If you use Alexa, Echo, or many other Amazon devices, you have only 10 days until you’re opted in to an experiment that leaves your personal privacy and security hanging in the balance.
On June 8, the merchant, Web host, and entertainment behemoth will automatically enroll the devices in Amazon Sidewalk. The new wireless mesh service will share a small slice of your Internet bandwidth with neighboring Sidewalk-capable devices that don’t have connectivity. Sidewalk will also help your Amazon devices to a sliver of bandwidth from other Sidewalk users when you don’t have a connection.
By default, a variety of Amazon devices will enroll in the system come June 8. And since only a tiny fraction of people take the time to change default settings, that means millions of people will be co-opted into the program whether they know anything about it or not. The Amazon webpage linked above says Sidewalk “is currently only available in the US.” The full list of devices that can act as Sidewalk bridges is Ring Floodlight Cam (2019), Ring Spotlight Cam Wired (2019), Ring Spotlight Cam Mount (2019), Echo (3rd gen and newer), Echo Dot (3rd gen and newer), Echo Dot for Kids (3rd gen and newer), Echo Dot with Clock (3rd gen and newer), Echo Plus (all generations), Echo Show (all models and generations), Echo Spot, Echo Studio, Echo Input, and Echo Flex.
The webpage also states:
What is Amazon Sidewalk?
Amazon Sidewalk is a shared network that helps devices work better. Operated by Amazon at no charge to customers, Sidewalk can help simplify new device setup, extend the low-bandwidth working range of devices to help find pets or valuables with Tile trackers, and help devices stay online even if they are outside the range of their home wifi. In the future, Sidewalk will support a range of experiences from using Sidewalk-enabled devices, such as smart security and lighting and diagnostics for appliances and tools.
How will Amazon Sidewalk impact my personal wireless bandwidth and data usage?
The maximum bandwidth of a Sidewalk Bridge to the Sidewalk server is 80Kbps, which is about 1/40th of the bandwidth used to stream a typical high definition video. Today, when you share your Bridge’s connection with Sidewalk, total monthly data used by Sidewalk, per account, is capped at 500MB, which is equivalent to streaming about 10 minutes of high definition video.
Why should I participate in Amazon Sidewalk?
Amazon Sidewalk helps your devices get connected and stay connected. For example, if your Echo device loses its wifi connection, Sidewalk can simplify reconnecting to your router. For select Ring devices, you can continue to receive motion alerts from your Ring Security Cams and customer support can still troubleshoot problems even if your devices lose their wifi connection. Sidewalk can also extend the working range for your Sidewalk-enabled devices, such as Ring smart lights, pet locators or smart locks, so they can stay connected and continue to work over longer distances. Amazon does not charge any fees to join Sidewalk.
Amazon has published a white paper detailing the technical underpinnings and service terms that it says will protect the privacy and security of this bold undertaking. To be fair, the paper is fairly comprehensive, and so far no one has pointed out specific flaws that undermine the encryption or other safeguards being put in place. But there are enough theoretical risks to give users pause.
Wireless technologies like Wi-Fi and Bluetooth have a history of being insecure. Remember WEP, the encryption scheme that protected Wi-Fi traffic from being monitored by nearby parties? It was widely used for four years before researchers exposed flaws that made decrypting data relatively easy for attackers. WPA, the technology that replaced WEP, is much more robust, but it also has a checkered history.
Bluetooth has had its share of similar vulnerabilities over the years, too, either in the Bluetooth standard or in the way it’s implemented in various products.
If industry-standard wireless technologies have such a poor track record, why are we to believe a proprietary wireless scheme will have one that’s any better?
The omnipotent juggernaut
Next, consider the wealth of intimate details Amazon devices are privy to. They see who knocks on our doors, and in some homes they peer into our living rooms. They hear the conversations we’re having with friends and family. They control locks and other security systems in our home.
Extending the reach of all this encrypted data to the sidewalk and living rooms of neighbors requires a level of confidence that’s not warranted for a technology that has never seen widespread testing.
Last, let’s not forget who’s providing this new way for everyone to share and share alike. As independent privacy researcher Ashkan Soltani puts it: “In addition to capturing everyone’s shopping habits (from amazon.com) and their internet activity (as AWS is one of the most dominant web hosting services)… now they are also effectively becoming a global ISP with a flick of a switch, all without even having to lay a single foot of fiber.”
Amazon’s decision to make Sidewalk an opt-out service rather than an opt-in one is also telling. The company knows the only chance of the service gaining critical mass is to turn it on by default, so that’s what it’s doing. Fortunately, turning Sidewalk off is relatively painless. It involves:
- Opening the Alexa app
- Opening More and selecting Settings
- Selecting Account Settings
- Selecting Amazon Sidewalk
- Turning Amazon Sidewalk Off
No doubt, the benefits of Sidewalk for some people will outweigh the risks. But for the many, if not the vast majority of users, there’s little upside and plenty of downside. Amazon representatives didn’t respond to a request for comment.
Post updated to remove tile trackers and motion sensors from the list of affected devices.