back to article Amazon's ad-hoc Ring, Echo mesh network can mooch off your neighbors' Wi-Fi if needed – and it's opt-out

Amazon is close to launching Sidewalk – its ad-hoc wireless network for smart-home devices that taps into people's Wi-Fi – and it is pretty much an opt-out affair. The gist of Sidewalk is this: nearby Amazon gadgets, regardless of who owns them, can automatically organize themselves into their own private wireless network mesh …

  1. MatthewSt
    Alert

    Popcorn?

    Oh I'm going to enjoy reading the comments for this one!

    1. The Man Who Fell To Earth Silver badge
      FAIL

      Neighborly

      Nothing says "Neighborly" like expanding the attack surface for miles.

      1. bombastic bob Silver badge
        Unhappy

        Re: Neighborly

        ANYONE who does a drive-by WiFi crack on ANY home "in the mesh" would now (potentially) have one of several "attack vector" IP addresses at his disposal. And also, several subnets to scan for vulnerabilities on...

        You are LITERALLY relying on your neighbor's IT skills protecting YOUR network from abuse. And tracking. And possible identity theft.

  2. Foxglove

    Opted out should be the default.

    The option to consent should be decided by the consumer not the vendor.

    It's pretty scummy in my opinion to opt existing users in by default.

    Does anyone know if this would be legal in the UK?

    Genuine question as I don't know and I'm not sure how to even start a search for the topic.

    I appreciate it hasn't happened in the UK yet.

    1. Dan 55 Silver badge

      Re: Opted out should be the default.

      As usual, the giant US megacorp with no concept of privacy or data protection will do it anyway and then the ICO may or may not do something (probably not).

    2. gerdesj Silver badge
      Childcatcher

      Re: Opted out should be the default.

      I doubt it is really legal in the US either.

      For me the problem is that this system can't detect that the internet link that gets used is not an expensive one, ie one that is paid for by the byte. Most people will be unaffected but I shudder to think what happens when it finds a satellite phone link with data and decides to route through it. There are plenty of other failure modes.

      1. Dapprman

        Re: Opted out should be the default. @ gerdesj

        I understand where you're coming from, however this is just using existing ring/nest connections so unlikely to touch those on paid by usage tariffs.

        1. johnfbw

          unlikely to touch those on paid by usage tariffs

          like in most countries that aren't first world?

      2. J. Cook Silver badge

        Re: Opted out should be the default.

        Indeed; We all remember that Apple got bit by the thing that decided to use cell data to augment weak wi-fi signals for it's devices, and a few people got walloped with some rather large overage charges, yes?

        This has that potential to occur, unfortuantely.

    3. katrinab Silver badge
      Meh

      Re: Opted out should be the default.

      900MHz is the GSM band in the UK and most of the world. Originally used for 2G in the UK by O2 and Vodafone, now also used for 3G and 4G.

      It requires a pretty hefty license fee payable to Ofcom https://www.ofcom.org.uk/__data/assets/pdf_file/0020/130547/Statement-Annual-licence-fees-900-MHz-and-1800-MHz.pdf

      1. Al 6

        900MHz?

        My guess is that it's actually 915MHz in the US and will be 868MHz in the EU - the usual license exempt bands used by LoRa.

        1. Martin an gof Silver badge

          Re: 900MHz?

          LoRa is quite popular in the "maker" community it seems. Adafruit has a range of modules with LoRa at both 900(ish)MHz and 433MHz, capable of up to 2km line of sight, though for a recent project I've opted for a slightly simpler (and cheaper) technology.

          M.

    4. Rich 2 Silver badge

      Re: Opted out should be the default.

      For anyone using one of these devices, it's a fair assumption that they don't care about their privacy or about any abuse that Amazon might subject them to. So legal (or moral) or not, it probably doesn't matter

      1. Anonymous Coward
        Anonymous Coward

        Re: Opted out should be the default.

        "For anyone using one of these devices, it's a fair assumption that ..."

        ... in 2020, Amazon will undoubtedly spy on and steal ALL network traffic for "security" and "privacy" protections. As far as you not having one... it's better that you don't, that way nobody suspects a thing.

      2. DoctorNine

        Re: Opted out should be the default.

        By that logic, just because the child wants the candy, the pedophile is free to do whatever in the van.

        I'm pretty sure that's not a good plan for public safety.

        1. Rich 2 Silver badge

          Re: Opted out should be the default.

          Try talking to people who have these and similar devices. Really - they just don't care! I have given up on trying to tell them of the dangers. It's just like faecesbook users - most don't know of the privacy invasion and when you tell them, they give you a look of horror ...and then shrug and go and check their faecesbook account.

          Most people just don't care!!

  3. Colonel Mad

    Illegal

    Stealing bandwith is a capital offence.

    1. Anonymous Coward
      Boffin

      Re: Illegal

      Sorry, but we get the Tech company leaders because they know that they can get away with almost anything. (You should see some of the Right wing columns on the Big Tech / MSM complicity in getting Biden elected.... )

      Seriously though... extra bits from your Android phone sending data back to Google?

      Now this?

      Its small, just a bit of a user tax. So to speak.

      Would make for an interesting class action lawsuit.

      1. HellDeskJockey

        Re: Illegal

        It might make for an interesting suit. But in the USA most ISPs have such a large limit it would be difficult to prove any harm. Someone who using 4G with a small data cap like myself might have a suit but they people using cable internet most likely would not care. People like me are not going to opt in to networks for data slurping.

        1. This post has been deleted by its author

          1. Throatwarbler Mangrove Silver badge
            FAIL

            Re: Illegal

            Do you even math, bro?

            Put another way, 500 MB is rather less than half of 1.2 TB. If the cap were 1.2 GB, you would have a stronger point.

            1. John Robson Silver badge

              Re: Illegal

              Your maths is fine, but that first collection of words? I cant bring myself to call it a sentence.

              1. Anonymous Coward
                Anonymous Coward

                Re: Illegal

                It's a meme, boomer! :-)

            2. Alumoi Silver badge

              Re: Illegal

              ...total monthly data used by Sidewalk, per account, is capped at 500MB...

              That's 500MB per device (account). So 2 device is 1 GB, 10 devices 5 GB, pretty soon you're talking a lot of bytes :P

          2. Wade Burchette Silver badge

            Re: Illegal

            I would love to have a 1.2 TB cap because mine is 250 GB per month.

          3. heyrick Silver badge

            Re: Illegal

            "1.2TB monthly cap"

            Isn't that about fifty gigabytes per day?

    2. MOH

      Re: Illegal

      You wouldn't download bandwid... oh, wait

  4. Howard Sway

    encourage third-party manufacturers to produce equipment that is also Sidewalk compatible

    Such as the "steal all your neighbours data allowance for free" portable mini wifi router.

    1. Robert Carnegie Silver badge

      Re: encourage third-party manufacturers to produce equipment that is also Sidewalk compatible

      The Amazon Echo ShowNaughtyWebSites.

    2. mathew42
      Alert

      Re: encourage third-party manufacturers to produce equipment that is also Sidewalk compatible

      Considering that accessing a website from your IP address can be seen as sufficient evidence you viewed illegal content, I'd be slightly more concerned than just a bit of data.

      1. Anonymous Coward
        Anonymous Coward

        Re: encourage third-party manufacturers to produce equipment that is also Sidewalk compatible

        Objection, it is sufficient evidence that the content was accessed via a specific IP address which identifies a connection, not an individual.

      2. Anonymous Coward
        Anonymous Coward

        Re: encourage third-party manufacturers to produce equipment that is also Sidewalk compatible

        > Considering that accessing a website from your IP address can be seen as sufficient evidence you viewed illegal content

        I did study computer forensics at uni. So not an expert by all means but we did cover this one, as it is kind of crucial to the task of a forensic expert.

        And, as another poster has already mentioned, your assertion is patently false. The only evidence is that an IP address that at one point in time showed as being assigned to your subscription made a connection to another computer. Those are incredibly weak grounds on which to build a case and well below the standard of proof required in both civil and, obviously, criminal cases in the UK.

        Computer evidence is at best indirect evidence. Provided that both defence counsel and the courts are doing their job properly, nobody loses a case solely on that unless you're exceedingly unlucky or stupid.

        1. SImon Hobson Silver badge

          Re: encourage third-party manufacturers to produce equipment that is also Sidewalk compatible

          But you are missing two important points :

          1) In the US, they have different rules, and anecdotally it seems to be more a case of guilty unless proven innocent with this sort of thing. In any case, especially if there's only one person living there - it will be assumed that connection used == connection used by the sole occupier - "it wasn't me" not being accepted as a defence without some supporting evidence.

          2) Even where there isn't that assumption of guilt, just the accusation is enough to ruin your life. Potentially the police can come along, based with the evidence that "equipment in this property was used to commit an offence" and seize all your IT kit, which you may get back a couple of years later, and which may or may not still work. That is going to cause you problems ranging from "really inconvenient" to "so there goes your business down the drain". Search ElReg for some examples.

          1. Anonymous Coward
            Anonymous Coward

            Re: encourage third-party manufacturers to produce equipment that is also Sidewalk compatible

            "[...] and which may or may not still work."

            In the UK the psu may have been changed to 110v for their forensic lab safety supply - and they forgot to put it back to your 220v when it was returned.

  5. Doctor Syntax Silver badge

    What could possibly go wrong?

    And do Amazon care?

  6. martinusher Silver badge

    The real problem is the data caps

    What Amazon is trying to do with Sidewalk is to build a comprehensive, reliable, network for low bandwidth devices using existing resources. The engineer in me thinks this is a clever idea that makes use of a pooled resource to provide optimum performance for everyone. A bit like the Internet as a whole, really. It works only if the 'net is seen as a shared resource rather than something that needs to be doled out a teaspoonful at a time to individual users. Here data tiers are the big issue because the need to monetize the connection makes a connection 'owner' want to jealously guard their little slice of the pie.

    I daresay the goal of Sidewalk will not be achieved until we've ditched our current slate of ISPs for next generation ones who will probably include, or at least be partnered with, Amazon. (The current generation of ISPs probably have a vested interest in cellular wireless anyway so they won't want compeition from IoT devices that using non-cellular -- and so non-billable -- data.) We need much better management of Internet connections anyway -- the current setup doesn't manage abuse, like any common resource its prone to abuse by the less than socialized.

    1. Danny 2 Silver badge

      Re: The real problem is the data caps

      "The engineer in me thinks this is a clever idea that makes use of a pooled resource to provide optimum performance for everyone."

      Upvoted for irrational innocence. I recall when Dick Cheney's pacemaker was wifi hackable.

    2. doublelayer Silver badge

      Re: The real problem is the data caps

      It's actually quite a nice idea, and I'd be all for it but for a couple of things: it has no user control, no security, no accountability, and massively advantages Amazon over everyone else. Offering an open mesh network would be nice, and I'd gladly add some of my resources to it, but only if it could allow me to control what I allow and when. That means that it'd have to be an open standard and controlled centrally by each user without any data collection by a third party. This won't ever happen because a simple internet benefits several types of entities. It benefits ISPs which get to charge each user for a shared resource. It benefits data trackers who can more finely track individuals on the network. With these groups against an open idea, it won't ever really come to fruition. Still, let's keep the dream alive by making sure Amazon's proprietary imitation stays dead.

      1. Doctor Syntax Silver badge

        Re: The real problem is the data caps

        "It benefits ISPs which get to charge each user for a shared resource."

        I may have misunderstood this but the implication of it seems to be that the internet is just there and wouldn't cost users any money without the wicked ISPs charging.

        That shared resource cost money to create, costs money to be continually expanded to keep up with demand and costs money to pay people to look after it (and the users) and energy to run. Those costs are also shared and that's why you need to pay your ISP.

        1. doublelayer Silver badge

          Re: The real problem is the data caps

          You are correct. I pay my ISP for the resource I use. The difficulty is when they attempt to restrict what I may do with it. For example, I have an agreement with a neighbor who uses a different ISP. Specifically, we each pay our own bill, and if one ISP goes down but the other doesn't, we can use the guest network of the neighbor who still has a connection. I think that's technically against the subscriber agreement I have. ISPs also frequently restrict other things to make it difficult to put several devices on one connection; for example, someone I know had an ISP-supplied modem which didn't allow people to change basically any settings and throttled bandwidth when sent by too many client devices. Or there are the mobile providers who attempt to restrict what can be done with the data access a subscriber already purchased, such as preventing tethering. Without these tactics, I would entirely agree with you. Since they exist, I must only partially agree.

      2. DoctorNine

        Re: The real problem is the data caps

        Well, putting this idea forward does have the secondary side effect of encouraging ISP's to get rid of data limited plans that have no basis in the economics of their provision (fibre as opposed to satellite, for instance) because if they figure this out, then they can also sell ubiquity of the connection, and further monitor user behavior, which is one of the things they sell now. So if they are interested in that, they may figure out a way to require it as a term-of-service for connectivity. At which point consumer objections become moot.

    3. MachDiamond Silver badge

      Re: The real problem is the data caps

      You really don't want it to be your IP address on an infringement lawsuit for downloading some movie on bittorrent. IoT devices are notoriously leaky sieves when it comes to security. You don't want your neighbor's devices that they can't be bothered to secure (if possible) to be the access point somebody exploits to set up a downloading machine or seedbox. If you are hit with a lawsuit, the attorney fees are substantial to "prove" you are innocent and you may wind up just paying some demand as a way to save money. Of course, if it's more serious than pirating some media, you many wind up confronted by men in suits with no sense of humor and a bunch of questions they need answered immediately in some back room downtown.

  7. Blackjack Silver badge

    So... want to pay Amazon to spy on you?

    No Amazon Prime needed!

    1. fidodogbreath Silver badge

      Re: So... want to pay Amazon to spy on you?

      Anyone naive enough to purchase Amazon spy devices and install them in/on their home will probably think this is just grand. I mean, "they wouldn't be allowed to do it if it wasn't safe, right?"

      [sent from my Alexa- and Ring-free home]

  8. Chris G Silver badge

    Never mind the theft

    Of your bandwidth by neighbours, this looks like a potential backdoor/front door and open windows to bad actors, whether official or otherwise.

    What kind of security does this offer?

    Though I can't say I am worried personally, as I have no neighbours close enough to be a threat and neither do I own any Amazon or other IoT tat.

    1. John Robson Silver badge

      Re: Never mind the theft

      I'm sorry you put your IoT crap on your main network? What kind of a monster are you?

      (Yes, I know you don't have any, but the sentiment holds)

      All routers should come with three SSIDS, a "home" network, a "gutter" network for guests and a "sewer" network for anything else.

      1. cyberdemon Silver badge
        Devil

        > a "sewer" network for anything else.

        If I could upvote a hundred times.. this

        But it sounds like thanks to Amazon's latest 'innovation', you can simply deny access to your SSID entirely for your Amazon Thing, and let the sewer back-up in someone else's bog! :)

      2. MachDiamond Silver badge

        Re: Never mind the theft

        "All routers should come with three SSIDS, a "home" network, a "gutter" network for guests and a "sewer" network for anything else."

        It's not impossible to do the same thing with a few spare routers. I have a box of them in the closet from various places. Speed isn't an issue so they don't have to be recent models.

        Now I'm wondering how much fun I might be able to have setting up some traps to milk anybody trying to borrow a cup of bandwidth without asking politely.

  9. Mr Grumpy!

    I got one of these emails... Apoplectic with rage would describe my condition. It might have been to do with Amazons delivery people refusing to wear a face mask and declining to keep their distance when they turned up to take away a return I had. But hey ho, why bottle it up.

    2 sets of Amazon chat bots told me that I was mistaken, it was spam, etc and Amazon didn't send that email. After I pointed out that it came from Amazon servers, and had a valid amazon DKIM signature I finally got a supervisor who confirmed it was an amazon email and he was very sorry I'd been sent this US only email.

    I did elicit a promise that they wouldn't automatically opt me in when the UK receives this abomination. That's probably not a promise I'll hold my breath for...

    1. The commentard formerly known as Mister_C Bronze badge

      That promise that they won't automatically opt you in...

      Did they confirm it by email? If not, may I advise that you make a data protection act subject access request for a copy of the conversation - be it chat log or phone call recording. It'll cost a tenner now, but pay back later. Don't settle for the supervisor's summary because it will probably be "had a conversation with the caller"(1). And do keep el reg updated when they sign you up as part of the UK rollout.

      (1) yup, I suffered that cover-up comment when Scottish Power earned their £17.5M customer service fine a few years ago. Ombudsman didn't look any further, just said "there's a disagreement we can't adjudicate on".

      1. A K Stiles

        Just to add that Subject Access Requests don't cost since GDPR came online.

    2. hoola Silver badge

      Yes but that is the problem, only a read them, fewer understand and a tiny minority actually care. So much of this "IOT" shite that is being punted out is being bought by the same gullible idiots that tell the world when and where they are going on holiday to in a Facebook post.

      Amazon is just taking advantage of all the people, many of whom are actually intelligent but see this as "cool" to further increase there dominance. Amazon will only be happy when everything, and I mean everything is resold through their platforms. Regulators as so far behind it is pathetic and the missed opportunities to at least slow Bezos down with scrutiny on mergers and services defy belief.

      I am just totally baffled why so many people buy and use all this shite and are then surprised with things don't turn out quite as rosy as they expected.

      1. FlamingDeath Silver badge

        “Baffled”

        Don't be baffled, it is really quite simple

        When presented with an option of convenience over inconvenience, the average human will pick convenience over everything else, even their own security

        Most of the active people in this world are essentially hipsters, quick to adopt all that is shiny and new without any care as to ramifications. Their attention span so tiny, they move onto the next new and shiny clusterfuck

        1. Anonymous Coward
          Anonymous Coward

          "Most of the active people in this world are essentially hipsters, quick to adopt all that is shiny and new without any care as to ramifications."

          Most of the active people in this world are essentially hipsters, quick to adopt all that is shiny and new without any care as to ramifications.

          FTFY

  10. Anonymous Coward
    Anonymous Coward

    Double standards

    Isn't it against BT's terms of service to share broadband with a neighbour? Doesn't stop them sharing your Wi-Fi to all other BT customers though via FON.

  11. jake Silver badge

    No.

    Just no.

    1. Keven E

      Not on my watch

      I'm sure they have a number of other un/illconceived gigs... but someone worked real hard to make these uses available... I'm looking your way CW... (lol).

      "And it's hoped the mesh can be used to locate missing items or pets"

      My Samsung needs wet-nap now.

  12. Mike 137 Silver badge

    Interesting legality issue in the UK

    I have a strong feeling that the UK Computer Misuse Act might be brought to bear on this (unless of course you're forced to "authorise" the arbitrary accesses when you buy the endpoint kit). However, although a contract requiring that might not withstand scrutiny, I suspect nobody is going to test this.

    I guess most folks will just blindly buy and permit, as nobody has ever really explained the issues in terms the man on the Clapham omnibus can understand. The real digital divide is not between the haves and have nots of iPhones and fast broadband, but between the elite that provide and the masses that consume the services and products. Until the MotCo is informed enough and willing to challenge what is thrust at him by the tech behemoths, the invasion of both privacy and ownership will proceed unchecked.

    1. Anonymous Coward
      Anonymous Coward

      Re: Interesting legality issue in the UK

      I disagree with your opinion. Provided that the supplier (Amazon in this case) make it sufficiently clear in their communications (not just the small print) that by enabling this service you will be consenting to other people using your connection in a certain way, then there is no CMA case.

      The bit where certain devices enable mesh networking automatically (opt-out) is, on the other hand, highly questionable. I wouldn't expect that to pass muster with your local consumer protection authority and/or telecommunications office.

      And yes, if your broadband contract contains a no-sharing clause that might put you at odds with it. However, it can be argued that third-party use of "your" bandwidth is an inevitable and unintended (by you) consequence of your perfectly legitimate wish to use mesh networking to interconnect your own devices. The fact that there is a cap also plays a part here. I state this hesitantly, but it might be that ISPs could challenge Amazon in court in this regard.

      The good thing is that this should provide some legal clarification, and hopefully protection, for other less morally objectionable uses of mesh networking, in particular open architecture, community uses such as The Things Network or the venerable if obscure, Pringles-powered guifi.net.

      (my credentials: studied computer forensics, not an expert but at least I'm familiar with the basics)

      1. johnfbw

        Re: Interesting legality issue in the UK

        you didn't get the email then? This is a very much 'opt-out' situation so there is no consent

        1. SImon Hobson Silver badge

          Re: Interesting legality issue in the UK

          All they need to do is to pop up a notice, get your permission, and then it's legal. Not really much work to do to make it so that updated devices don't enable this until after you next sign into your account, then offer you the ability to enable all these lovely and useful new features (see page 157 of the small print for gory details).

          There could be arguments about whether consent was informed, but IIRC that's not actually a requirement of CMA. GDPR doesn't apply as long as no personal data is involved - or it's sufficiently encrypted as the report makes it sound like it is.

          But as I write that first para, I realise another issue. What about where a device is in one home, but is signed into the account of another person ? That's not all that uncommon - so that, for example, multiple devices can share (e.g.) an Amazon Music account. In that case, someone else could authorise devices to use a network - so very grey legal area there.

          1. Anonymous Coward
            Anonymous Coward

            Re: Interesting legality issue in the UK

            > All they need to do is to pop up a notice, get your permission, and then it's legal

            Not quite.

            > There could be arguments about whether consent was informed

            The argument there is not whether it was informed consent. The argument would be whether your clicking on a button constituted consent at all.

            To illustrate:

            A good case can be made for consent if the pop up notice said “By clicking YES you agree to let Amazon transmit data to and from devices that you do not own via your own internet connection. You can change this at any time in Settings → blah” (default choice is NO).

            A bad case for consent might be “Sed ullamcorper bibendum sem. In ac odio ultrices, condimentum elit non, dapibus ex. Fusce cursus magna at blandit sagittis. In ultricies, risus elementum accumsan faucibus, leo erat rutrum risus, sit amet mattis lorem ligula in est. Nunc dictum enim non sollicitudin vestibulum. Etiam vestibulum dui ante, ac eleifend velit dapibus sed. Integer tincidunt lorem et lorem suscipit, bibendum finibus dui laoreet. Vestibulum venenatis mollis sem nec convallis. Sed porta augue eu ullamcorper mattis. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Orci varius natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Mauris auctor leo a magna mollis, ac iaculis nibh congue. In aliquet vitae est et feugiat. Pellentesque ut libero ligula. Donec nec velit vel ante rhoncus tempor. Integer turpis velit, dignissim non sollicitudin id, ultricies quis augue. Pellentesque consectetur massa nec fringilla blandit. Morbi facilisis tempor commodo. All your data are belong to us. Pellentesque ultrices mauris vel ipsum pretium fermentum. Cras sit amet dui lorem. Phasellus eget felis neque. Suspendisse justo tortor, suscipit vel lacus eu, dapibus tincidunt ligula. Suspendisse facilisis purus quis urna finibus, a tristique enim efficitur. Aenean a sem lacus. Donec in magna vulputate, gravida dui eget, dignissim lorem. Vestibulum pretium diam nec odio viverra suscipit. Pellentesque sagittis cursus libero, ut molestie libero feugiat non. Etiam tincidunt sodales vestibulum. Nulla justo urna, viverra eu iaculis ac, pellentesque ac massa. Proin ornare accumsan eleifend. Morbi ut elit vitae magna elementum efficitur. Etiam interdum facilisis risus, a molestie odio sagittis in. Aliquam et arcu vehicula, dapibus lectus a, elementum mi. Sed vel sapien luctus, rhoncus metus ac, lacinia diam. Donec augue mauris, dignissim eget viverra et, congue at nibh.”

            1. jake Silver badge

              Re: Interesting legality issue in the UK

              Using Lorem Ipsum as an example in this situation is rather silly, don't you think? Unless you can see something resembling actual consent of some kind in there ... Contracts might look like gibberish to the casual reader, but they rarely actually are.

              As always, caveat auditor ...

              1. Anonymous Coward
                Anonymous Coward

                Re: Interesting legality issue in the UK

                > Contracts might look like gibberish to the casual reader, but they rarely actually are.

                I'll let you know when our in-house lawyer stops laughing.

                (btw, if it looks gibberish to the casual reader, and it's a consumer contract, then the requirement for consensus ad idem, or common understanding, cannot be said to exist)

        2. Anonymous Coward
          Anonymous Coward

          Re: Interesting legality issue in the UK

          > you didn't get the email then?

          No. I do not know if not being an Amazon customer or never having seen one of those Ring things in the flesh, let alone possess one, might have been a factor.

    2. MachDiamond Silver badge

      Re: Interesting legality issue in the UK

      "However, although a contract requiring that might not withstand scrutiny, I suspect nobody is going to test this."

      In a battle between Amazon and Government solicitors, who would you put your money on? How much and at what odds will you bet against there being a senior politician making a call to any investigative agency to let it lie? That politician in receipt of large campaign contributions from Amazon in the past and hopefully in the future.

  13. T. F. M. Reader Silver badge

    Let me get it staright

    Let's say I have an old Amazon device and never noticed the mail or neglected to opt-out for whatever reason. And let's say a young guy next door (or even on the other end of the block if a few of the neighbours have Ring doorbells?) issues a voice command to search for the latest IED recipes, and no one knows or can prove (that's what I got from the article) that it was his gizmo that accessed an NSA-monitored ISIS website via my router with NAT, and it looks to the world, to my ISP, and to the Feds that the request came from my public IP address, and a closer inspection of my router shows that the request actually came from my home device, and still no one knows it was actually a bridge, or for whose device it served as a bridge... And my neighbour doesn't even have an Internet connection, and says he has never had any Amazon device, either, so clearly he is beyond any suspicion...

    Nothing can possibly go wrong, can it?

    On the flip side, just get yourself an Amazon device and it's a get-out-of-jail-free card for any crime involving the internet, innit?

    1. Steve K Silver badge

      Re: Let me get it staright

      And let's say a young guy next door ....... issues a voice command to search for the latest IED recipes, and no one knows or can prove

      You have to have an Amazon Account in order to use your Alexa devices, which will have address and credit card details - at least when set up.

      It's not as if Alexa is anonymous-use (that's the whole point, surely....)

      1. John Robson Silver badge

        Re: Let me get it staright

        But the website doesn't know it was accessed by alexa does it, it just knows that it sent resources to your IP.

        I have no idea how much user agent rubbish gets sent...

        1. Steve K Silver badge

          Re: Let me get it staright

          Won't the query be coming from Alexa here (so proxied and hence an AWS IP?) so is not apparent to the site that actually serves the query?

      2. MachDiamond Silver badge

        Re: Let me get it staright

        "You have to have an Amazon Account in order to use your Alexa devices"

        Wellll, there's Google, Siri (Apple) and a few more coming out in the next week. Two years from now when everybody is tired of it, Microsoft will come out with there own version (that they bought for billions and will write off a few years after when it goes nowhere.)

    2. Graham Cobb Silver badge

      Re: Let me get it staright

      I'm not defending Amazon, but this is not actually a worry. The traffic from all the devices goes through an Amazon VPN - the IED info (child porn, ...) will have been sent to an Amazon IP address, not to yours. Amazon will be responsible for receiving the information and will have to answer for where they sent it (which will be to your neighbour's device).

  14. wayneinuk

    DISGUSTING!!!

    I received the email yesterday and spent an hour trying to find a way to opt out on the basis that I have numerous Alexa devices, Firesticks and a Ring Doorbell which I installed around 2 months ago. I would not have purchased any Amazon devices if I knew this was coming and more importantly enabled by default!!!!!!

    The tech in me things WOW, a great idea for low bandwidth devices, however, I suspect 500MB will be a starting point, I suspect it will become Amazon's way of providing a BT FON solution!!!

    I will be turning this feature off and more to the point I'll call Amazon for support to ensure it is turned off for all devices at an account level and to include new purchased (if I bother now to buy any Amazon products/services).

    I suspect there must be a legal barrier in the UK that Amazon has to overcome before the launch here, I did not pick up the fact it was not yet enabled in the UK, I guess that's why I spent so long getting absolutely nowhere to turn it off!!!! Thanks Amazon for wasting my time, I'd send you a bill if I thought I'd have a chance of payment!! My Internet connection is my responsibility and if the UK law was broken through misuse of my connection then I'd be the one potentially arrested and hauled to jail, I guess any potential defense would cost more to prove or highlight my connection was used by someone else and it was not me doing something illegal!!

    It's just not right in my eyes, it should be off by default for all devices and perhaps Amazon should provide an incentive for a customer to turn it on. If it is not simple and more important quick to opt out of for all devices then I'll be turning them all off pending careful replacement!!!!

    I've been a very happy Amazon customer since the start, I'm not happy now!!!

    1. jake Silver badge
      Pint

      We have been warning you that they are untrustworthy for years. Are you going to start listening now?

      That's the collective you, not picking on wayneinuk specifically.

      Have a beer, Wayne.

    2. nematoad Silver badge

      I didn't think that my opinion of Amazon could sink any lower.

      It just has with this little stunt. Amazon seems to have the belief that whatever they decide to do is for your benefit and that you have to accept their benevolence whether you want it or not,

      Demanding that you opt-out of a creepy system that is appropriating your bandwidth? Enrolling you in that bloody Prime con and making it difficult to free yourself from their clammy grasp?

      This is not the behaviour of an ethical company and they should be avoided at all costs.

      Oh, and if anyone can recall, I posted about them signing me up for Prime and my efforts to escape. I am pleased to report that after a call to their customer helpline over another matter it has been confirmed that I am permanently out of their clutches. :-)

      1. Anonymous Coward
        Anonymous Coward

        You forgot their third party market-place, and their seeming indifference to all the scams that go on there.

        Also, their incorrect insistence if something goes wrong with an order routed to "Backwater Company, Someone a million miles away, Some place" that it's not their problem and you need to deal with the third party (for that's what it is) company.

        1. Anonymous Coward
          Anonymous Coward

          > You forgot their third party market-place, and their seeming indifference to all the scams that go on there.

          That is precisely the reason why I am not an Amazon customer.

          1. Anonymous Coward
            Anonymous Coward

            Not that I would buy self-surveillance kit from anyone else, mind.

            Just imagine that it was a, let's say Chinese for the sake of argument, company that sold this kind of tat. Our governments would be up in arms and racing to ban the shit out of it.

            But it's a US company so what do they get? Tax breaks.

      2. MachDiamond Silver badge

        "I didn't think that my opinion of Amazon could sink any lower."

        They have a firm grasp of what will sell and that most people will look at the marketing hype and never spend 8 seconds thinking about the downside.

        Look at all the things that can break on a car now. Useless "features" that cater to the laziness in people or that claim to solve a non-existant problem (unless you regularly drink drive or have vision problems).

    3. Anonymous Coward
      Anonymous Coward

      I agree with your post, so please take this response as a humorous jibe, but boy, did that read like a "Disgusted from Milton Keynes" letter to the Daily Mail! :-)

  15. Fruit and Nutcase Silver badge
    Joke

    TAR

    The OnionAmazon Router

  16. Wolfclaw

    Will never happen in UK, Virgin tried that with their routers and was forced to make it opt-in, due to privacy regulations and the fact, people are paying for private broadband not community !

    1. Mage Silver badge
      Devil

      Eircom aka Eir

      Eircom was doing it in Ireland, contrary to EU and Irish Law, without saying. Setting NOT on the Router but buried in a web page. You had to opt out.

      Virgin is really UPC / Global Media. No idea why they are renting the name for Ireland after fixing the junk they took over from Chorus and to a lesser extent NTL. Spent a fortune rebranding as UPC. They were doing it too.

      Also last time I was in the UK, BT was doing it.

  17. Anonymous Coward
    Anonymous Coward

    and what if this new connection is cracked

    So you spend a lot of time trying to lock down your router, with perhaps Opendns, long passwords, latest firmwares, switch off Upnp and the like - but your new spanking new route has the facility, built in and it gets to the point where its difficult to switch it off - the thought of any wardriver hoping onto my paid for internet (are there any reductions in payments for 'sharing' here ?) and potentially cracking the thin line between your 'internet surfing' and 'their internet surfing is extremely scary - I bet within weeks of this being implemented, there are videos on youtube showing hw you can circumvent the DMZ between this thin line.

    1. Graham Cobb Silver badge

      Re: and what if this new connection is cracked

      Of course I agree that any "opt-out" approach is completely unreasonable and probably illegal. And I do not allow any Amazon devices on my network anyway. But if you are someone who is happy having an Amazon device in your house then I don't think this opens you up in any significant way.

      I presume you have put your Amazon devices on your IoT wifi, with a firewall listing only allowed IP ranges for your IoT gear to access? In that case, the most the wardriver can do is access sites via Amazon's servers and via BLE or LoRa at your end. Amazon are likely to have reasonable (although not perfect) security at their end. And even if the hacker can break through that, BLE has tiny range and LoRa has very, very tiny bandwidth.

      Don't worry too much about it in practice (unless/until they start doing it for wifi, not just BLE and LoRa). Until then. you are much more likely to have your own WiFi encryption broken by the wardriver - they have nothing to gain by using Amazon's mesh.

  18. Spanners Silver badge
    Big Brother

    Spooks won't like it

    If someone gets their dodgy links/content through a mesh network, this will make it harder for criminal organisations like the CIA NSA and FBI to track them.

    Obviously this is (a) A good idea and (b)Going to upset those who feel that laws are a hindrance in keeping track of what the peasants are doing.

    1. Graham Cobb Silver badge

      Re: Spooks won't like it

      Actually, in this particular case, it will make it much easier for the spooks: you don't think Amazon are going to allow devices to access their mesh without knowing exactly who is doing it, do you? (It is also pretty useless - this mesh won't have the banwidth to handle real websites, let alone any interesting content).

      Now, running a real and open mesh with your neighbours - that is a good idea, and one I would buy into.

  19. heyrick Silver badge

    The hell?

    Half a gigabyte a month isn't my definition of sipping.

    And as for this: The maximum bandwidth of a Sidewalk bridge to the Sidewalk server is 80Kbps

    It is perhaps worth pointing out that a lot of people's broadband is highly asymmetrical. I, personally, get 3.5 megabit download, and about 720 kilobit upload. Townies can get around 20 megabits, but their upload is around one megabit, because by and large the majority of data is one way - Netflix to my/their eyeballs.

    Now that 80Kbps is a larger share than trying to compare it to streaming an HD video.

  20. Anonymous Coward
    Anonymous Coward

    Always on service.

    So now even turning off your router will not stop your Amazon tracking data/spy mic recordings being sent back to base?

    Nice.

  21. DaemonProcess
    FAIL

    Facepalm

    As security-conscious as Microsoft were in the 1990s. Never mind the hole straight through your firewall look at this cool sales feature!

  22. Ryc

    Next they will want a cut of my brains bandwidth....and I will have to opt out...

    Here we go again. Another Bezon master plan to control another part of out lives. This is all about controlling the "infrastructure", soon third parties will feel obliged to have their devices "Sidewalk Enabled" and all the terms and conditions will be controlled by the Mega Corp.

    Mummy can I have that new fangled device that wipes my butt...sure son but is it sidewalk enabled.....

    How much more of our lives do we want to hand over.

  23. TheRealRoland
    Unhappy

    MAC filtering / access control?

    So, if my router has access control, allowing only certain specific MAC addresses to connect to the network, would that prevent the devices mooching off my wifi?

    I used to have 7/1 MBits cable internet with a 400GB cap, each 50GB after that would be an addnl $10. Now have 200/200Mbits fiber without a cap, but who knows for how long... Also, who knows for how long kid#2 and gf will stay here, because both lost jobs and had to move out of appartment to come back home and roost... The 7/1 connection simply couldn't take it anymore!

    1. Lee D Silver badge

      Re: MAC filtering / access control?

      No... because the Amazon device you have allowed via MAC filter is presenting out your connection via Bluetooth LE to all the other nearby Amazon devices and passing traffic on their behalf.

      1. TheRealRoland
        Unhappy

        Re: MAC filtering / access control?

        Oh, don't get me wrong - no amazon devices here in this household. But that's some nefarious shit, if that's how it works...

  24. Mage Silver badge
    Flame

    Absolutely EVIL

    "nearby Amazon gadgets, regardless of who owns them, can automatically organize themselves into their own private wireless network mesh, communicating primarily using Bluetooth Low Energy over short distances, and 900MHz LoRa over longer ranges."

    The comms method is irrelevant. It's Corporate theft.

    1. jake Silver badge

      Re: Absolutely EVIL

      Here in the United States it will very probably be called Theft by Conversion, once the inevitable class action hits the courts. Or so the lawyer brother of mine suggests.

      That would be "taking with the intent of exercising over the chattel an ownership inconsistent with the real owner's right of possession" (per the always suspect Wiki).

  25. Aitor 1 Silver badge

    Extreme porn.

    So, if my neighbour does searches of extreme porn etc, my ip will be associated with illegal content searches... good plan...

  26. Mr. Skeezix

    Hoops and Hurdles

    I tried to follow the directions in the email I recieved to disable Sidewalk. I found it already disabled. I'm sure that means at some future point once I've forgotten about this it will be silently activated. Wonderful. Just great. :)

    1. FlamingDeath Silver badge

      Re: Hoops and Hurdles

      You signed up to a service

      Not a device, the device is the platform to the service, which you signed up for

      Now watch as the floor beneath you moves and changes form.

      Do you now understand what it is you signed up for?

  27. Uplink

    Imagined in a court of law

    "It wasn't rape your honour. She didn't say yes, but she didn't opt out prior to the event in question, so it wasn't an explicit no either"

    Headline: Dude walks away after justifying non-consensual sex act using consumer marketing law. Mass opt-out from women across the country. Congress considering law to make opting out harder.

    Breaking news: Dude from previous story found dead, apparently because he didn't opt out of being murdered. Apparently his balls were cut off and he bled to death. Blunt pair of scissors found nearby. Testicles still missing. Here's a picture of them. If you see them, call the police immediately.

    1. FlamingDeath Silver badge

      Re: Imagined in a court of law

      I think this may have already happened

      Amber Heard?

  28. FlamingDeath Silver badge

    Road map

    While the end user maybe surprised about these things, the people working on it are not as surprised, as its part of their roadmap, to which you and I are not privy too

    My honest opinion of this, if you’re stupid enough to own one or allow one into your home, then stupid is as stupid does

    I saw the other day, Amazon Echo being sold for £4

    With prices like that you have to wonder what their real business model is.

    1. Anonymous Coward
      Anonymous Coward

      Re: Road map

      You assume it's a simple either/or. Sometimes it comes down to (to paraphrase) "I'm having one of those*, if you don't like it you move out". So it was a case of engineering the network to give it zero access to anything else on the network.

      I think a lot of people will recognise the "SWMBO doesn't have the same priorities as us" problem.

      * In this case, Echo Dot.

      Anon, because, well ... I don't want to be found dead beside a pair of blunt scissors !

  29. Anonymous Coward
    Anonymous Coward

    TITSUP but not on el reg?

    No news about their TITSUP today that's been going on for hours?

    1. TheRealRoland
      Trollface

      Re: TITSUP but not on el reg?

      "What are they hiding?"

  30. kpanchev

    Free lunch?

    I have been mildly entertained by people complaining about providers using their "this, that or the other" in order to make profit, but the same people not complaining about the free or heavily discounted services they receive... For all of them, I have this to say: There is no such thing as free lunch! If you don't want to get burnt, don't play with fire!

    So Amazon uses some of your bandwidth to form a private mesh network... SO WHAT? If you don't like it, don't buy an Amazon device!

    And if you think that in this current day and age you are NOT monitored constantly, then think again... Whoever wants to monitor you or spy on you will not need an Amazon device or a mesh network, there are way more easier ways to do this...

    So get real, stop wining and live your lives.

    1. Ken Moorhouse Silver badge

      Re: stop wining

      Free lunch, without wine?!

    2. Anonymous Coward
      Anonymous Coward

      Re: Free lunch?

      @kpanchev

      *

      OK....I get it!!!

      *

      But the point is THAT SOMEONE WITH NO AMAZON EQUIPMENT JUST A WIFI ROUTER is having their account abused without their knowledge.....courtesy of Amazon.

      *

      This may be happening anyway (to your point).....but Amazon is making much easier and potentially more pervasive.

      *

      Can I get on with my life now?

    3. wayneinuk

      Re: Free lunch?

      I bought all my Amazon devices prior to them "informing" me that they are going to "by default opt me into sharing my bandwidth/services I pay for" - I'm just saying "by default it should be OFF i.e. does not affect me" since that was the situation when I decided to buy the devices I have. All's all and if I wanted to opt in I can, so long as it is me and not Amazon opting me in!

    4. MachDiamond Silver badge

      Re: Free lunch?

      " have this to say: There is no such thing as free lunch!"

      More properly it's "There ain't no such thing as a free lunch" or TAANSTAAFL

  31. Slx

    Stop buying your home security from data miners! It's as simple as that.

    If it's free or unusually cheap, you're the product.

    1. MachDiamond Silver badge

      "If it's free or unusually cheap, you're the product."

      Even if it's horrifically expensive you may be the product.

      If you opt out of the Tesla telematics when you buy one of their cars they say they won't snoop on you, but you also don't get any of the best features. The same thing might happen with other makers too, but they don't get reported on as much.

  32. RLWatkins

    This brings back old memories.

    I set up a laptop for a friend maybe fifteen, eighteen years ago. On it they wanted the AOL client.

    I asked, "How do you connect to the Internet here?"

    She replied, "I don't know. It just worked."

    I asked, "Where is the box they installed when you signed up for Internet access here?"

    She replied, "We didn't do that."

    At this point I'm baffled, ask for their old computer, start digging. It turns out that AOL had included what amounted to war-driving software on their setup disc. It had found her next-door neighbor's wireless access point, cracked it, and connected by stealing their bandwidth.

    So none of this surprises me. The moral compass of people who run large companies amounts to this: "It's OK to do this because it's what we want to do." God help us all.

  33. Ken Moorhouse Silver badge

    Security Question

    Would it be possible to introduce a device into the mesh which was engineered to "sink" all traffic?

    Advertise itself as the lowest cost route for all peers and then "black-hole" all traffic.

    A great device for an intruder to carry around with them.

  34. Jean Le PHARMACIEN

    I'm out...

    I am just in the process of ripping out my (2) Ring devices due to poor performance (wrt notification speed/timeliness) and installing a home hosted server/camera system. Home internet is a 50/13 mbs upload/download link which according to my SamKnows box is unbelievably robust.

    Reading this, I think I am making a *good* decision - sadly I know how to build a NVR system in under an hour but most people will take the "plug'n'play" option Amazon (Google/ANother) offer.

    Be afraid/worried...

  35. Anonymous Coward
    Anonymous Coward

    Yes....disgusting.....but.....

    .....how does the Amazon mesh network connect to my WiFi router when there's a sixteen long password needed to get a connection?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021