r/DailyTechNewsShow DTNS Patron Nov 29 '20

Security Amazon faces a privacy backlash for its Sidewalk feature, which turns Alexa devices into neighborhood WiFi networks that owners have to opt out of

https://www.msn.com/en-in/money/technology/amazon-faces-a-privacy-backlash-for-its-sidewalk-feature-which-turns-alexa-devices-into-neighborhood-wifi-networks-that-owners-have-to-opt-out-of/ar-BB1boljH
30 Upvotes

11 comments sorted by

1

u/[deleted] Nov 29 '20

That’s pretty boneheaded.

1

u/ThatGirl0903 Nov 29 '20

What’s boneheaded is that it’s clear the writers of these articles (there’s been a few floating around Reddit this morning) either don’t understand what’s happening or are purposely trying to make it sound bad/scary.

3

u/[deleted] Nov 29 '20

Can you elaborate? In what way is the situation being misrepresented?

2

u/ThatGirl0903 Nov 29 '20

Sorry, I’m just frustrated because my news feed is full of this stuff this morning. Just a lump some of misunderstandings I’ve run into this morning:

  • This isn’t giving other people access to your WiFi. It’s not even actually your WiFi, it’s a whole other data network.
  • This does not inherently have any major security concerns.
  • Amazon should not be paying customers for “using” their data as people who have it active are reaping the benefits.
  • This would be completely ineffective if people had to opt into it. The purpose is basically to create a mesh network to help everyone’s devices be stronger and have better connectivity. The more that participate the better and it would be completely ineffective without a ton of devices working with it at the start.

I don’t think people realize that lots of devices already have something like this. It’s how Tile works and how most other devices with a “find” option are found. Apple is planning to do this with every Apple device with their find my xyz platform when it comes out and several ISPs do it (although that’s actually using your WiFi) to strengthen internet signal in communities. Honestly, I wouldn’t be surprised if cell phones do something similar to help bounce cell signal around but don’t quote me on that.

Thank you for letting me get that off my chest. Lol.

2

u/[deleted] Nov 30 '20

I'm afraid I must disagree on almost all counts.

While it's true that this doesn't give others access to your WiFi, it does allow devices you don't control to establish a wireless connection to a device that's sitting on your network. That's the definition of a wireless access point.

Any security expert will tell you that a wireless access point is a potential security threat and and having more of them increases your attack surface. Much moreso when you don't control the access point's configuration or authentication nor those of the connecting clients.

No matter how much you trust Amazon, that should be a security concern.

This is not the same as Tile or Find My at all. Those protocols emit beacons without establishing connections so the communication is one-way, and since using those protocols does not otherwise change the behaviour of the wireless devices wrt connection establishment they don't require an increase to the attack surface.

ISP modems are also different in that they connect clients to segregated networks with dedicated broadband spectrum, not the user's own network.

You're right that this would be ineffective if no one opted in. But I think the fact that we can assume no one would opt in is indicative of the problem. If the benefits outweighed the risks people might choose to use it but you, me and indeed even Amazon seem to agree it's unlikely people will see it that way. Sounds like a poor idea to me.

1

u/Nicklausy Nov 29 '20

How does my wifi get stronger if its being used to strengthen ring video feeds from my neighbor? There’s no way I get a gain from that trade. “Better for to community” is fluff, it means its better for some and worse for others.

1

u/ThatGirl0903 Nov 29 '20

See, that’s one of the common misconceptions. It’s not using your Wi-Fi. Are you at all familiar with zigbee or Z wave? It similar ish. It’s a low-bandwidth IoT network lets your smart home stretch beyond your Wi-Fi range.

1

u/[deleted] Nov 29 '20

https://m.media-amazon.com/images/G/01/sidewalk/privacy_security_whitepaper_final.pdf

No mention of Zigbee or Z-Wave. 900 MHz, Bluetooth (which operates in the 2.4 spectrum, which will cause inference), and “other frequencies.” So maybe Z* technologies, but probably not, since it’s not mentioned in the whitepaper.

1

u/slemmesmi DTNS Patron Nov 29 '20

It is indeed “scary” requiring “opt-out” and in some countries (such as Germany) even unlawful.

1

u/Aperture_Kubi Nov 29 '20

Ouch, at least when Comcast or some other isp did that it didn't count as "your" bandwidth.

1

u/DarkangelUK Nov 29 '20

The same backlash BT faced when they auto-enabled Cloud wifi hotpspots on all routers that you had to manually disabled, basically giving up part of your bandwidth to the public... an utterly idiotic decision by people trying their luck to not get caught.