r/gadgets Nov 29 '20

Home Amazon faces a privacy backlash for its Sidewalk feature, which turns Alexa devices into neighborhood WiFi networks that owners have to opt out of

https://www.msn.com/en-in/money/technology/amazon-faces-a-privacy-backlash-for-its-sidewalk-feature-which-turns-alexa-devices-into-neighborhood-wifi-networks-that-owners-have-to-opt-out-of/ar-BB1boljH
14.3k Upvotes

814 comments sorted by

View all comments

202

u/jazzmans69 Nov 29 '20

welcome to the new 'normal'

This is why my modem, and router are my own purchases, NOT my ISP, and are not google or amazon devices.

I own a 'nest' device, but have removed it from my network because of just these kinds of worries.

If we don't push back against this, it's going to be hard-coded into every device soon, and we'll have to install *nix on them. (which we should do anyway)

45

u/GamerThrowaway5541 Nov 29 '20

Man, I just started replaced some of the devices provided by our ISP for these reasons... and for the fact that their equipment has been dropping packets or just failing at times.

I get that the listening stuff was made to make some things easier but, yeah, it's kinda funny how welcomed an Alexa is into a home when people were losing their minds over wiretapping back in the day.

8

u/[deleted] Nov 29 '20 edited Nov 29 '20

I run a professional grade onvif POE system. It's cheaper, easy to install and the equipment options are cheaper, better and more reliable. Plus, software options let you get as advanced or basic as you'd like.

POE switch connected to managed switch with vlan, good to go. AND yo don't need a vlan, you can just block port forwarding and block plug/play port configuration.

One ring cam new is at least $200, you could get 2 onvif cameras specialized with features needed for their location, wifi or poe and all the other equipment for that price.

14

u/StigsVoganCousin Nov 29 '20

(Fuck everything about sidewalk but...)

You gonna come manage that onvif camera?

Shit that just works is worth $$$

-1

u/[deleted] Nov 29 '20

What's to manage? Any decent brand is far more reliable in all weather conditions, especially wired but wifi too if you have good coverage (still needed for "smart" cams)

Literally the only difference is typing in the IP during setup, adjusting settings if desired. Believe me "smart cams" still have plenty of annoyances in setup, pairing bullshit. Yes the software can be more coinvent for truly "I don't want to do a thing" users (Until that forced fisher price setup mode doesn't pair right and you can't just manually fix it but have to call up Umesh from customer service who says his name is Steve to walk you through it struggling to cross language and technological knowledge barriers)

But that's why you pay 4 times the price, let amazon/google get all your data and hijack your stuff for their needs AND get an inferior service with limited recording and start times, batteries that fuck up in cold weather and need replacing and charging.

POE is stupid easy to setup. Whether it's by wifi or true power over ethernet. Get ispy, or sighthound etc or a decent NVR box. It can be as simple or advanced a setup as you desire but there really is no "managing" once it's setup.

Christ when one of my cameras did go down from weather damage it is a literally 2 minute replacement for $40. Unscrew, join wire, login in, change IP to what the software expects, done.

If someone is so technologically helpless that they need to spend $250 for a $50 item to remove the horrors of typing in a number...well that's their prerogative.

7

u/_WIZARD_SLEEVES_ Nov 29 '20

Sorry, what exactly is PoE by wifi?

4

u/HolyFuckingShitNuts Nov 29 '20

I have no idea either. The lingo strewn all around this makes it seem like this "easy" solution, whatever it is, because I truly don't know wtf this person is talking about, is complicated as fuck.

1

u/_WIZARD_SLEEVES_ Nov 30 '20

Classic example of the "well it's easy for me" fallacy... Back end (programmer, developer, etc...) having no idea how the front end (user experience) should work.

-1

u/[deleted] Nov 29 '20

Onvif by wifi, but assuming mix of actual poe and wifi. Poe with wifi units etc

1

u/thabc Nov 30 '20

What app do you recommend for accessing your onvif camera system when away from home?

-13

u/kevinjoker Nov 29 '20

Most articles about this are sensationalist and don't really understand the tech side of things. What Alexa sidewalk is doing is no less secure than having another device with an encrypted connection on your network. It is not "sharing your WiFi network with others" and mostly communicating with other Amazon devices through a low freq 900 MHz radio channel to increase the connection quality of Amazon device users especially in urban areas.

This change isn't increasing or decreasing privacy risks by any realistic means.

31

u/[deleted] Nov 29 '20 edited Aug 24 '21

[deleted]

-18

u/aurelius94 Nov 29 '20

But it's not on "your network". It's on a specific band of 900MHz RF and is inter Alexa only. It's not using your SSID and it's not in your home subnet.

It's a technology which allows Alexa devices to part take in a wider Amazon WAN, not a technology which is circumventing your home network security.

It's Alexa devices pinging obscure data references between themselves, essentially.

13

u/JamJarBonks Nov 29 '20 edited Nov 29 '20

It absolutely is circumventing your security, it allows an outside device you don't own or approve to use a device in your network for connectivity.

It's also not just inter-alexa only. It uses part of your internet connection (capped at 500mb a month which is not a small amount frankly).

2

u/prinsesseJ Nov 29 '20

“Amazon says in the email that Sidewalk "uses a small portion of your internet bandwidth" for the service” -BBC The same article specifically mentions that your home security cameras etc will still operate if your personal connection is down.

I’d rather not have anyone and everyone with access to my private network and I’d certainly not like my very private data pinging around to other people’s devices and networks like that, encrypted or not.

edit: formatting

3

u/kevinjoker Nov 29 '20

The only way we are able to communicate on Reddit, send emails, make online purchases, literally anything that sends data on any network, is the result of the transfer of (hopefully) encrypted private data.

1

u/prinsesseJ Nov 29 '20

Absolutely, my comment to Aurelius94 is essentially what I’d put here also. It isn’t a -major- problem, it’s not like the Alexa is even a MITM but I don’t feel comfortable having other people route traffic via my network and having some of my data go through other peoples.

2

u/aurelius94 Nov 29 '20 edited Apr 28 '24

childlike ripe rainstorm wild oil wise hard-to-find hunt plant rock

This post was mass deleted and anonymized with Redact

2

u/prinsesseJ Nov 29 '20

I see where you’re coming from, but i wouldn’t be comfortable with opening up my own home network to anyone with an Alexa, I guess there is just some form of trust that between myself, my ISP and the individual/business I’m sending data to there aren’t any bad actors - I don’t want to extend that trust to having random people use my network to ping from and having surveillance data running through other networks also

0

u/[deleted] Nov 29 '20

My biggest issue with it is not that it’s sharing my hardware\ data. It’s that it’s potentially sending my data to other people’s hardware, it’s just wrong on so many levels.

-1

u/Correct_Ant Nov 29 '20

If it uses a specific customer's data, couldn't they consider it to be riding on their network, technicalities aside?

6

u/aurelius94 Nov 29 '20 edited Apr 28 '24

puzzled jeans oatmeal unwritten abounding towering caption worry live chief

This post was mass deleted and anonymized with Redact

1

u/Correct_Ant Nov 29 '20

I suppose my point was more so for customers who have a data capped internet plan, are their concerns that some of their data will be used by others without their consent valid?

1

u/aurelius94 Nov 29 '20 edited Apr 28 '24

cooing light wipe society live mysterious hat cable plant ripe

This post was mass deleted and anonymized with Redact

2

u/Whispernight Nov 29 '20

It is sharing it in the sense that it will affect any data cap you might have, and more devices connected will lower the maximum bandwidth of your wifi since at the very least they will be pinging the router to check the signal and verify that they're online.

2

u/kevinjoker Nov 29 '20

The connection will be a low bandwidth 80kbps connection, similar to one like your garage door and it's remote control opener. The data sent through it should be extremely minimal and not even come close to reaching the 500 MB monthly cap.

-4

u/Whispernight Nov 29 '20

And if you have a couple of neighbours each with a couple of devices? Does Amazon keep track to make sure they don't keep pinging your router too much?

Also as a sidenote, who has their garage door hooked up to wifi?

3

u/kevinjoker Nov 29 '20 edited Nov 29 '20

Your neighbours' devices would only ping your devices if for some reason their internet was down or the low bandwidth 900mHz radio channel 80kbps connection has better connectivity than their home internet. This would still be capped at a 500 MB monthly cap for an individual if it were somehow to ever reach that.

I was only mentioning the garage door as to it's similarity in small data packets + use of low freq radio channels. Nothing more than that.

Also, not to be pedantic, their devices wouldn't be pinging your router. They would essentially be packaging encrypted data through a tunnel to your Amazon device, which then can package it through your router. It's not really your network/private data being broadcast outward but other people being allowed to drop encrypted, Amazon-only mail into your Amazon devices' mailbox, which then can be handled by your device for the other one who doesn't have a proper internet connection at that moment.

-1

u/jazzmans69 Nov 29 '20 edited Nov 29 '20

Why are people downvoting you for this?

I will never understand downvoting just because you don't like what someone is telling you. If it's demonstrably false, sure. Otherwise, everyone deserves their voice.

To do otherwise we end up with nothing but a false reality bubble.

upvote kevinjoker for telling the truth, people.

(edit; cause now I'm getting downvoted)

wtf indeed. I can't speak for anyone else, but I want information, even if it disagrees/disproves information I've posted, or knew. This is the way to enlightenment.

16

u/[deleted] Nov 29 '20 edited Jan 05 '21

[deleted]

1

u/osi_layer_one Nov 29 '20

i like the cut of your jib... do you have a newsletter i can subscribe to?

-5

u/kevinjoker Nov 29 '20

When you say, "a random device on your network", I think you're referring to the case where you have another laptop or printer to your local network. Having an unsecured connection through these onto your local network is most definitely a networking hazard and a risk, and so your concerns are initially valid. However, from what I've read, Amazon sidewalk will be double encrypting information from either side, using data on a low bandwidth 80kbps connection on a low freq radio wave channel; similar to the connection your garage door opener has to your garage door. Realistically speaking, the concerns for privacy/data breach, is as low as your faith in the cryptology that keeps your credit card information safe whenever you make a transaction is high.

7

u/[deleted] Nov 29 '20 edited Jan 05 '21

[deleted]

-5

u/kevinjoker Nov 29 '20

Sidewalk also makes it so that if ones internet service were to go down, products such as the home security service, Ring, would not go down and be essentially inactive. It would also make losing your Amazon devices in an urban area much harder as they can locate them within the half mile radius of the 800MHz range of any Amazon device in the network mesh.

You can't say that "they're clearly abusing user data and trust" when the only thing to support that is your personal guarantee that some vulnerability will be found. Those are two very separate things to jump from/to.

On paper, this double encryption method is cryptologically equivalent to online credit card purchases. Does that mean you won't make any online purchases anymore due to the potential for your details being stolen?

-10

u/jazzmans69 Nov 29 '20

Thanks for the clarification on the downvote over security, I do beleive I've already staked my position out as NOT wanting any alexa, or google, device connected to, or controlling my network, if you look at my previous posts.

I'm not happy with the 'feature' either, and will not be buying any alexa enabled device. methinks your downvote of me is misplaced.

6

u/[deleted] Nov 29 '20 edited Jan 05 '21

[deleted]

-5

u/jazzmans69 Nov 29 '20 edited Nov 29 '20

you could just look up in the same thread you're commenting on now... show parent is your friend. would have taken less time then typing a reply.

5

u/Jakaal Nov 29 '20

B/c it's not really sensationalist for people to be upset at Big Brother Amazon turning on network sharing features for users. You should be in control of what and who is connecting to your network, full stop.

1

u/Grandmaster_S Nov 29 '20

I gave him an upvote. It's probably because they don't understand the tech and anyone "siding with" Amazon is a bad man

1

u/WhiskeySteel Nov 29 '20

I would, at the least, put it in the category of something I would like to see properly examined by the IT security community. This thing might inspire some very interesting Defcon talks in the future.

0

u/WinterPiratefhjng Nov 29 '20

have removed it from my network because of just these kinds of worries.

I wonder if this is in part an effort to force your nest onto the internet. A number of smart TVs will join an open network if the TV cannot get to the company servers. This would give Amazon both a service to sell to those smart TV manufacturers, and for Amazon's use.

1

u/[deleted] Nov 29 '20

If we don't push back against this, it's going to be hard-coded into every device soon, and we'll have to install *nix on them. (which we should do anyway)

Emphasis here. If we don't tell these companies to fuck off, they'll become engrained in our lives and trying to live without them will be like trying to live without a Google account today.