Added to my list for the next time I'm on the phone with my parents, for our (weekly at this point) how-to sessions on "stopping the industry I work in from spying on you". I really, really wish product managers would understand the kind of ecosystem they're building, and the kind of customer blow-back they will enable by optimizing for $$$ under the guise of "making things easier".
Side question: what problem does Amazon thinks this solves? Bad connectivity experiences for Ring users?
Edit: changed the link to a better guide linked elsewhere in the thread
Missed a step in that opt-out how-to: 1. Install Alexa App on phone.
Why can't I disable this 'account setting' from the Amazon web portal. Plus, if I mistrust Amazon's repurposing of devices, why would I want an Alexa app installed to potentially repurpose my phone? Funnily enough, Sidewalk was just one of 3 surprising anti-security/anti-privacy settings available only in the app.
"Why would I want an Alexa app installed to potentially repurpose my phone?"
You wouldn't. However if you were ambivalent and did not care one way or the other, or unaware of the change, then of course you would not bother to opt-out. This is no doubt Amazon's strategy. And when you opt-out you are forced to install an app that may well have worse consequences than Sidewalk.
This strategy, so often used by "tech" companies, seems to take inspiration from direct mail.1 I have a well-educated friend who, many years ago, found himself working for a direct mail company early in his career. He did not stay long. The people he worked for sounded like dregs, and I think he had a crisis of conscience. Today, ethical standards seem to have fallen. Interesting how the word "hustle", as in "side hustle", has been repurposed by young people as something supposedly respectable. Usually that word implies some sort of con or other underhanded activity.2
> "side hustle", has been repurposed by young people as something supposedly respectable
I think it's more redefined as something necessary, as the number of good jobs for young people have been on a continuous downward trend for decades all over the world.
"extend the low-bandwidth working range of devices to help find pets or valuables with Tile trackers, and help devices stay online even if they are outside the range of their home wifi"
Seems like a genuine customer problem. If you want to set up smart lights through your back yard, or a smart sensor at the edge of your driver, they might not have WiFi connectivity to the rest of your house.
Hence the Sidewalk metaphor - a mesh network allows the devices to hop access from one another.
> Seems like a genuine customer problem. If you want to set up smart lights through your back yard, or a smart sensor at the edge of your driver, they might not have WiFi connectivity to the rest of your house.
That sounds like a "you" problem, not a "me" problem. If "you" are setting up smart devices where "you" don't have connectivity, "you" should provide the connectivity, not "me".
(Note: I don't have a problem with devices piggy backing on/extending their owner's network).
TFA mentions possible issues with FTC and TOS violations with customers' ISPs. But what about overages? Who's liable for those? Is there going to be a metered breakdown of network usage? Will AMZN cover costs of overages due to neighbor usage? What about potential liability issues? Infosec issues?
This just sounds like a too easy setup for a class action lawsuit.
I agree. And what, you're gonna rely on some neighbor's AMZN device proxying the internet for you? I hope the availability of that "smart" sensor or whatever isn't too important.
It’s not an Internet proxy. There is so much misinformation about this it’s nuts. It’s a network to talk to AWS IoT API. It’s not giving random devices access to your network.
Am I misunderstanding? Some device belonging to property X uses the internet connection of property Y to connect to the internet to talk to AWS. Isn't that what's happening? Or is there some kind of VPN being used here?
The apple airtag devices do the same thing. They can get online via any apple device. Not sure if that applies to other FindMy devices though. I hope it does =)
Airtags don’t “get online.” Apple devices take note of the Airtag’s identifying characteristics (I don’t know how this is defined) and report back to Apple having been in proximity to them. They are “dumb” with respect to the internet. Just Bluetooth beacons.
Apple sells this as a feature on new phones (which people implicitly associate as a communications device). Lights and doorbells are supposed to be dumb devices, not network gateways for the general public.
It would be like Ford announcing that they had been putting USB ports in the bumper of every car for the last 5 years, and starting today you can walk up to any random persons car and charge your phone.
So you're saying the doorbell that uses machine learning to detect people and objects and the send me videos of them is a dumb device? I'd love to see a smart one!
This is the crux of the issue. I have spent a lot of my adult life in places that would horrify the average westerner. The root of the problem in recognizing what could go wrong with this stuff, is never having been exposed to a jurisdiction of political power which is run by murderous psychopaths outside a rule of law that benefits anyone but the psychopaths. Of course "authorities" will always continue to push boundaries and seek to embiggen the largesse of their power, but we in the developed world are so lucky! Most of us here on HN have won some sort of cosmic lottery with odds more infinitesimal than any other lottery that could ever exist. But an unfortunate side effect of never having been exposed to the various hazards of human civilization that almost every other human before us has endured, is not having built up any "ideological antibodies" against these sorts of things.
I've seen comments on Youtube that seemed shocked that Youtube could trace comments to an IP address! We are deep in it now, approaching a point where the barrier to entry to understand how the technology functions is too much even for capable specialists to fully comprehend the rampant abuse happening at this very moment. How often do we as technical people find out about some new god damned thing some god damned tech company is doing to steal our data or otherwise exploit us as "customers"? And even people who are technically capable of grasping the depth of the power of this technology are still busy hammering away on their keyboards to make it more powerful, having never had to worry about violent psychopaths with political power. We are creating a truly terrifying nightmare of brutal suffering for our grandchildren or their children.
Some people would argue it already is in the wrong hands. Without any conspiracy theory required, it is controlled by a tiny, wealthy elite with power and connections to manipulate our political discourse and ensure their new power is not scrutinised.
"You can help me, I can help you". My smart lights work where I don't have connectivity, but you do, and your tile tracker works where you don't have connectivity, but I do.
It's really quite similar to Apple's Find My network.
I just wish this was going to some open collective where everyone could benefit, rather than just Amazon customers...
Helium is exactly what you describe. People deploy APs that provide coverage and in turn get fractions of pennies for transferring data from random peoples devices.
I've seen this and it looks interesting. A true offline mesh large-scale network would probably not be feasible, so some kind of authority would be required. And crypto does seem to work for that to keep it decentralized, but I'm not sure I like their implementation. I've got a few LoRa radio kits and Raspberry Pis, but am not allowed to setup my own node. Rather I have to purchase one from them.
I think the real value is for the devices that can move, such as that Tile. You have practical way of ensuring they don't move into a dead spot, and for trackers no way to ensure they don't go beyond range.
Every time this Sidewalk concern style story crops up (which it has several times over the last 6-12 months), I have rechecked that Sidewalk is disabled. So far I have not found it set to anything except for disabled. I hope Amazon isn’t doing a gradual roll out to enable, as if I find it enabled at any point in the future, I am done with Amazon devices in my home.
As far as I’m concerned based on Amazon Logistics performance in my area and the impact to the quality of other delivery carriers in my area, Amazon is not afraid to engage in a race to the bottom in the name of market share and profits. Opting me in to Sidewalk will be the straw that breaks the camel’s back and sends me to anyone else except for Amazon when shopping.
I bought my mom an Echo for Christmas last year for the kitchen, since she likes making lists and setting timers for baking and her hands are starting to show their age (she’s 63, ‘bout that time I guess). Really grating that what was at one time a helpful device for older folks is now retroactively being turned into yet another internet surveillance device.
> retroactively being turned into yet another internet surveillance device.
Oh, and an ad-delivery mechanism. Ask Alexa to set a timer, and sometimes she'll rebut with "while you wait why not try Amazon Music!" It's absolutely infuriating.
I emailed jeff@amazon.com (VIP support team) and they confirmed it could not be disabled by normal means. They disabled it on their end but then had to do it again when somehow it got unset.
The "start with the customer and work backward" mantra that used to be strong in the company is now completely ignored for Alexa it seems. The first domino has fallen. I suspect we'll see many more fall as a result.
I have never heard anything like an ad on my Echo. If I ask it to set a timer, it does, and then sounds the alarm x minutes later. Nothing else. If the kids ask it to play a song, it plays that song. If they ask it for an animal fact, they get one. Nothing else. Did I toggle something at setup?
She will sometimes tell you about features related to whatever you asked of her--and sometimes those are paid things she's talking about. For example, playing songs at the tier that comes with Prime and she might talk about Amazon Music.
With all due respect, it’s a microphone connected to the internet that you are meant to install in your home. How are you surprised to see it used as a surveillance device?
no no no, you should not expect people to behave badly.
I agree with the sentiment that it is a crying shame this technology could be used to help people for whom keyboards become complicated but instead it's used to trick them.
> no no no, you should not expect people to behave badly
Should you not?
There’s a bit of a spectrum of that. On one end of the spectrum, we all leave our front doors unlocked and our car keys in our parked cars in case someone is stranded and needs to borrow our car. Most of us don’t do that, but that’s what a truly high trust society looks like.
I think it’s prudent to expect any large tech company to violate our privacy to exactly the degree they are physically capable of. It doesn’t mean we should morally approve of them living down to our low expectations of them, any more than we should morally approve of burglars and car thieves exploiting the naivety of people who think they don’t need to lock up their homes and vehicles.
And yes, it is a crying shame that we live in a low-trust world.
>no no no, you should not expect people to behave badly
you should not excuse people behaving badly because it is to be expected.
if you want to be able to protect against people behaving badly you should learn to expect it of them, expectation of bad behavior enables preparation.
So the tax evasion, worker abuses and militant anti-unionisation weren't enough!
I often see comments like this, and I truly wonder if anything would prevent people from using Amazon. I don't want to criticise you specifically — it's so easy to say you would switch but becoming increasingly difficult to do. And motivated cognition is really a thing.
Tax evasion, worker abuses, and anti-unionization all happen far away from me and require some kind of SJW attitude to motivate change. I don’t see these things, they don’t impact me directly, so it’s no wonder they don’t factor into my decision making as much as things things that are actually happening in my home.
Alexa advertising to me, becoming a nuisance, and coopting my internet connection all happen close to me.
I ordered two HomePod Minis to replace the Echo Dots in my home yesterday. Amazon will no longer have a foothold in my home, and won’t have visibility into my shopping list or other usage.
Do the parents understand that spying on people is how the industry makes money? Surely, "the industry" would not spy on people without a "business" reason. There seeems to be a belief by every participant in "the industry" that they must learn things about users and they should not always have to ask permission to gather such information.
Sometimes people on HN try to analogise to something like a retail industry where a customer can be observed through their purchases. However there is a major difference. The purchase. That is the ultimate goal of the retailer attained. A purchase. The retail business is not some honeypot to gather information on people. It is trying to make sales. Users of "free" internet-connected products and services generally do not make purchases from the provider of those products/services. They are not fulfilling the goal of the business: to make money. Thus, the company must find paying customers somewhere else.
Particularly amusing is the oft-used "justification" of [we spy on you] "to make our ["free"] products and services better." Sometimes participants in "the industry" suggest they are trying to make products and services better for users. Other times it less clear exactly who the improvements are (purportedly) intended to benefit. Of course the ultimate goal, because this "industry" of spying is considered by them as a "business", is to make things better for paying customers. If they fail to collect information from users, they do not make money and the "business" fails. Even non-profits supported by deals with advertising companies feel compelled to conduct "telemetry". Not learning about users is deemed unacceptable.
To that I ask: what problem does Alexa solve?? Why does one need a device to switch the lights?!? or turn music on or off. How much is one willing to pay for a minuscule, incremental particle of convenience.
This may be an unpopular opinion, but I think Alexa users only have themselves to blame.
It's the same thing Apple is doing. They want every device to be a part of a low-power BLE network for Apple AirTags or Amazon Echo Tiles or whatever they are. They want a huge network so that these small low power devices can use everyones devices to connect to the internet.
For what it's worth, the only way to Opt-Out from Apple's broad network like this is to disable all "Find My" network tracking, so you'll never be able to remote control your own phone using its standard radios if you wish to disable the tag network stuff.
The idea of a mesh network is not what concerns most people. It’s the idea that devices from Amazon connect to it automatically and can do whatever they want with it.
The canonical anti-example is this: You buy a smart TV, but don’t give it your WiFi password. No problem, it connects to any Amazon device whether in your house or next door, and now it can sell information about what you watch, how many people its camera can see are in the room, words you say aloud in its presence, &c.
At the engineering level, Apple’s mesh looks like Amazon’s mesh in exactly the same way that at the engineering level, an iPhone looks a lot like a high-end Android phone. What’s different between them is what Amazon uses its mesh network for, just as what’s different between an iPhone and an Android phone is what Google uses its access to your devices for.
Apple obstructs adtech and tracking. Google builds its business on adtech and tracking. Apple uses its mesh network to find items. People fear that Amazon will use its mesh network to spy on you in the name of revenue.
Amazon's Ad business is a monster that is growing faster and faster [1] so they'll want to track and absorb as much data as possible. FireTV is one of the noisiest devices in my home, second only to Roku, constantly phoning home.
Selling access to a mesh network to other providers will become an additional source of recurring revenue from what would have otherwise been one time revenue source (hardware sale).
It will be no different than Amazon competing w/ FedEx and UPS using it's delivery engine
To be honest, I find these ad hoc mobile mesh networks fascinating.
With cheap flash, we could do a lot of high-latency high-bandwidth data transport with just existing movements.
We could eliminate telecoms overnight but we just don’t have the organization to do it. Like, every house used to have a VHF/UHF receiving tower on it.
Does it not also introduce the possibility of introducing possible vulnerabilities by sharing connections? I generally have a pretty good idea of what I’m doing on a network, but now my neighbor might be up to no good on my network and that seems like it would be a potentially big problem.
Depends how it’s structured. At best, you’re like a TOR relay and have no real idea of what’s going in or out.
But if you act like an exit node, you could be screwed if you live in a place where an IP is enough to be found guilty and nobody runs a public wifi. But you can always tunnel your outside traffic out over TOR.
Hah. Well, humans have easily predictable movement patterns right? Home, work, grocery store.
Imagine wanting to move data from city A to city B, so they'd decide to do a Tinder match of a girl from City B to this guy from City A, so he'd visit her a lot and be the data conduit...
Not just human movements, but any movements. In Northern Canada, we have tons of fly-in communities that exclusively use satellite internet.
And few good opportunities for caching either.
Would be cool to have a seamless system where you put in your Netflix request and a couple days later, the shows arrive because the aircraft has a Pi loaded with SD cards on it and boots at ground level.
There are tons of cellular network antennas hidden atop buildings in regular urban environments. Thankfully, in the current paradigm, telcos pay rent to put down these antennas and occupy the space.
> the only way to Opt-Out from Apple's broad network like this is to disable all "Find My" network tracking,
Not true. I just checked on my own phone, and the toggles for "Find My iPhone" and "Find My network" are separate. Disabling the latter only warns you you can't locate your phone "even if it's offline", i.e. if the "standard radio" is off.
it doesn't seem like the same thing to me at all, one is a very targeted "find a device" api/network that does nothing except allow airtags to send an encrypted "here i am" to a airtag owner while the amazon sidewalk network is "open to everyone and anyone to send anything" - what happens when someone co-ops it as a proxy for hacking? 80kps is enough for an ssh session. It's basically like having a slow unprotected wifi network piggybacking off your connection.
100% this. as a device maker, sidewalk is a potential game changer for low power connectivity and finally a path to lorawan finding wide spread adoption
except that, unlike ble, lora lives on bands that are not the same world wide - there is no region 3 ISM band - here in NZ the US ISM band is right in the middle of one of my cell phone company's bands
this is true but in practice it's not a big deal. Companies don't usually do a single sku for the whole world especially with the certification requirements.
I (pre-covid) visit the US a lot and often bring stuff back. I'm used to turning off/switching the US-DECT/etc when required but in this case Amazon has snuck extra functionality into my home without my knowledge.
Of course when the radio inspector comes knocking on my door because Amazon has loaded the wrong firmware into my box (without my knowledge) it's me who's breaking the law, not Amazon
this is already the case. certifications for 2.4GHz and 5GHz WiFi have different requirements between the US and EU. Often in the EU companies have to lower the peak power.
I don't like the idea of my neighbors piggybacking off my data and power hookups. Why aren't device manufactures figuring out how to make things that don't require something like sidewalk to exist?
It's not that difficult to run cable and use power over ethernet.
The Sidewalk network has a very low bandwidth of 80kbps with a cap of 500 MB per month. I doubt that it will incur extra cost for most people. Is your concern about the principle of sharing bandwidth or are you worried about the actual cost?
Product managers do understand, and they do recognize, but they are not making the decisions, and they are powerless to do anything about it. Like any major company, when employee doesn’t want to do something, they will find someone who will.
What will happen is some high profile company that has a few Amazon devices on their network will have these devices exploited to gain network access and get hit with some ransomware/data theft/etc... and then there will be a big legal battle between Amazon and the hacked company and this whole idea will be shut down and consumers will get a $10 class action settlement for each device.
In my opinion, this legal change is a huge sleeper story that is behind a number of changes in how customers are getting treated. Since customers can no longer economically avail themselves of the courts to protect themselves en-masse, certain companies find it in their interest to exploit that asymmetry for profit.
In other words, a company could always impose a harm on all of its customers for its profit. But, now, if that that company imposes a class ban through arbitration, those customers cannot, collectively, seek recourse for that harm.
It's amazing to watch companies admit they abuse this pattern.
A couple years ago I got into it with Comcast over an Identity fraud issue. When I threatened to take them to court for harrassment (I'd sent them more than what was needed to prove I never resided at the address in question) they tried to throw the 'binding arbitration' clause out there... When I told them I never was or would be a customer of theirs and thus wasn't held to their arbitration, they didn't quite know what to say next.
Another story on the front page right now[0] from the WSJ[1] seems to imply that arbitration clauses fall apart when faced with a mountain of arbitration demands (75k+). Amazon is now seeking to remove its own arbitration clause for customers so that these can be consolidated into a class action lawsuit.
Something like that happened to Doordash a little over a year ago [1] [2]. Workers wanted to start a class action, Doordash used their arbitration clause to stop that. Over 5000 workers then asked for arbitration, which would have cost Doordash around $10 million in arbitration fees.
Doordash then tried to get a judge to make it a class action. The judge felt that this Doordash was in this mess due to their own hypocrisy and declined their request.
I interviewed at Doordash when they were just starting. I think I would have been like employee number twelve or something. To this day, I have not interviewed with a founder that repelled me more.
Is that really enforceable? Maybe. I suspect that customers are better off not going through class claims anyway, as few of them actually yield amounts close to the harm done, and lawyers walk away with absurd amounts.
"Collective" is merely a tool for not clogging courtrooms; there really isn't any other benefit to consumers here.
Depends who clicked the agreement and what the company bylaws of who can agree to terms. Some low level IT person will not have the authority to bind the company into an agreement and the injured party is the company.
I believe there was a successful recent strategy for dealing with this clause by submitting a new lawsuit for each harmed user, to overwhelm everything (courts, company lawyers, etc).
Some attorneys are starting to specialize in consumer arbitration. The attorneys will eventually find a way to put the squeeze on these companies as they try to change the rules.
More likely, telecom will think, this is against our residential TOS and we can use that to get a slice of the Amazon’s mesh revenue. Especially because most of the telecoms offer side access to wireless routers of their customer for other customers of theirs too. Maybe this is a play by Amazon to be in a better position in this set of future negotiations - one which the average consumer is really a bystander for all the input they have.
This could be somewhat mitigated by VPN tunneling all traffic through Amazon’s edge, not sure of their implementation here but I highly doubt that Amazon overlooked this threat model.
The exploit attack vector mentioned is already a risk to any device connected to a sensitive network. VLAN your consumer devices, conference room screens, at minimum.
I'm more worried about this amazon mesh network being used for access by other internet devices.
For example, it's not easy to get a dumb TV. If I had one I wouldn't want it online. It appears that Amazon would sell access to the TV manufacturer so that it could spy on me via my neighbours Amazon Sidewalk device.
To me this is new threat vector. I don't take kindly to corporations spying on me.
huh i didn't even think about that, plug an amazon device into your network and this mesh allows anyone to connect to it - exploit it and now they are on your internal "Secure" network. brilliant.
Sidewalk is a separate network that only allows encrypted links back to the AWS cloud. It should not be possible to interact with the host network without two malicious devices, one Trojan with access to the network already, and the other in control of the attacker. Even then, the host would have to give the Trojan access.
this is not different for any other internet connected device on your network. although i doubt its about connectivity to the internet but about connectivity to some backend over the internet. I think it is quite common to assume these risks to be your own problem as is mitigating them. I mean i would probably like it if there is some responsibility for manufactures to make sure it does not happen but i doubt we are even close to something like that.
It doesn't show up in my Alexa app (iOS), and I am running the latest version (I have auto-update enabled). I only see Recognized Voices, Guest Connect, Voice Purchasing and Workouts. I see online references to this setting as long ago as November 2020[1], so it's concerning that it's still missing for me.
Edit: I just realized that all my Echo devices are 2nd generation, which apparently don't support Sidewalk[2]. I wonder if the menu item only shows up if you have devices that support it?
I'm seeing the same issue as the parent. I've check the alexa app under account settings and the option does not appear. The last version on the app store is from 2 weeks ago. I wonder if this is a web view and they're exposing it to different users at different times.
yup,Alexa app, which I haven't opened since at least last year, and had all devices unplugged, found it buried in there - set to [ENABLED]. I've never seen a notice/alert/opt-out opportunity, and I would have noticed it.
So, yes, in at least some instances, Amazon is doing a stealth-enabled rollout.
I have my IoT/IoS devices cordoned off onto their own network locally (with internet access, of course) as a matter of trying to protect my LAN from any exploit.
However, I find the convenience of these devices to be extremely high: they play music, they give us convenient timers, they function as a whole house intercom, they tell us the weather and answer (often poorly) some random questions without going to get our phones out.
With the advent of this technology, it's no longer just your data that's being risked. If you have a neighbor who owns a sidewalk-enabled appliance and doesn't want it to connect online, anybody in the neighborhood with sidewalk enabled is now an accomplice in subverting the preferences and desires of that person.
It's no longer enough to think "Well I didn't give the TV my wifi password, so it can't spy on me." Now I have to wonder about what opt-out bullshit buried deep in settings menus my neighbors neglected to disable.
Can you give any insight into the solution you’re using to achieve this? I’ve got some noisy gadgets on my network that I want to cordon off, but I’m not sure where to begin.
Dedicated SSID(s) with that/those SSID configured as a guest network goes pretty far. I happen to use Ubiquiti gear, but most any router is likely capable of creating a dedicated guest SSID (or multiple). That covers wireless devices (which is all the IoT stuff that I have).
The one aggravation I had was trying to get the Chromecasts to work correctly (where I wanted to be able to cast from a machine on the main LAN to a Chromecast on the Google IoT SSID). I would periodically get it working and then it would periodically break. I'm not even sure that it's working right now to be honest, mostly because a lot of the need for that use case (video playback) has shifted to FireTV sticks.
Oh no, I was trying different bits of routing trickery. I'm pretty sure if I sat down and gave it a solid 3 hours straight of methodical effort, that I'd have figured it out once and for all. Instead, I would have 5-10 minutes total per attempt, try something, see if it worked or didn't, then the next time I tried the Chromecast (possibly weeks later), it wouldn't always be repeatable. I also had the Casts being powered off the TV, so they got hard shutdown and cold-booted pretty often.
In short, I never really cared enough to get it working right as the FireTV was "winning" the convenience battle by enough to make it not matter most of the time and I always had an HDMI cable for the times when I really had to get a screen "sharing" to work.
TL;DR I tried to force Chromecast (and everything else) to use Pihole as DNS and misbehaving devices (like Chromecast) hammered my pihole into oblivion. I'm talking tens of thousands of requests in a very short amount of time which caused my RPI4 to stop responding to DNS requests (dashboard was still working though). See linked comment thread for details but suffice to say 4 virtual machines with pihole behind two load balancers still saw some downtime. OPNsense gateway is a much better (and safer!) fix IMO :)
that's what i thought too. or somehow having to to relay specific broadcasts or similar ways to make the discovery work. this is why i had the impression it could be related to some routing trickery that might had worked for ipv4 but not for ipv6 and the discovery process could make it appear as they are on the same network segment while link-local ipv6 is available when in fact its not...
i have my chromecasts and computers on two different vlans and works just fine, but there are a few things you need to do, ensure MDNS works between then and open up a half dozen or so ports.
5556,5557,5558,8010 + MDNS is how i got VLC & videostream to cast across vlans with ubiquiti, of course now i've setup an emby server now so don't bother anymore but i doubt its changed in the last year.
The whole IoT thing just goes to show how... unique many people on HN are. I get it, it's a risk, etc. but IMO the convenience is massive. I do the same as you do, its a bit more work but it works fine for my use case. Use reputable products and segment them and the attack vector is rather small, IMO. I also try to not use wifi devices and instead go for something like zwave.
> However, I find the convenience of these devices to be extremely high: they play music, they give us convenient timers, they function as a whole house intercom, they tell us the weather and answer (often poorly) some random questions without going to get our phones out.
It’s 100% genuine, 0% sarcasm. Shaving minutes everyday, making music a more frequent presence in my life, all with a non-contact interaction is a noticeable convenience and quality of life improvement. Sure, I could install a wired intercom, buy different Bluetooth speakers and futz with my phone to play music, clean my hands every time I wanted to adjust a timer in the kitchen, etc.
I have an old dot connected to my stereo to stream music. As they say, it is extremely convenient to be able to request some music and have it played.
My amplifier has a switched outlet on the back that I've plugged the USB into; so if I turn off the amplifier the dot is powered off as well (presumably).
And, apparently, 2nd generation dots don't "support" sidewalk anyhow (though of course it is a little snitch hiding in my living room).
The "smart" TV is more of a concern as it is always on...
I might be the only one here who doesn't care at all about this. I love my Echo and Amazon IOT devices and have got better things to do than wring my hands over what they're doing with my internet connection. They use hardly any bandwidth so whatever, not going to turn this feature off.
The threat vector at this time isn't what Amazon does with access to your internet. It's what John Q. Public does.
'Free Internet' (on your dime), will always lead to abuse.
Plus, how much do you trust Amazon's security to NEVER allow access to other resources on your network?
I guess you could say they are about like those "new-fangled horseless carriages". You could argue that we sold our souls to the devil at the (now regulated) crossroads with them. But at the time (and now), they bring some real value at a cost that not all are aware of, or willing to pay.
I just disabled Sidewalk on mine a few days ago. This feels like it could be part of the plot of one of RMS's short stories a-la Right to Read. Jeez. What a joke. Not a ha-ha joke, you know what I mean.
That said, part of me (a very small part, mind you. Infinitesimal even.) wonders if in some weird way this will be good for the internet? Suddenly, thanks to Amazon, an IP address is no longer a person and you can point to Sidewalk as a concrete example that isn't just owner negligence.
Mind you that's a very thin silver lining for such an absurdly large can of worms, but I digress.
Big Brother won't be a boot on the face, forever, it will be private enterprise mesh network that comes wrapped in charming corporate market babble.
"Telescreens help keep you connected with your friends and relatives. They monitor activity and upload anonymous usage statistics that help make our products even better. Telescreens help make society safe and secure, ensuring that you can enjoy your choice of government-approved home activities without a worry. Stay protected from roving bands of child-raping coke addicts! Try our new HappyFace(tm) mood-altering brain implants, guaranteed to put a smile on your face and stamp out that pesky thoughtcrime!"
could you imagine any orginisation just walking up to almost every home in the country and presuming they had the right to "a very small portion" of your property, unless you went through some steps to explicitly opt out?
imagine they paid for their own infra to do this. how much would that cost? in this light, is sidewalk not theft?
amazon, if you want to use my internet - for whichever distopic future plans you may have - you can pay me for it. it will not be cheap.
I agree with the spirit of this but precedent doesn’t really agree with you because well… ads, analytics, telemetry, drm, etc.. These are all things that use your computing resources for someone else’s benefit.
This is the culture we’ve created in tech. There is a presumption that access implies blanket authorization — it’s the core of the hacker spirit, perpetuated through ToS’s, and protected at every legal challenge because restrictions to this idea are seen as overbearing regulation and stifling innovation.
I’ve always wished for regulation that required companies to have to request permission to access data and computing resources for a specific purpose and require that be opt-out by default. Like apps can request contacts for the purpose of looking up friends who use your service and be legally barred for using it for anything else.
Why the dickens isn't this opt-in? Now we live in a world where a corp can sit on your own home network and do business using your bandwidth without you explicitly agreeing. Not to mention the potential for security issues.
We all know the answer to this. It absolutely should be opt-in, but they know that around 96% of people will never opt-in. See: iOS 14.5 privacy changes.
I agree with you but it seems that most people outside HN don’t agree. As long as it’s done for good
(organ donation) people support the same manipulation.
Presumption of consent in the context of organ donation is a very complex topic[1]. Amazon stealing your network is not a profound moral quandary, and comparing the two as level ground is either an indication of lack of comprehension or intentionally being a bad faith contributor to the argument. Either way it's not a helpful avenue of debate.
That's not necessarily true. The biggest reason that people don't opt in to things voluntarily is because people are lazy, not because they've weighed the options and decided that opting in doesn't benefit them. (See the sibling comment, which mentions organ donation.)
We had this whole debate over COVID tracking. They've come up with a system that is actually pretty secure. It's entirely client side: none of your location information is ever revealed unless you report yourself as having tested positive for COVID. Opting in is not that unreasonable even for paranoid people (I use the app). And yet it has to be an opt-in system, which means it's unlikely to be effective.
Similar with Apple having its network for those tracking things set to opt-out, not opt-in. Having the network available to its customers is a benefit to them, and not enough people would opt in.
IMO, we need a third alternative in between opt-out and opt-in. The first doesn't sufficiently respect individuals' right to privacy, the second falls apart in a kind of inverse tragedy of the commons. As far as I know the only possible alternative is forced-choice: while setting up the device you should have to read a short statement about what it can do and the positives / negatives, and choose whether you want to enable that feature.
I imagine many people working at Amazon do feel that this feature provides value to people without impacting privacy. It's effectively a very low bitrate VPN to the Amazon cloud for the purpose of controlling IOT devices. As far as mesh networks go, that's pretty unintrusive and certainly provides value to some customers, even though I agree that making it opt-out is unacceptable.
Like Apple Amazon will change to OPT-IN when it is in their own interest and likely only after killing off some competitors. So maybe in a few years time..
They just need to create some incentive to opt in. It could be get some discount or your devices get a fallback if you allow other users to get a fallback in the event of internet loss. That would be the right way to do this.
Question -- I'm assuming most ISPs have something in their terms that prohibit a customer from sharing the connection. So with Amazon inducing a violation of customer terms of service, I wonder if ISPs will go after the customers, or go directly after Amazon for triggering the violations?
If the traffic is tunnelled, then customers aren't really sharing their IP address, and undetectable at the network level. What remains is a purely legal question.
Doesn't this break the terms of service for most ISPs? I remember during the last crypto-craze, there were attempts to monetize this resharing with tokens of some sort and the ISP's put an end to that real quick with legal threats against anyone reselling their internet. Even if this is free Amazon sharing, I'm sure some business is being built off of it?
I could see working on Sidewalk as kind of a dream if you have no morals. A mesh network you can turn on with a flip of a switch, with millions of devices across the world? Seems really cool, if you don't care about privacy or security. But if you do - and we should - it's a disaster.
As exchange for their otherwise unpaid service from those devices, they're using a fraction of your potentially capped internet if you happen to be in a market with such poor competition and/or poor regulatory environment that your service is capped.
I paid $200 (although much cheaper now) for my echo years ago. This isn’t a free device and the services it provides cost me actual money to be able to use. Pretty funny to spin this as “you paid $200 for this device, but all the services on it are free.”
Whether it’s capped or not is irrelevant. It’s still taking advantage of a paid resource without explicit permission. Also if it leads to increased demand across an ISP it will inevitably cause higher prices.
Would love to see a source to back this number up if you have one. I had caps on almost every ISP I had in Europe, but even out in the boonies here in the US I've only seen caps on one (unfortunate) connection.
And is also subject to radio airtime fairness rules in ISM bands, meaning the radio cannot be transmitting more than 1% of the time based on jurisdiction.
I think if people had a better understanding of how LoRa works they'd freak out a little less. This entire thread of comments appears to be mostly based on some substantial misconceptions around the capabilities being surfaced here.
LoRa isn't wifi, enabling LoRa doesn't create an IP attack surface, and the bandwidth is so hilariously low as to be trivial. You can exfiltrate tens to hundreds of bytes with these things.
I wonder how far you could mesh up the east coast, if you had mesh devices in every home, and what the round trip time over that range would look like if you're hitting a device every hundred feet or so.
I don't think something like that is possible. Without a centrally accessible authority, you cannot efficiently route data. Which is important with how low bandwidth something like LoRa is (and even Wifi may not have enough range/bandwidth). I don't think mesh can scale up like that.
Something like Meshtastic (FOSS mesh messaging project which uses the same LoRa wireless as Amazon's Sidewalk) blindly broadcasts, and any node that picks up the message repeats it. So with a big enough mesh, you'd use up all wireless bandwidth just repeating messages. Even if the recipient is right next to you.
If you could theoretically build a list of nodes, to efficiently route data by doing a shortest path, at some size the data needed to keep the node list up to date would eat up all the bandwidth. Because like messages in the previous method, every change in the node distance tree would have to propagate throughout the entire network.
> Users can disable Sidewalk in the settings section of the Alexa or Ring apps, but have until 8 June to do so. After that, if they have taken no action, the network will be turned on and their devices will become “Sidewalk Bridges”.
Wait so what if a user buys Alexa after June 8? Are they automatically enrolled into this mass wireless sharing program with no way out?
You can still disable it after June 8th. The network isn't active right now, but you can preemptively disable before it goes live on the 8th. Users are automatically opted in to sidewalk and you have to opt out.
Stack overflow’s TOS has a binding arbitration clause, [1] despite overwhelming user feedback to the contrary. [2]
Y Combinator’s TOS has an arbitration clause. [3] This also applies to Hacker News.
It seems to be. It can use up to 500mb/month of data, and is more than just for tracking something with tiny payloads of anonymized data.
But it doesn’t seem to be sharing your internet like a lot of people seem to claim. I guess the fear is that there’s some security vulnerability that makes that more possible?
> When Sidewalk is on, your Bridge can share a low-bandwidth connection with Sidewalk-enabled devices, like sensors and smart lights that are installed in locations around and outside your home where wifi may not be available. Amazon Sidewalk does not support high-bandwidth connections like a wifi or cellular network would, so you would still use those connections for streaming movies, posting on social media or sending email.
It does share your Internet connection. By default, an Alexa device in my house would be negotiating a connection sharing arrangement with my neighbor's. If/when a vulnerability is found in these devices, an attacker on my neighbor's network will have connectivity to a node on my network. Now imagine the case where a small business has a vulnerable Alexa on their network to play some music in the office. Anyone who could get a hacked Alexa within 900MHz range of that office would have access to that office, open file shares, etc.
Perhaps, but does the same thing not apply to Apple iOS or Google Android devices? If an attacker finds a vulnerability in one of these common devices, they can compromise any of your users' devices and can then open file shares, exfiltrate data over their cellular link, etc.
We are now in year 7 of availability of Amazon Echo devices, and there are two recorded vulnerabilities (one required internal hardware access, the other required connecting the device to a malicious WiFi AP.) Given that track record, there may never be a broadly exploitable vulnerability in the devices; they are pretty locked down and they auto-update regularly, with no provision for delaying or blocking said updates.
No, it doesn't. Those aren't designed to make a bridge between untrusted networks. With a phone, they're usually on either LTE (which is generally regarded as reasonably secure) or your home network, but not typically both at the same time. Someone at Verizon could hypothetically exploit my phone from inside their network and then use that to attack my home LAN but that seems a pretty low risk.
I don't believe that any of my neighbors has worked as hard to secure their home network as my cell phone carrier has.
The number of prior vulnerabilities isn't relevant here. Up until now, an Alexa has been more or less a "dumb" client that relays voice samples to a cloud server for processing. Now it's being repurposed into a new role as a network server itself, running new software that hasn't yet been widely tested, which implements a new network protocol which hasn't been widely deployed.
It's a change, certainly, but mobile devices are a much bigger risk to your internal network than a Echo device is. Both are general-purpose computers inside, but the attack surface of a phone is way larger, and there are plenty of recorded instances of phones being compromised. The Echo devices have a good security track record, and I feel they remain much less likely to be compromised than any mobile device.
The number of prior vulnerabilities is totally relevant. Your threat model required a vulnerability to be found in these devices allowing them to access your network maliciously. I am presenting data showing that the such a threat is unlikely, especially when compared to mobile devices that you (presumably) already grant unfettered access to your network.
Sure, if you feel that an Echo device is now a larger threat than it was before this feature was enabled, you may want to get rid of the device. I don't feel that way, I think the small increased threat to my network is outweighed by the value of being able to find my dad's keys when he drops them (and the attached Tile locator) outside the home of someone with an active Sidewalk device.
I think the Tile bit is a non sequitur. There’s no need for a Tile tag to create a network connection to a remote serve. That functionality could have been implemented without Sidewalk (eg Apple’s Find My is completely differently), so I’m dismissing that justification from Amazon.
I have a few Tile tags, too, and I hope their new Amazon partnership makes them start being useful. It didn’t need Sidewalk though.
When a Tile device associates to another device that detects it, that device has to send a network packet to the cloud that says that it found a Tile with a certain serial number. That’s using your network/your bandwidth to transmit proprietary data about someone else’s property, without asking your permission. That’s exactly the same in kind, just maybe not in degree.
New Tile devices can play a sound on command. If you use Sidewalk to send a play-sound command to a Tile, then again you are using this proprietary shared network.
if this was doing for tile what find my did for airtags i don't think there would be such an uproar - this is open internet for whatever the device and manufacturer want to do not an encrypted "hey katbyte your airtag is here" that only the user at the other end can read - i trust apple, and maybe i trust amazon, but i don't; trust the flood of rando devices that will use and abuse this
Perhaps, but Apple didn't even ask about airtags, they just quietly broadened the "Find My network" across all Apple hardware to support this new feature. And there's nothing stopping apple from generalizing their "Find My" network to pass the same type of data that Amazon is.
find my is airtag location -> owner and sidewalk is device <-any data-> amazon/device owner.
airtags has privacy built in and anti stalking, tile and amazon sidewalk does not. Sidewalk is enough bandwidth you could easily drop a location track & voice recorder on someone and have it spy - voice can go as low as 30kbps.
Well if noone who owns these devices wants to do it it probably shouldn't be done then, right? Or Amazon could give a 5$ credit or something. That would probably be enough.
Reality is, most people who own these devices wouldn't know how or be aware it's even an option, and a mass marketing campaign would need to go into effect to just make people aware of it and why they would potentially want to do it.
If Amazon wants to release a feature that they make a bunch of money off of selling it to advertisers, that uses customer resources and doesn't benefit them, and many/most customers actively don't want it, then they need to convince people to say yes. How is people not wanting to do it justification for Amazon doing it? If they want it done they can offer credits
>Well if noone who owns these devices wants to do it it probably shouldn't be done then, right?
I think it's just a matter of comparing the number of people who would actually opt in to such a service versus the number of people who don't really care one way or the other whether they're opted in.
When it's opt-in, you can expect your network to consist of:
total = [number of people who care enough to opt in]
When it's opt-out, you can expect:
total = [number of people who care enough to opt in] + [number of people who don't care either way] + [number of people who who would opt out if they knew they could] - [number of people who opt out]
Even if you perfected your user education to ensure 100% of [number of people who who would opt out if they knew they could] actually opt out (a perfectly-valid "moral" end-goal, IMO), your resulting network would still be significantly larger than if you made the feature opt-in.
If a decision-maker sees the feature as "helpful" to users (a likely assumption in a vacuum), I could also see them making a judgement call to make the feature opt-out to maximize the "good impact" it potentially could have.
But this is Amazon. So it's way more likely the decision-maker is just trying to maximize company profit (which could still be morally justified if they cared to ensure everyone that wanted to opt out could!) and not thinking about whether the feature morally "should" be done or not.
I'd give any other company the benefit of the doubt here and assume they're valuing the good of [total number of people on the network] over the "bad" from screwing over [number of people who who would opt out if they knew they could]. I'm inclined to think Amazon is valuing the profits of [total number of people on the network] instead.
Can someone elaborate on the privacy concerns (e.g. with Amazon "becoming a pseudo-ISP")? It seems like most (if not all) of the network use would be Amazon devices anyway, which is data they already have. Additionally, as far as I know, Amazon isn't really in the business of selling ads or customer data, so they seem like they'd be relatively trustworthy (compared with, say Google, who's entire business is based off of selling ads, and also literally sell routers.) Is the concern just the threat that they could abuse this data? Is it just general "big company getting even bigger / having more data is bad" sentiment? Genuinely curious.
(The security concerns make sense to me -- most people and businesses assume their home network is closed, and this theoretically opens an attack vector. Asking specifically about privacy.)
The talking hockey puck in the corner is becoming even more problematic.
One week? Why the deadline? At all?
They do seem like they're in a hurry. For something that is meant to help and apparently put smiles on our faces it does seem like high pressure. Perhaps its less about the smiles then? Maybe not about the helping either.
It's not a deadline, you can opt-out after it launches. The date is just when it becomes active. I'm not sure when it was first announced, but it wasn't today. I opt-ed out a few days ago when I saw it in the news. I think it's just making the news rounds because it's so close to the launch.
I’ve seen a couple other articles like this that that to “both sides” this by claiming Apple does it with AirTags. Seems pretty disingenuous, feels like comparing faxing documents to the internet…
Playing devil's advocate here... aren't those same two things true of Sidewalk? If you purchase an Apple tag, then you benefit from other users who have this feature enabled. If you buy a device that uses Sidewalk, same situation. Both can be disabled.
> Apple: Their device: "Hi, I'm an AirTag! This is my serial number!" Your device: "hey Apple, I was at (X, Y) when I saw this serial number."
> Amazon: Their device: "Hi, can I send traffic through your network?" Your device: "sure, buddy!"
I think you're mis-characterizing Amazon here. It's not "can I send traffic through your network", it's "can you pass this message to Amazon for me? Amazon will pass it on to my manufacturer." The devices in question can only talk to a specific set of Amazon servers. They can't talk to any systems other than the Sidewalk Servers.
> When Sidewalk is on, your Bridge can share a low-bandwidth connection with Sidewalk-enabled devices, like sensors and smart lights that are installed in locations around and outside your home where wifi may not be available. Amazon Sidewalk does not support high-bandwidth connections like a wifi or cellular network would, so you would still use those connections for streaming movies, posting on social media or sending email.
sidewalk device "hey amazon i want to talk to my manufacturer" amazon: "sure thing! let me pipe you through to them" manufacturer "lets connect you to whatever we want on the internet"
how is that not unfettered access to whatever the device wants via the manufacture's server?
Because that doesn't give them any access to my internal network, which is the usual objection. If their device wants to talk to an arbitrary server on the public internet, why do I care, when it's all encapsulated in encrypted tunnels? Once the packets emerge from Amazon's server, they can't get back into my network.
Yes, this is using some of my bandwidth, but it's capped at 80kbps and 500MB/month, which seems like a pretty small gift to Amazon and the device manufactuere, assuming it even hits that, which it probably won't in most circumstances.
because the issue isn't about access to your network, its the rampant abuses that could be done with it - a stalker/crazy ex could place a recording device that streams audio (only need 30kps) constantly or tracks someone with no repercussions or any of the security airtags has and without users knowledge. This is a classic "move technology forward with no regard to the consequences and who cares about privacy" move.
Developing such a thing, registering it with Amazon, Amazon approving it as a compatible product, setting up the integration with Amazon, ... sounds like something nobody would do when they could just use the mobile phone network instead.
i can not see amazon doing a good job vetting all the devices/not making it easy to setup a test/dev account and devices. and mobile phone network costs money for each device, sidewalk is free for all?
I was worried that my Eero routers were going to get roped into this, but thankfully the CEO confirmed on Reddit[0] that there are currently no plans to involve their products in Sidewalk.
Amazon owns them. If you knew that, apologies, it wasn’t clear to me.
Regardless, Sidewalk doesn’t make much sense for Eero since it provides the traditional Internet access points for the IoT devices that make up the Sidewalk mesh.
The article reads a little alarmist honestly. They have created a low bandwidth mesh network for mostly IOT devices. I don’t get how this is suddenly compared with sharing internet. The later of which, Comcast actually did and does.
Far be it from me to defend Comcast, but it's not equivalent in the slightest. Comcast creates a separate network, with a separate IP, using their cable modem and the DOCSIS bandwidth available on their network. Its third-party usage does not count against your data cap, and any nefarious usage would not be associated with your own account and possibly subject you to civil or criminal sanctions.
Devices can only talk to specific Amazon APIs (which then hand the request to manufacturer APIs) with Sidewalk, they don't get to arbitrarily use your internet connection either.
Here in the UK, BT does the same thing and nobody seems to complain. If you're a BT customer you can use your own data through somebody else's router. Maybe actually giving something in return is the answer for Amazon?
The Security Now podcast has a great episode [1] about why this isn't as scary as the headlines make it out to be. I'm actually quite disappointed at the sheer amount of fearmongering surrounding this technology here on HN of all places. For some reason I expected HN to be better than the general tech press when it came to these things.
It's very unlikely that you have title to amazon's software. You may have a license to use their device and the related software subject to their terms, but that is VERY different than classical ownership.
All the megacorps have gone this direction.
Amazon is going to give you a constantly improving Alexa system and ecosystem and in return you are going to let them use sidewalk in most cases.
Traffic over sidewalk will egress to internet from Amazon AS numbers.
You need to be careful about open wifi which despite the claims is different - traffic will egress as you - so if someone jumps on and does some stupid stuff, you can create a fair bit of pain for yourself.
Most folks experience free improvements to echo after purchase. That is part of the value people see in these devices. The network effects get stronger with time. All of the use of these systems requires agreements to TOS that mean you really don't own / control the device, amazon does. Worst cast, when the megacorps close your accounts, you can actually lose access to lots of stuff that it feels like you "own". All your photos, all your email, maybe media content, books etc.
I don't particularly find it "scary", but it is monopolistic practice.
Amazon are using their devices to get a lead on the competition, and in a way which consumers are unlikely to think is fair.
If a company approaches me wanting to put infrastructure in my house (that only benefits them and may incur charges to me), they should normally expect to pay rent.
I think it's definitely scary. How is this even legal? In what world is it OK for Amazon to co-opt my internet connection and share it with random passers-by? Even if it's only 80kbps and 500MB/month (as another commenter pointed out), this will be just the beginning if they get their way. It will set a precedent for them and others. And they know that most people won't notice or care enough to turn it off! This is just disgusting arrogance from Amazon.
There once was a time when I was happy to share my wi-fi with my neighbours.
Everyone pays for their own household now, only because of general corporate scaremongering and specific lobbying to claim that the owner is liable for misuse.
I remain surprised there isn't a bigger movement and open source infrastructure for sharing connections locally.
If I was able to share a few connections with my apartment-neighbours, that would be cheaper and more reliable than my current setup.
Personally, I'd be happy to share my connection with another human being
This isn't really the same thing though, it's Amazon treating all its customers like a harvestable resource, and reselling that resource as a value-add for their other products
Really? I think it's worse than most headlines make it out to be. I wrote up some thoughts at https://honeypot.net/post/tripping-on-cracked-sidewalk/ , but the TLDR is you're allowing unknown parties to bridge their network with yours. That's one single mistake in the protocol or implementation away from all sorts of horrid failure modes.
I wonder how would AWS feel if OEM's of the data center devices decide to share AWS's very costly bandwidth to proxy their other clients data.
Imagine the outrage by Amazon.
Imagine Volvo or any truck manufacturers decide to ship their other client's packages, using Amazons fleet (next day delivery for every service)
Thats how this feels to me.
The nerve on Amazon to push this shit after people bought the devices already and to make it opt-out. What are the devs at there smoking.
No. The "Sidewalk Bridge" devices that will share your internet to the Sidewalk are, as of today:
> Ring Floodlight Cam (2019), Ring Spotlight Cam Wired (2019), Ring Spotlight Cam Mount (2019), Echo (3rd gen and newer), Echo Dot (3rd gen and newer), Echo Dot for Kids (3rd gen and newer), Echo Dot with Clock (3rd gen and newer), Echo Plus (all generations), Echo Show (all models and generations), Echo Spot, Echo Studio, Echo Input, Echo Flex.
It's interesting that only a few devices, mostly the newer ones, are capable of using LoRa. All the older ones are just BLE (i.e. technically <100m range, but in real world conditions probably 10-30m max).
It’s so “smart” TV’s etc can send data home even if you don’t connect them to the internet. Longer term expect random devices you own to inject even more advertising into your daily life.
Amazon is going to sell access to Sidewalk to e.g. TV manufacturers (and anybody else), making money off of your internet connection.
Before Sidewalk, if a device manufacturer wanted to be able to get sensor/environmental/etc data back to the mothership, it had to either pair to a phone with bluetooth, use wifi (needs creds), or include a 2g modem with a SIM (pretty expensive). A customer who doesn't see a need for that device to have that connection just won't pair / give wifi creds, and the 2g modems/SIMs are expensive enough to keep them out of most devices.
In a world where Sidewalk is a viable option, a lot more devices will be sending whatever information they like that they can sample about you out of your house. Sure, it makes sense to carefully read the privacy policy when you're buying a echo dot or ring whatever, but are you going to be so careful when you're buying a toaster?
My only options for escaping Sidewalk are living far enough away from neighbors or convincing all the neighbors within range of my house that they shouldn't have any Sidewalk bridge-able devices.
I would at least be interested in a way of finding out what sidewalk bridges are accessible from my location. Anybody know of a way? Is it just wifi?
There's at least 2 other options:
Disable (physically) modems/antennas of sidewalk-enabled devices you own, or do not purchase devices that are sidewalk-enabled.
Sidewalk uses LoRa and a 900Mhz other signal (for garage door openers). With an SDR that can use that spectrum, you could probably determine if there are sidewalk endpoints around. Might be able to foxhunt them to certain houses.
My plan is to do my best to avoid these devices (FCC IDs may be helpful here), and if I can't, then physically disable them from being able to communicate. Hopefully other folks do the same, and there will be information/a community online to help.
The rest of the world is up a creek, only the 'techno-elite' have the privilege of privacy and being tracking-free. It probably doesn't amount to much, though...
I had thought that there wouldn't be any labeling requirements for Sidewalk-enabled devices, but you bring up FCC IDs. I've never given them much thought, but that's at least one thing to look out for in the future.
I'm now kind of interested to go look at the boxes for some of the devices I already own to get a feel for what's there. I expect it would probably all come down to a few BT / BLE / wifi chip manufacturers.
You've got an Alexa, your neighbor has a Ring. The network goes out on your neighbor's house. The Ring can then use your Alexa provided sidewalk network to send a notification to your neighbor about a package or whatever.
Someone makes Tile like product that can use Sidewalk to track its location. The sidewalk extends its range and accuracy.
Right now, it really appears to be just Ring devices that can make use of it.
This isn't a guest Wifi that arbitrary people can connect to... though as we saw with the Apple tags, people have quickly piggybacked other data on it.
---
While I don't have any devices that extend the Sidewalk network, I've disabled it... just in case I do get one.
How do you know you really disabled it? What if it does the same as Google that was recording location data and then uploaded them right after you established a WiFi connection? What if Amazon devices would do that a few times a day without you noticing, and the "disable Sidewalk" button would just mean "do it less frequently"?
I don't. But all of those questions tart out with "what if" and presuppose deception on Amazon's part.
Amazon's business model isn't "sell your info" - its "sell you stuff."
The intentional deception would get them in much deeper trouble to the point that your "what ifs" would be something a company lawyer would stop rather quickly.
This feels like an "you're either with us or you're against us, Amazon B A D"-article.
The central thesis is misleading and wrong because it's NOT "unlimited, direct sharing of your WiFi to whatever Amazon users happen to fall and scrape their knees outside your home because they can't skateboard," it's "likely low-rate connectivity for other Amazon users' devices over Bluetooth or (maybe) Zigbee gated through Echo devices acting as bridges that happen to use WiFi as a backhaul."
Tile does the same thing already with their mobile app over Bluetooth - everyone with the app and BT on participates as a missing tag locator; Amazon is adding Tile into the mix (900 MHz BLE for Tile Pro) for another way to find tags.
Is Amazon going to suddenly allow or support BitTorrent-to-eSATA light dimmers (or some sort of WiFi backdoor)? IDTS. Where's the problem (other than opt-in vs. opt-out)?
PS: I worked in a radio group of a GPS manufacturer at the time when radio modules were in their kindergarten years. 900 MHz of BLE is always going to work better than 2.4 GHz for low rate data because of physics. 900 MHz is awesome.
Where's the sanctimonious outrage at Skype, which is almost entirely p2p?
Tile?
BitTorrent?
ipfs?
i2p?
Bitcoin?
freenet? (LOL, jk)
Or that software/firmware updates are automatic. Oooh! Also that Alexa is recording all the time without your permission. Insert moral panic here. In addition, 99% of IoT "smart" devices will cease operating whenever the company decides to turn off their servers. Where's the outrage and bikeshedding?
You invited Big Brother into your house, and now you're worried about the tiny bit of power and/or bandwidth to help other people find where the dropped their keys?
Do you think that the neighbors' smart light switches are going to go under their wallplates at night and Torrent porn on your precious idle internet connection without paying you 5 cents?
Gimme a break. Opt-out if you really don't want to also benefit from a globally-distributed 900 MHz LR BLE community mesh network.
Skype isn't using your bandwidth for other people's calls.
With Tile, they make it pretty clear that you're joining a network of Bluetooth devices.
As to why you're mentioning P2P protocols like BitTorrent, um... what exactly are you smoking? This has nothing to do with the retroactive opt-out sharing of bandwidth that Amazon is doing.
People don't like it when they buy something and then it suddenly starts exhibiting unadvertised behavior that can only be disabled behind dark patterns. The outrage doesn't exist for those other things because the intention of those things is to share bandwidth.
> Skype isn't using your bandwidth for other people's calls.
Skype used your bandwith for other people's calls for years and years. Look up the old settings on blocking your device from becoming a "supernode". Back in the day as university IT people, we had to set a registry key on all of our windows machines, or they would become the relay server for dozens of international Skype calls.
That feature is no longer part of Skype, but it very much was a thing.
When youʼve left something far behind, like at the beach or the gym, the Find My network — hundreds of millions of iPhone, iPad, and Mac devices around the world — helps track down your AirTag. And itʼs designed to protect your privacy every step of the way.
I wonder if Apple has opt-out/in for the "Find My network?"
Moral panic about something insignificant when they already invited internet-connected cameras and microphones recording 24/7 that self-update and change functionality all of the time into their homes voluntarily. It seems like much a knee-jerk tantrum about nothing, and the same people will love it later when they find their keys or wallet.
Fair point, tbh. A few folks in here are isolating these things to IOT networks. But I get the feeling that a lot of people complaining are the same people that will gladly buy a cheap camera from a random brand off Amazon and just trust it.
So you're planning on just letting this happen on your devices; I get it, too much hassle, etc. No need to try and get others to not opt out if they choose to though, that sounds like a lot of effort for someone who's okay with it. Or are you paid by Amazon to promote it?
> Users can disable Sidewalk in the settings section of the Alexa or Ring apps, but have until 8 June to do so. After that, if they have taken no action, the network will be turned on and their devices will become “Sidewalk Bridges”.
I used to get annoyed every time Amazon would push an OS update to my old Kindle fire only to patch a root exploit I could use to install an up to date Android, but it's probably for the best that they lost me as a customer with their hostile practices.
Anyone know what happens if you don't have a device that supports Sidewalk (I have a really old Alexa) but want to opt out for the future? I don't see the Sidewalk option on the Alexa app.
That Skynet is funnelling data & connections into a network it constructed out of junk electronics it sold under the guise of other functionality, and thus is removing the ability of humans to airgap other Skynet devices? Seems like we're in the middle of the book to me.
Incidentally, how do people working at Amazon and other FAANGs justify their cooperation or even direct role in BigTech's onward march toward total control and saturation and its use of abusive and coercive practices? I'm sure many of them frequent HN. I'm sure many on HN would like to hear what they have to say.
All the outrage here seems funny for me, many people here work for tech who are "pioneers" in data sniffing.
They're all enablers in their own companies, but get offended when another company does it.
They just become silent watchers.
I once had a argument with a googler who said. We think a lot before doing something, so what we do is always the best. Results are always like something like above. We in the tech zone have some weird arrogance.
Everyone shares the LTE network... And nobody cares. The fact you pay $90/month and someone else who pays just $40/month might be taking some of your bandwidth probably hadn't even crossed your mind.
Yet ask people to share WiFi and suddenly its totally unacceptable. "This is my bandwidth, I paid for it, nobody else can have any!"
So the opt-out period is only only one week, and I presumably won't be able to opt out later?
I don't own any of these devices, but if I want to have the option to buy one later but not have it be a sidewalk bridge, I guess I have to download the Alexa app and... oh in order to opt out, I have to log in to the Alexa app with my Amazon account, and in order to log in, I have to agree to:
- Alexa Terms of Use
- Amazon Conditions of Use
- Amazon Privacy Notice
- Children's Privacy Disclosure
- Amazon Prime Terms
- Amazon Music Terms of Use
- Kindle Store Terms of Use
- Audible Service Conditions of Use
- Amazon Dash Replenishment Terms of Use
- Amazon Kids+ Terms & Conditions (F/K/A FreeTime Unlimited)
- Amazon PHotos Terms of Use
- Amazon Device Terms of Use
- IMDb Legal Information
- Amazon Video Terms of Use
(all are links to legelese documents)
... I'll just commit today to never buying any of those sidewalk devices in the future.
https://www.tomsguide.com/reference/what-is-amazon-sidewalk
Added to my list for the next time I'm on the phone with my parents, for our (weekly at this point) how-to sessions on "stopping the industry I work in from spying on you". I really, really wish product managers would understand the kind of ecosystem they're building, and the kind of customer blow-back they will enable by optimizing for $$$ under the guise of "making things easier".
Side question: what problem does Amazon thinks this solves? Bad connectivity experiences for Ring users?
Edit: changed the link to a better guide linked elsewhere in the thread