back to article Deadline draws near to avoid auto-joining Amazon's mesh network Sidewalk

Owners of Amazon Echo assistants and Ring doorbells have until June 8 to avoid automatically opting into Sidewalk, the internet giant's mesh network that taps into people's broadband and may prove to be a privacy nightmare. The idea is that if, for instance, your internet connection goes down or is interrupted, your Amazon …

  1. Henry Wertz 1 Gold badge

    fun!

    it's going to be fun to find out how to tap into this and get a few GBs of free internet off various rings'n'things.

    1. Woodnag Silver badge

      Tapping in

      Once established, you can be sure that Amazon will license access to the mesh. Your telly will phone home via your neighbour's neighbour.

      1. ThatOne Silver badge
        Facepalm

        Re: Tapping in

        Definitely. And that will be the end of being able to control what gets to access Internet (and which part of it). All your IoT gadgets will be able to phone home with your information, and get fresh ads to throw at you...

      2. iron Silver badge

        Re: Tapping in

        No it won't. A TV should be a dumb screen and I refuse to buy a "smart" TV. If I eventually do have to buy a TV that includes such circuitry I will remove it.

        1. Charles 9 Silver badge

          Re: Tapping in

          Good luck. You'll probably brick the TV and void the warranty on tampering grounds.

    2. martinusher Silver badge

      Re: fun!

      Its rather low bandwidth so grabbing "a few GByte of free data" might take some time.

    3. Snake Silver badge

      Re: Update

      As an update I have already filed a complaint with my state's Attorney General over Amazon Sidewalk's [eventual, once activated] theft of services. I will be contacting Amazon directly to notify them of their infractions, the fact that I have made an official complaint, and I may consider contacting my attorney to file an injunction against Amazon.

      1. tim292stro

        Re: Update

        It would be good to talk to your ISP also - I'm pretty sure I saw a clause in the Terms-of-Service with Comcast prohibiting me from sub-leasing my internet access, for example to a third party to provide internet access to parties not physically located at my premises. The exact type of "service" Amazon wants to hijack end-user internet connections for to create its own private internet access service for.

        I'll bet every Amazon product user who gets their internet hijacked by Amazon will unwittingly be in violation of their ToS as soon as Amazon turns Sidewalk on...

        1. Charles 9 Silver badge

          Re: Update

          Amazon's out will be that they're not PAYING for it. Otherwise, a family using one plan would be subleasing between the actual subscriber and the other residents or family members.

  2. Jamesit

    "Owners of Amazon Echo assistants and Ring doorbells have until June 8 to avoid automatically opting into Sidewalk, the internet giant's mesh network that taps into people's broadband and may prove to be a privacy nightmare."

    It will be a privacy nightmare. We need regulation for things like this.

    1. scrubber

      Regulation? Be careful what you wish for...

      Bezos' army of lobbyists are already pushing to make it illegal to click the opt out button.

  3. ShadowSystems

    I wonder if...

    Is it possible to make a clear plastic Faraday sheath that can be worn over one's normal attire, water & wind proof against the weather, that would allow you to essentially become a mobile EMF void. No signals in, no signals out, so if anything on your person is thusly broadcasting, the sheath stops the signal dead. Put a breast pocket with button flap on the outside large enough to fit even a largish cellphone, that way you can still leave your device able to connect to the cell/wifi networks, otherwise just drop it in your bag or trouser pocket inside the sheath to prevent it from communicating until & unless you give it the ability to do so.

    Is there a non-interactive way to force a cellphone to switch to airplane mode? Slip the thing inside the sheath & it auto-switches to taking a nap until you wake it up to actually use it.

    Or am I just enjoying another fantasy of thwarting Big Brother again? *Sigh*

    1. razorfishsl

      Re: I wonder if...

      it is very very hard at higher frequencies.

      at about 1GHZ it's close to 1cm for a wave length.

      the issue is that anything more than a 1CM gap allows higher frequencies in.

      so air holes are out....

      Generally metalised plastics do very well....

      be 100% clear that unless your phone is "off" you are not off.

      also "off" is not a physical state, it is a computer coded state that operates some mode inside the phone.

      and as such can easily be bypasses to be "on".

      the only real way is to remove the phone battery...... but strangely that's not an option any more......

      1. Brian Scott

        Re: I wonder if...

        Off by factor of ten issue here. At 1GHz the wavelength is 30cm.

        1cm wavelength would be 30GHz.

        All assuming the speed of light to be 3E8 m/s (300,000,000). YMMV.

      2. JWLong Bronze badge

        Re: I wonder if...

        It's easy to stop all these items from doing as they please.

        Take all your do-dads like your phone and other OIT shit and put it in your microwave oven for 3-4 minutes.

        Had anyone notice that there isn't a microwave oven that wants to phone home being sold. And I haven't heard of one being offered with a network port yet.

        I got an idea, just don't buy any of this crap, problem solved.

        1. Charles 9 Silver badge

          Re: I wonder if...

          And what's to stop your friends from bringing theirs in without your knowledge? And who complain about your poor signal quality if you try to cage your place?

    2. doublelayer Silver badge

      Re: I wonder if...

      Well, sort of but why would you do that? If you're worried about a specific device broadcasting, then you can put it into a more convenient shielded thing. If you're worried about a device you don't know about, then it's probably not on your person, but instead in something that goes around with you such as a bag or a vehicle. A bag which blocks signals is likely more useful than trying to make clothing for the purpose.

    3. Chris G Silver badge

      Re: I wonder if...

      Turn off bluetooth when not using it, use a firewall on your phone,secure your router and treat Amazonlike the pariah it is.

      The same goes for zuckerborg products and anything else that is uninvited.

    4. David 132 Silver badge
      Happy

      Re: I wonder if...

      Finally! An excuse to wear my Pac-a-Mac in public without looking like a complete dweeb!

      And the tartan Thermos flask is for, uh... blockchain! And the black rubber nerd-strap around my glasses is... hmmm.... it blocks 5G, yeah, that's it...

  4. razorfishsl

    Yep but most of this shit is going to backfire spectacularly.....

    WE were doing "Bag tracking" devices exactly the same as the apple "tile" credit card sized crap

    it's an off the shelf product.

    but then the Samsung .... let's burn the phones fiasco started & airlines banned the tech.

    so all the bag tags with lithium batteries was banned, and now they are trying to re-introduce the tech.

  5. Anonymous Coward
    Anonymous Coward

    Long game

    So that’s why they want people to install those “smart speaker” things.

    1984 eat your heart out.

    Doubleplusgood

    1. Pete B

      Re: Long game

      "Doubleplusgood" - you missed the "un"

  6. redpawn Silver badge

    Hey Alexa,

    Buy me a doll house!

  7. Marki Mark
    Mushroom

    For Kids?

    Echo Dot for Kids

    It worries me so much that this sort of thing exists...

    1. ThatOne Silver badge
      Big Brother

      Re: For Kids?

      You have to get them used to it as soon as possible, so when they grow up they can't even imagine a life without their preciousss... It's all about breeding a whole generation of captive clients users addicts.

  8. YetAnotherJoeBlow Bronze badge

    If this was my idea...

    I would put it on github and offer 10K for each 0-day or info disclosure found.

    As such, security barely got a mention. It is an awkward grab of consumer data made by an envious and vain corporation.

    Might this be one reason why Bezos stepped away so when this blows up, not to sully his reputation - if that is even possible.

    This is really problematic. Who thought this up?

    1. Blazde Silver badge
      Joke

      Re: If this was my idea...

      Security is "foundational to the design" and there's "three layers of encryption". I highly doubt anything will go wrong.

      1. Claptrap314 Silver badge

        Re: If this was my idea...

        And seven firewalls. Never forget the seven firewalls.

        1. Blazde Silver badge
          Flame

          Re: If this was my idea...

          "The Ring Of Fire doorbell is equipped with seven firewalls. That's one for each of the five advertised wireless protocols you can attack it over, one for the unpublished remote Amazon-telemetry protocol, and one physical butane burner which can be configured to protect the bell's push button itself from pre-identified individuals in the facial database as well as general classes of undesirable such as chuggers, preachers, and sellers of rival doorbells."

    2. JWLong Bronze badge

      Re: If this was my idea...

      This is really problematic. Who thought this up?

      APPLE

  9. Androgynous Cupboard Silver badge

    Overblown

    Much as I loathe Amazon, we’ve been sending our traffic over other peoples network kit since the internet began. In terms of security threat, it’s already solved by TLS.

    The better argument against it is bandwidth, but that’s going to depend on your net connection. I suspect the number they mention are negligible for most

    Finally doesn’t apple’s Find my device do the same thing? As does lorawan and so on? Much lower bandwidth of course, but it makes it harder to object to the principle

    1. Version 1.0 Silver badge

      Re: Overblown

      "the data used up by Amazon Sidewalk will be capped at 500MB a month" ... think how much you would save if you turn off your Android "automatic updates" feature ... way more than 500Mb a week.

    2. Arthur 1

      Re: Overblown

      You don't have any ISP safe harbour provisions protecting traffic that passes through your router. It's assumed to all originate with you. When the police show up asking who has been posting IED making instructions or photos of little kids from your home, good luck convincing them the Echo dun it.

      1. Woodnag Silver badge

        Deniability

        With this mesh, traffic through your router to your ISP now includes totally unknown encrypted traffic that you have no control over.

        So actually LE suddenly lose the probable cause argument, and would have to inspect logs to determine what and where.

        So... what Amazon may have to do is be able to turn off mesh activity for multiple node on police order, to isolate the traffic for a while as being just those households. Doesn't seem practical, and legally a fishing expedition.

      2. Androgynous Cupboard Silver badge

        Re: Overblown

        > You don't have any ISP safe harbour provisions protecting traffic that passes through your router. It's assumed to all originate with you.

        First, that's a huge, untested assumption, and even if it is true for the general case, the endpoint here is - by definition - Amazons servers, where it will necessarily be arriving tagged with details about which device generated it.

        > good luck convincing them the Echo dun it.

        To repeat: it's literally encrypted until it arrives at Amazons server, tagged with the device that generated it.

        > posting IED making instructions

        How? By holding pictures of them up in front of the doorbell?

        I really don't think you've thought the specifics of this proposal through. I know it's fun to wave our hands in the air and shout over my dead body, but it's still just noise.

    3. doublelayer Silver badge

      Re: Overblown

      Most of this is disputable or wrong.

      "we’ve been sending our traffic over other peoples network kit since the internet began. In terms of security threat, it’s already solved by TLS."

      No, that's not how this works. The threat is not the security of our data. The threat is the pathway to a potential attack. If someone can use the sidewalk system to access a device on my network, they could use it to gain information about my network and other devices on it. While we have been using others' equipment to send our traffic, we typically don't allow unknown devices to use our equipment.

      "Finally doesn’t apple’s Find my device do the same thing?"

      No. It doesn't. It uses the network information already known by the device, which works pretty well because a lot of them have cellular radios and have connected to WiFi before. It does not have a secret tunnel through others' devices.

      "As does lorawan"

      LoRa? No, that doesn't either. That's a radio protocol which doesn't even connect to the internet. If you want to bridge the LoRa network you've set up to the internet, you need the equipment which does it. Or someone might (might) have one already and agree that you can use it, but that's like asking your neighbor to let you use their WiFi. It is not required for the system and not expected by it either.

      1. Androgynous Cupboard Silver badge

        Re: Overblown

        > No, that's not how this works. The threat is not the security of our data. The threat is the pathway to a potential attack. If someone can use the sidewalk system to access a device on my network, they could use it to gain information about my network and other devices on it.

        OK, so your concern is: you have Amazon kit, it's set to relay from other devices. So traffic will route over it, and some undiscovered flaw in the router may allow it to attack your local network. Which is reasonable, and you're correct it would be an attack vector that doesn't exist now. Of course a wireless AP is already attackable by anyone within range, and attacks have been made on WEP/WPA etc. However this brings the network stack into that realm too, giving an attacker a "bridgehead" if you like. If that's your point then sure, I'll accept that.

        Not plan Lora, LoraWan. Gateways typically receive and forward packets from unknown sources, which is what everyone seems to be up in arms about.

  10. Twanky

    Opting in

    Owners of Amazon Echo assistants and Ring doorbells have until June 8 to avoid automatically opting into Sidewalk

    Mostly won't happen. The people who have this sort of kit want it to connect and be as useful to them as possible. The idea that their 'smart' speaker or whatever might fall off the network if PlusNet (other ISPs are more available) has a hiccup is abhorrent to them.

    When some bastard screws them over by inventive use of these features their response will not be to blame Amazon or tighten their own security but to want a new law to stop people doing 'This Sort of Thing'.

    (Side note: I was *very* pleased that a relative had the good manners to turn off her Echo device when I visited her recently.)

    1. Anonymous Coward
      Anonymous Coward

      Re: Opting in

      "(Side note: I was *very* pleased that a relative had the good manners to turn off her Echo device when I visited her recently.)"

      There's an xkcd that shows how to make sure you always get that treatment. Just walk in the front door and clearly say: "Alexa, buy fifty gallons of creamed corn... Alexa, confirm purchase."

      Substitute KY jelly, mayonnaise, or chicken blood as (in)appropriate.

  11. Admiral Grace Hopper
    Big Brother

    Bell Ringing

    While visiting my Mother she had a chat with the police officer who had come to investigate the burglary that had happened to her next door neighbour. The police man was trying to get her to buy a Ring doorbell.

    "S, what's a Ring doorbell".

    "Mum, it's state surveillance privately funded"

    At this point the policeman nodded vigorously and said, "Yes! We want everyone to install it".

  12. WonkoTheSane
    Facepalm

    Is this USA only (for now)?

    I can't find any reference to this on my Alexa or Ring phone apps.

    EDIT:- This "service" is indeed USA only. BBC link

    1. Twanky

      Re: Is this USA only (for now)?

      They'll have to name it 'Pavement' here in Blighty

      1. TimMaher Silver badge
        Pint

        Pavement

        Bummer! Beat me to it.

        Have an imperial pint.———->

    2. ScottV

      Re: Is this USA only (for now)?

      I can't find this setting on my UK Alexa either. This story is very misleading. The US is not the world you know, it's just one small part of it!

  13. LDS Silver badge
    Facepalm

    "a stalker can abuse it to stalk people better"

    No, they won't abuse it because the system is built exactly for that. That's "stalking by design" - although Amazon wish it only could stalk its users - but obviously it won't be able to ensure it.

    Have to call Shenzen to start mass producing "Tiles" in some cute and/or innocuous-looking shapes... "hey, girl, attach this cute soft and fluffy cat toy to your bag....", "look wife, I got you this 'Prada' (he he) wallet for your birthday...."

    Those working at Amazon & C. are now utterly unable to understand what they are putting on the market - they can see only the $$$$$$ they hope to gain if they can gather more user data.

    1. ThatOne Silver badge

      Re: "a stalker can abuse it to stalk people better"

      > Those working at Amazon & C. are now utterly unable to understand what they are putting on the market

      You're kidding? You said yourself there is a huge market in stalking!

      1. PRR
        Thumb Down

        Re: "a stalker can abuse it to stalk people better"

        > if.., your internet connection goes down.., your Amazon smart home devices will .... wirelessly connecting to neighbors' ...gadgets and using their internet connection instead.

        Urbanites. Up here in the woods of Maine I can hardly 'see' my one neighbor's WiFi router, 150 meters away through dense brush. It reads as barely 1 bar, and I have never connected. And the idea that Spectrum could issue new Wi-Fi boxes (potentially with longer reach) is absurd (I had to keep calling to get a Wi-Fi which worked across the house).

        Yes, in-town I have seen places with a dozen or more Wi-Fi points visible. I feel sorry for those folks.

        I do agree that several mega-corps have confused and confounded "find my keys" with "find my victim". And that happens so often out here that the newspaper has boilerplate advice for victims of abuse.

        1. ThatOne Silver badge

          Re: "a stalker can abuse it to stalk people better"

          > Urbanites

          They make up a vast majority of Humanity though. That some like you are more fortunate doesn't change the problem.

    2. Anonymous Coward
      Anonymous Coward

      Re: "a stalker can abuse it to stalk people better"

      As someone who recently worked at Amazon helping to develop products, I can assure you that you are 100% correct. Their management, and especially product management, have been so diluted with bad hiring and incompetent policies while being put under pressure that contains so many perverse incentives that I'm shocked the company hasn't imploded yet.

      It's become the picture of what Jeff used to call a 'day 2' company. Zero surprise he and his clique all got worried by what they saw around them and bailed, most of the good people throughout the organization are as well/were doing so throughout last year.

  14. VTAMguy

    No thanks, not a bit of it

    No thanks to all of this - no Rings, no Echos, no Dots, no Kindles, no flying cameras in my bedroom, no using my bandwidth for unknown purposes. I buy a few things from Amazon once in a whle, and I watch some of their movies and that's what the extent of our relationship will be, no more. Although I do get a warm feeling in my heart when I see videos of Ring doorbells being ripped off the wall with a crowbar by people in masks. Your cloud don't help you much there, eh? My $5 doorbell (lighted!) has never once been the victim of a crime. Perhaps the Amazon Ring could get an upgrade to send out warnings when this happens, and an Amazon drone can swoop in and attack, or the Dot could automatically re-order ammunition and a replacement Ring, this time with extra heavy-duty screws. Absurdness from a company that cares about nothing at all about anyone or anything except for themselves and making money. The fact that opting out is required demonstrates quite clearly where their priorities lie.

    1. Snake Silver badge

      Re: No thanks, not a bit of it

      Well, I bought into Ring before Amazon bought the company out.

      I am seriously considering ripping it all out and going with a independent solution. But, when thoughtfully considered, the large majority of independent home surveillance equipment is either build in, or marketed by, Chinese companies, a government that doesn't exactly care about the idea of "personal privacy".

      You may be damned if you do, damned if you don't.

      Regardless, I do not believe that Sidewalk will be of a concern for me, as my property is over a hectare and I only have one neighbor.

      1. tim292stro

        Re: No thanks, not a bit of it

        RPi Zero W (https://www.adafruit.com/product/3400), CSI-2 cable (https://www.adafruit.com/product/3157), and a CSI-2 wide angle camera (https://www.seeedstudio.com/Raspberry-Pi-Wide-Angle-Camera-Module.html), powered from the hardwired doorbell circuit using a 48V DC power supply instead of the standard 120VAC-to-12VAC transformer (https://www.digikey.com/en/products/detail/mean-well-usa-inc/MPM-30-48ST/7707313), and a little point-of load step down regulator at the RPi (https://www.digikey.com/en/products/detail/analog-devices-inc/LTM4653EY-PBF/8572272).

        With this Bill-of-Materials, you can replace a Ring Pro Doorbell - and you will have power of the whole software stack you elect to implement.

        1. tim292stro

          Re: No thanks, not a bit of it

          Or, replace RPi in above with one of many ESP32-Cam solutions... Point is, this here cat can be skinned many ways, no reason to let Amazon/Ring have your data.

  15. heyrick Silver badge

    "there is bound to be at least one bug or overlooked shortcoming that will affect someone somewhere"

    Just need to wait until somebody cracks the protocol used and then people can happily download "forbidden content" (bring your own subtext) on somebody else's connection.

    There needs to be legislation to the effect of "only devices that the bill payer authorises is permitted to use their connection", to prevent companies sneaking in shit like this.

    1. Charles 9 Silver badge

      Then the sneaks will disguise their devices as belonging to other people. It's cat and mouse.

      As for cyberstalking, whatever happened to burner phones concealed in the car?

    2. JWLong Bronze badge

      legislation

      The TLA's won't allow legislation like that.

  16. Arthur 1

    Two Things

    1) This is a great opportunity for anyone selling 900MHz jammers. The LoRa will be the backbone of actually talking to your neighbours for most people considering that Bluetooth has trouble linking two rooms in the same house. A fairly low power simple oscillator and antenna will get the job done I suspect. Easy to do and very cheap.

    2) I like the Amazon devices for their convenience, but it looks like I'm going to have to move them to a separate wifi network and lock down its internet access to just their primary back end server and nothing else. I would recommend others take a similar approach if keeping these.

  17. martinusher Silver badge

    Nothing to see here, folks

    Coverage of this 'issue' has been overwhelmingly negative but its all based on an outdated notion of data devices. To a large extent we're still mentally stuck in the telephone age, back where a subscriber had a dedicated link and bought time/data on that link as needed. This notion went away with wireless but people still had this mental model, they thought in terms of exclusive channels and were much put out to discover that their WiFi kit was communicating with anything within range, in fact it seems that most people still haven't grasped the notion of shared spectrum, they still think in terms of radios that need tuning like the ones that they grew up with.

    Sidewalk appears to be just a fallback mesh network, a backup for when the main external connection fails. We have come to rely on our data connections but as many people have learned to their cost the entire system -- ISPs, cell providers and so on -- is just not as reliable as the old-fashioned POTS used to be. We've had outages in the last year that have lasted a day or more, outages where we've had to rely on spotty (and now completely overloaded) cell service. Since we're now relying on an unreliable data connection to defend our property and person and, increasingly, to monitor our well being having a fundamentally unreliable system at its core is making a nonsense of the provisioning of those services. This has to be addressed. Its not just security that's important, either -- as we age we are starting to rely on Internet connected devices to monitor our well being (Amazon, for example, is piloting a program which uses Echo devices to monitor aged relatives, the system notifying designated contacts if it detects a problem.)(No, its not the Evil Empire striking again -- its a logical use for voice assistants; anyway, think about it -- if you're housebound then you're going to need to get most of your stuff delivered to you.....)

    1. heyrick Silver badge

      Re: Nothing to see here, folks

      I haven't downvoted you, but I suspect others have because we live in a world where the powers that be consider it acceptable to tie an IP address to a person when it suits them, and along come a device that would appear to be happy to opt you in to sharing your connection with "whatever".

      I get that Amazon wants to have a more stable and reliable connection to the mothership, as it makes news on this very site when smart gadgets fall over and cease working because they aren't even remotely smart and seem incapable of working without being constantly told what to do.

      But, you know, my internet is that there for provisioning their service. Aak for permission first, and be prepared to provide incentives. Otherwise FO.

      Another way to look at it - if Amazon is successful in doing this, who else might look to using the connectivity that you pay for as part of their service? When will it end?

      And as mentioned at the very start, your IP address is you. You are responsible for what happens with your connection. The buck stops with you. That alone should be sufficient motivation to not want to share your connection with complete strangers.

    2. batfink Silver badge

      Re: Nothing to see here, folks

      Er, no. The notion that a subscriber has a link hasn't gone away with Wi-Fi. I still subscribe to, and pay for, the backhaul link, just like in the Good Old Days when it was just voice. The fact that we've now added a data device at the edge doesn't make any difference to the underlying arrangement.

      I'm fortunate enough to be on an unlimited plan, but I can imagine this mightn't be popular with those on a metered plan.

      What's the Ring model here? They're saying that the traffic would be low. What about that nice video traffic? So, could I, say, set up a Ring doorbell, then ban it from my network, so it just uses my neighbour's link?

  18. Anonymous Coward
    Anonymous Coward

    Brave new world

    The more it “advances” the more I want to get off.

    I value memories of my childhood in the 60s when the TV test pattern was the most technical thing in your life.

  19. Morphology

    US Only at present?

    Am I right in thinking this is only being rolled out in the US to begin with?

    If so, could the article be updated to make that clear? I'm in the UK, and my partner has just wasted 5 minutes poking around in the Alexa app looking for how to opt out of sidewalk.

  20. wayneinuk

    Checked my Alexa App and no sign of it in the UK "yet"!! I think there are a few barriers they'll have to overcome before it can be used here anyhow, hopefully!!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021