermine the encryption or other safeguards being put in place. But there are enough theoretical risks to give users pause.

Next, consider the wealth of intimate details Amazon devices are privy to. They see who knocks on our doors, and in some homes they peer into our living rooms. They hear the conversations we’re having with friends and family. They control locks and other security systems in our home.

Extending the reach of all this encrypted data to the sidewalk and living rooms of neighbors requires a level of confidence that’s not warranted for a technology that has never seen widespread testing.

Last, let’s not forget who’s providing this new way for everyone to share and share alike. As independent privacy researcher Ashkan Soltani puts it: “In addition to capturing everyone’s shopping habits (from amazon.com) and their internet activity (as AWS is one of the most dominant web hosting services)... now they are also effectively becoming a global ISP with a flick of a switch, all without even having to lay a single foot of fiber.”4

 

Putting this into perspective adds to the concern of the neighborhood wide video surveillance. This also sheds more light on the possible reasoning for the opt out nature and the lack of notification

All in all I'm not going to assign malice as I said, but I do think we are rapidly heading towards a point of no return with our privacy. Legislation needs to step in and provide an ethical system of constraints that technology can follow to ensure it is being used fairly and for a good purpose as much as possible. The fact that a company can rely so easily on consumer laziness to implement such a service with massive potential for misuse and profit at best and outright harm at worst, that says a lot about hw far we've slid into the comforts of giving up privacy to let someone else do it for us. I sincerely hope this can be a help to those who lose keys or pets, but I really worry what else it can and will be used for

 

Sources

1. https://www.amazon.com/Amazon-Sidewalk/b?ie=UTF8&node=21328123011

2. https://www.eff.org/deeplinks/2021/06/understanding-amazon-sidewalk

3. https://www.cnet.com/home/smart-home/amazon-sidewalk-officially-here-what-to-know-about-sharing-home-bandwidth-community-finding/

4. https://arstechnica.com/gadgets/2021/05/amazon-devices-will-soon-automatically-share-your-internet-with-neighbors/


Tech news post disclosure: At work, I have small moments between calls to make posts here, and so I might have been working on a post like this for hours over a few seconds at a time. If someone has posted a similar article while I was writing slowly over hours, please know I'm not trying to copy anyone and did search for the topic before I began writing, just to be sure

Link to post
Share on other sites

I think this is a repost. 

About the wifi sharing: isn't that the most effective way to make sure Whispersync is everywhere without requiring mobile connectivity?

 

I jokingly suggested to a few colleagues that hacking into vulnerable routers and setting up a similar thing would allow us to setup the cheapest wireless infrastructure ever... But I guess it also works with IoT.

Link to post
Share on other sites
1 minute ago, Forbidden Wafer said:

1. I think this is a repost. 

2. I jokingly suggested to a few colleagues that hacking into vulnerable routers and setting up a similar thing would allow us to setup the cheapest wireless infrastructure ever... But I guess it also works with IoT.

1. Yeah I found out about it and saw most articles about 2 weeks old, but i searched "Sidewalk" and didn't see any posts, but if I missed something, the mods will likely knock it down or merge it. 

2. Yeah the implications worry me, it sounds far too easy for a non tech versed individual to ignore and pretend it's OK

Link to post
Share on other sites

<-- Thread locked -->

 

Indeed a post already about it here:

 

 

PSU Tier List Thread

Please make sure to Quote me or @ me to see your reply!

 

"White Ice"

Ryzen 9 5900x | Asus Crosshair VIII Hero (Wi-Fi) | EVGA RTX 2080ti | Ballistix 32gb 16-18-16-36 3600mhz | Custom Water Cooling Loop | 1tb Samsung 970 Evo

2tb Crucial MX500 SSD | 2x 3tb Seagate Drive | Fractal Design Meshify S2 |  EVGA G2 750w PSU | 3x Corsair LL140 | 3x Corsair LL120

 

Dedicated Streaming Rig

 Ryzen 7 3700x | Asus B450-F Strix | 32gb Gskill Flare X 3200mhz | Corsair RM550x | EVGA GTX 1060 3gb | 250gb 860 Evo m.2

Phanteks Enthoo Evolv |  Elgato HD60 Pro | Avermedia Live Gamer Duo | Avermedia 4k GC573 Capture Card

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×