Amazon Devices Will Soon Automatically Share Your Internet With Neighbors (arstechnica.com) 182
If you use Alexa, Echo, or any other Amazon device, you have just over a week to opt out of an experiment that leaves your personal privacy and security hanging in the balance. From a report: On June 8, the merchant, Web host, and entertainment behemoth will automatically enroll the devices in Amazon Sidewalk. The new wireless mesh service will share a small slice of your Internet bandwidth with nearby neighbors who don't have connectivity and help you to their bandwidth when you don't have a connection.
By default, Amazon devices including Alexa, Echo, Ring, security cams, outdoor lights, motion sensors, and Tile trackers will enroll in the system. And since only a tiny fraction of people take the time to change default settings, that means millions of people will be co-opted into the program whether they know anything about it or not. The Amazon webpage linked above says Sidewalk "is currently only available in the US." [...] Amazon has published a white paper detailing the technical underpinnings and service terms that it says will protect the privacy and security of this bold undertaking. To be fair, the paper is fairly comprehensive, and so far no one has pointed out specific flaws that undermine the encryption or other safeguards being put in place. But there are enough theoretical risks to give users pause.
By default, Amazon devices including Alexa, Echo, Ring, security cams, outdoor lights, motion sensors, and Tile trackers will enroll in the system. And since only a tiny fraction of people take the time to change default settings, that means millions of people will be co-opted into the program whether they know anything about it or not. The Amazon webpage linked above says Sidewalk "is currently only available in the US." [...] Amazon has published a white paper detailing the technical underpinnings and service terms that it says will protect the privacy and security of this bold undertaking. To be fair, the paper is fairly comprehensive, and so far no one has pointed out specific flaws that undermine the encryption or other safeguards being put in place. But there are enough theoretical risks to give users pause.
Tile trackers? (Score:2)
How is that supposed to even work?
Re:Tile trackers? (Score:5, Informative)
Mesh network, 900MHz devices. Basically the idea is, if the device isn't able to reach YOUR home router, but it can see your neighbor's router, it can connect through it. Think for example, a motion sensor at the far end of your backyard.
Re: (Score:3)
Not quite. If the Tile can't make a good connection to your home router but can reach the neighbor's Ring it will transmit through the Ring to their router.
And this is why.. (Score:5, Informative)
protect the privacy and security? (Score:3)
Privacy policy: "Amazon does not disclose customer information in response to government demands unless we're required to do so to comply with a legally valid and binding order."
That's a much weaker standard than "...to comply with a court order".
Also, they don't say anything about not having contracts with police forces, for example, who are not government.
Re: (Score:2)
Re: (Score:2)
Only Apple and their mesh network for the AirTags, on which a researcher recently showed how anyone can help themselves to your bandwidth?
Re:And this is why.. (Score:5, Informative)
With Comcast, the solution is simple - bring your own hardware.
It saves you money too...
Re: (Score:2, Interesting)
Re: And this is why.. (Score:2)
What the hell does an IP address allotment have to do with cable modem hardware and wireless access points?
My guess is that they are bullshitting you. And I believe that they are legally compelled to allow you to use you own compatible modem hardware, but I am not a lawyer.
Re: (Score:2)
Last time I was on the phone with them I was trying to set prt records and that seemed to be a real issue.
They still do not work right after more than an hour+ of phone calls and waiting, waiting waiting.
Odd they don't have a DIY web interface for setting them like every other ISP I have ever used.
Re: (Score:3, Interesting)
Comcast has literally called me to offer a lower monthly price if I stop using my own hardware and use theirs. Obviously they are getting information and sharing your network to make this worth it.
Re: (Score:2)
Comcast has literally called me to offer a lower monthly price if I stop using my own hardware and use theirs.
Was the offer at least $14 per month lower? Because that's the modem rental fee that Comcast charged before I bought my own Arris SURFboard modem. It ended up paying for itself in a year.
Re: (Score:3)
Had Comcast service for a couple of months, cancelled, and they neglected to send me the box to send their modem back and never charged me for it. Got fed up with shitty DSL and subscribed again, used *their* modem, and they've never charged me again. My neighbor bought the exact same modem at Goodwill for $4, probably another ex-Comcast one.
Re:And this is why.. (Score:5, Informative)
Step one, stop using an ISPs router for routing. Turn the wifi off on it and get a different router. Step two, put linux on that router, dd-wrt, tomato, etc, and your performance and security will be better.
Re: (Score:2)
Or I could just go into the settings and turn it off.
until of course the market is full of consumer-grade garbage that violates your privacy and you have trouble buying a compatible router that doesn't violate privacy and share your network.
Honestly, I'm a bit curious how it's even legal. If someone uses your internet through an Amazon device for something illegal are the pigs going to kick in your door and arrest you for it?
Re: (Score:2)
Well if someone ends up paying fees because they mysteriously greatly exceed their bandwidth cap, I presume Amazon will plead innocent. It's one thing for your ISP, like Comcast, to share your ISP connection with others, but to have a third party do this is very strange.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Step one, stop using an ISPs router for routing.
Or, at least, a wired only one, or one that's just a modem. My Voice/IP cable modem is just a modem, I use my own wired router and separate wireless AP behind the router. At the moment, the AP is on a VLAN so it (and any wireless devices) can only access the WAN. I don't pay extra for my ISP modem 'cause it's required for my landline. (Yes, I also have a landline.)
Re: (Score:2)
Speaking of which, are there any affordable routers that can reliably hit >1GBps on the WAN side?
I may finally be entering the 21st century broadband-wise and it seems like the best option is an old Lenovo or Dell with Core i5 and an Intel NIC. The Netgate hardware can do it but it's ridiculously expensive for models that can route that fast.
Re: (Score:2)
I haven't used anything except my own routers in over 20 years.
Hell, I helped MAKE / WRITE the first router we used (Freesco project - single bootable floppy turns any PC into a Linux-based router).
I went to my parent's house the other day and their wifi was absolutely ABYSMAL. Supposedly multiple times faster than my own and it was just atrocious and unusable. I mean, I know cheap hardware isn't great but this was just worthless.
I hotspotted my 4G phone and instantly got about 20 times the speed and far
Re: (Score:2, Interesting)
We have Fibre to the home, the modem is mine, I have 20+ ISPs I can choose from.
I have 900/400 Mbs uncapped, no port blocking, fixed IP, no traffic shaping, etc etc etc for NZ$ 86 a month (US$ 62 a month).
Re: (Score:3)
Re: (Score:3)
There is an independent board that looks at the wholesale price of fibre, and all ISPs get the same deal. The ISPs differ in what additional services you have (eg free Netflix, Discounted Cell contracts, etc).
This is what's great about having an actual democracy where it is for the PEOPLE, by the PEOPLE.
We also have proportional representation, so a wider range of political views are held.
For a country in the middle of no where, we actually do prett
Re: (Score:2)
I too voted twice in the recent election, although my electorate vote is wasted, as I live in one of the safest National seats in the country, and the current mouth-breather who occupies it will be there until he dies. Probably of auto-erotic asphyxiation.
I am a bit worried about industry capture of the regulator, because we have something of a track record of allowing that to happen.
Re: (Score:2)
Voting does not guarantee that you will get what you want.
I for one will be voting National next election even though I voted Labour last election. Or perhaps I will vote NZ First.
I could not see me ever voting for ACT, I agree with a lot of what the stand for, but find too much other policy repugnant.
Re: (Score:3)
I live in New Zealand.
We have Fibre to the home, the modem is mine, I have 20+ ISPs I can choose from.
I have 900/400 Mbs uncapped, no port blocking, fixed IP, no traffic shaping, etc etc etc for NZ$ 86 a month (US$ 62 a month).
True... but, on the other hand, you have to live in New Zealand.
Oh, wait - New Zealand is pretty nice. That's where all the rich people are putting their buried bunkers. BTW if you guys could take a few thousand more of our rich people, we'd really appreciate it.
Re: (Score:3, Insightful)
Be careful what you wish for with all the rich people taking their money and exiting your economy.
Re: (Score:2)
That's not how their money works. They don't bring big suitcases of it, and now you have it.
Their hoard is still a hoard, it is still in the same places. They didn't "exit [our] economy," if they did that they wouldn't be rich anymore.
The effect on the local economy is the same as if an upper-middle-class person moved; one less residential home (oh, wait, no, they kept that because they use it when the visit family) and a few less restaurant visits.
Re: (Score:2)
BTW if you guys could take a few thousand more of our rich people, we'd really appreciate it.
Be careful what you wish for. The top 1% pay 40% of the taxes that enable your way of life.
Re: (Score:2)
Re: (Score:2)
BTW if you guys could take a few thousand more of our rich people, we'd really appreciate it.
Be careful what you wish for. The top 1% pay 40% of the taxes that enable your way of life.
More pedantically, the 40% is out of the 50% of total taxes. Plus, there is another roughly $1 billion in borrowing. So, the top 1% really contribute about 16% of the federal budget.
Of course, although the average tax rate for the top 1% is somewhere around 27%, there is a wide distribution of individual tax rates. I imagine we want New Zealand to take the ones that pay close to 0%, e.g., Trump and his $750 taxes.
Re: (Score:2)
Uh yeah, because the NZ government dumped billions into the fibre rollout. When you calculate your internet cost, add in part of your taxes.
Re: (Score:2)
And we get far better value for our taxes. So over all, we are still ahead.
Re:And this is why.. (Score:4, Insightful)
And in the US, the ISP's got subsidies in the billions payed for by taxdollars which they pocketed, didn't build out the capacity in any meaningful way, raised the prices and decreased the caps plus they sold any and all information on their customers to anyone asking...
Re: (Score:2)
First one died after 2 years, got a free replacement.
I think in 15 years with my ISP I have had maybe 2 short term outages. (hours).
Re: (Score:2)
Comcast shares my wireless internet with other Comcast customers by default.
At least with Comcast they (at least claim) that the bandwidth used by sharing with other Comcast users does not count against your data cap. In theory, Comcast can tell the difference between your traffic and traffic being shared from your connection by them. So if some other Comcast user is watching kiddie porn, they can tell it's not you. Granted that they may not choose to make that distinction when the cops ask, but technically they could.
With the Amazon scheme, your ISP has no idea (or technical metho
Re: And this is why.. (Score:2)
Re: (Score:2)
Buy your own router and connect its WAN port to one of the LAN ports of the comcast router and then connect your stuff to your own router.
If you already have one of their spying devices (Score:5, Insightful)
Re: (Score:2)
Re: If you already have one of their spying device (Score:2)
Re: (Score:2)
I already commit three felonies a day [amazon.com] . One more isn't that big a deal.
it is time (Score:2)
i want a list of all amazon's domain names, and post it to github
Re: (Score:2)
Not mine (Score:2)
B) If I did, I would go through all the setup screens and not only change the default password, but disable this kinda shit
That said, my sister has a couple of the things and A) They all have default passwords; and B) setup screens? What are those? I plugged them in and they worked. What's your problem?
They'll even share dupes from two weeks ago (Score:2)
I feel as if we just talked about this.
Oh, yes, we did talk about it [slashdot.org], back on the 17th.
I said it there and I'll say it again: Amazon veered hard off-course and into crazy town with this feature. It's so easy to abuse this sort of access for nefarious purposes, and many of us called out several obvious examples of what bad actors could do with a system as open as this one. Even with the bandwidth limits and data caps it has, it's sufficient bandwidth for transmitting 1 minute of 720p footage every 10 minutes
Re: (Score:2)
dupe! (Score:2)
So.... (Score:5, Insightful)
If illegal material is shared, guess who gets slammed with legal charges
(Hint: It won't be Amazon)
Who the fuck wants this? (Score:5, Insightful)
If my internet is down it's because there's a power outage or something, and I expect my neighbors are down, too. The only use for this is random people wandering by to steal bandwidth.
Re: (Score:3)
No, it's a lot more than that. Sidewalk is limited to IoT developers who register with Amazon, buy a specific chipset from them, get a signed cert, and then the encrypted traffic (max 80kbps) is encrypted, decrypted at AWS, and routed to the specific resources that the developer specifies.
Fucking hell, what's happened to SlashDot. There used to be actual techies here.
Good! (Score:4, Insightful)
This is a great way for people to learn to stop trusting the internet of shit.
"new wireless mesh service will (Score:3)
Re: (Score:2)
Iduno if its against the comcast TOS to have this service active, but its for sure against the comcast TOS to get paid for it, as that would turn you into an ISP.
Is it even legal? (Score:2)
Seems like turning this on without active consent may turn out to be illegal in at least some jurisdictions. (Might even qualify as theft depending on the specific laws in effect.) And, for that matter, it may even violate the terms of service from the device owner's ISP and lead to them having their internet disconnected. And then there's the liability quagmire for some random passerby or neighbor doing something illegal on the device owner's internet connection. I'm kind of hoping Amazon gets a major lega
Re: (Score:2)
Seems like turning this on without active consent may turn out to be illegal in at least some jurisdictions
You clicked on that agreement when you installed your Amazon device right? (or you continue to use your Amazon account?) Guess what, you actively consented. Not saying that this is right, but it's how it seems to be.
Re: (Score:2)
You're missing the point. The homeowner has a EULA, T&Cs and AUP with the ISP. Do those ISP agreements permit the homeowner to enter into an agreement with another party to share the bandwidth?
I could see ISPs updating the agreements to prohibit just this kind of sharing without the ISP getting a payoff.
Re: (Score:2)
Do those ISP agreements permit the homeowner to enter into an agreement with another party to share the bandwidth?
Unknown. My point is that you *also* have an EULA with Amazon that says you allow Amazon's devices to talk to each other and share information, including the bandwidth that you have purchased from your ISP. It is certainly a valid question as to what happens if your ISP and Amazon's EULA/TOS are in conflict. I would guess that ultimately the consumer would be on the hook for entering into a second contract that was in conflict with a prior contract, but that is where lawyers make their money...
Re: (Score:2)
IANAL, but I'm pretty sure comcast can sue amazon directly for breach of contract if they coerce customers into breaching their contract with comcast.
Re: (Score:2)
False, did not agree to have them steal bandwidth to give to others.
Re: (Score:2)
False, did not agree to have them steal bandwidth to give to others.
Amazon customers probably did agree to that. I seriously doubt that Amazon didn't consider that and update their EULA/TOS to account for it.
And when your neighbor posts illegal content? (Score:2)
Bad on multiple levels. (Score:5, Insightful)
1. These devices are on the inside of your home network. So they will now eat your home bandwidth which means if you have a data cap you just gave some of it to amazon.
2. Amazon devices are cheap low cost devices. Their whole job in life is to connect to everything and share data with the mother ship. And now you expect this device to securely share your network with random devices?
3. Amazon devices are cheap low cost devices. Which can be easily overloaded with excess traffic. Especially if you have one in wireless range of a lot of other devices. So example an apartment dweller living above a restaurant. Your device could easily be swamped making your home experience garbage. And you are paying for the privilege to give your net and compute to randoms.
And if this is not perfectly clear. SECURITY. A thousands ways this is a security disaster.
Just wait... (Score:2)
Just wait until someone gets their door kicked in by men with guns at 4:30AM and a flashbang grenade thrown in their baby's crib because someone used the 900MHz band to download child porn. This also violates a lot of end user ISP agreements by effectively "sharing" a residential Internet connection so I'm sure some of the ISPs will have a problem with it.
Unfortunately, I'd figure that blocking the Amazon IP addresses at the router effectively breaks the intended functionality of the cameras in the first
don't take the deal you may need to do jail time (Score:2)
don't take the deal you may need to do jail time and wait for your trail but don't take the deal in that case and when amazon can't give the logs you must aquit!
Re: (Score:2)
Devices on sidewalk are not reaching out to open-ended hosts on the internet. They're conversing with AWS services. Trafficking child porn on Sidewalk would be the equivalent to posting illicit content in an S3 bucket- there is a chain of accountability, and it doesn't involve an innocent bystander whose wifi network got volunteered for this 900mhz whispernet.
Re: (Score:2)
Amazon's retort would doubtless be that these people should be opting out or else stop using the devices entirely.
To make an analogy from Amazon's perspective, It isn't the city's fault if you keep blowing the breakers in your house for drawing too much power at one time... figure out how to be compliant with the restrictions you have or pay for the necessary upgrades to your property to support it.
This is really dubious (Score:2)
No known flaws == Secure?!? (Score:3)
So Amazon claims it's secure? What kind of a liability are they accepting for anyone abusing this? If someone uploads illegal content from your internet connection, is there anything in the terms of service that Amazon will provide you with the best lawyers their money can buy to defend you (and cover bail), and if you are in fact found innocent, they will compensate you for all lost income, pain and suffering, and any and all potential future issue stemming from the fact that you were accused in the first place? I doubt it.
They really should make it an opt-in option and offer to pay for the bandwidth. Then each customer who opts in becomes a provider to Amazon, so they know they are taking a risk, perhaps demand Amazon detail exactly who sent what over their Echo.
It's the tracking and data collection, stupid. (Score:2)
-A consumer is puzzled: 'I pulled the plug, how is it still on the internet?'
Usually overblown when all comments are hyperbolic (Score:3)
I've been on the internet long enough to not fall for this "big company bad" clickbait. The guy at arstechnica is trying to get you to read something on a site that is chocked full of ads. The irony is probably lost on most but not me. Just because the media is on the internet doesn't mean its not media.
Anyways this is basically a service where is your neighbors internet is cut their ring camera could hop on yours. We all know wifi can be spotty etc. This is not some guy walking down the street and needs a little extra juice on his phone.
Going to point of calling Amazon a ISP. Bringing the fact that Amazon has your shopping history. Just piling on for the "I'm scared of big tech" crowd to have a "see...I was right! I was right!" moment. You are not special, they don't care about you, there are 100s of millions of us...get over yourself.
Should it be opt-in? Probably, or at least advertised, but its not exactly doomsday here people.
Re: (Score:2, Interesting)
Re: (Score:2)
accountability.
there is more that goes on using the internet than buying stuff.
people that might go to jail for the actions of others.
well.
they might not like it
Re: (Score:3, Insightful)
Re: (Score:2)
Sounds like a personal problem to me.
Re: (Score:3)
It creates an opportunity to sell access to "their" mesh network. (That you're paying to maintain.) "Buy Amazon Prime and get unlimited use of this Amazon Sidewalk access point."
Comcast has been doing the same thing with their routers for years. I tried it once when my phone was out of cell data and someone's router nearby was running it. After you connect to the network, they send you to a landing page to enter your Xfinity account information, or you can click through their ToS to get one free session.
Re:They must really want you online... (Score:4, Interesting)
So I give up 1% of my bandwidth when I have plenty, then I get 1% when I have nothing.
To be honest, that seems like a good deal to me.
1% of a broadband connection is plenty for texting and voice on a mobile device.
Security concern? (Score:2)
Re: (Score:3)
>Does this create an open invite for passers-by to get on your home network?
I have no problem with passers by getting on my home wifi and enjoying a few minutes of interstitial free browsing.
It's segmented off from the inside network of course, but if everyone shared their wifi in this fashion, life would be better.
Re: Security concern? (Score:5, Insightful)
Re: (Score:3)
Presumably if the vendor or ISP is segmenting it off from your network they'd be able to differentiate guest traffic from internal traffic.
Re: (Score:3)
Not to mention some service providers have clauses in their TOS that prevents just this type of sharing.
Re: (Score:2)
problems.
try the transmitting of child pornography thru your i p address.
or threats to political leaders.
then there is the monitoring of your internet activity.
consider banking
Re: (Score:3)
I'm not clear why people think that Amazon is run by morons.
How many times have people been screwed over in the past assuming that a corporation or similarly large organization isn't run by morons?
Trusting people not to be stupid is a recipe for disaster when it comes to security.
Re: (Score:2)
No, this is limited to Amazon devices and strictly to the networks that those devices access (pretty much AWS and nothing else). I suppose you could spoof the MAC of a Tile device, but it's not going to do you any good unless you specifically want to get to whatever resources the Tile actually use for some bizarre reason. Your Ring doorbell has no need to get to SlashDot, so Sidewalk isn't going to route any traffic that way.
Re: (Score:3)
In an ideal world, sure.
But when are your neighbors going to realize they don't have to pay for a net connection because they're getting a good-enough connection 'from Amazon'? You'll end up being the last guy paying for a net connection, and sharing half of it with an entire apartment building.
Re: (Score:2)
So does your browsing just consist of the resources that an Amazon device might use and nothing else? That would be a pretty bizarre use-case. Do you normally browse at 89Kbps? Do you generally only download less than 500 mb of data per month? Your Ring isn't going to be sending traffic to Pornhub no matter what's going on in front of the camera. People have a pretty fundamental disconnect from the reality of how this stuff actually works.
https://www.amazon.com/Amazon-... [amazon.com]
Re: (Score:3)
So I give up 1% of my bandwidth when I have plenty, then I get 1% when I have nothing.
To be honest, that seems like a good deal to me.
It is a good deal; however, was that what you signed up for when you bought the device? Did you even know that was a possibility when you purchased the device?
If there is any anger or controversy here, it is because a device that is putatively (not a real word? Really?!) owned by the person who bought it is being modified by the "person" who sold it. The generosity of the deal is not even a real question at this point.
Re: They must really want you online... (Score:4, Informative)
Re: (Score:3)
This amazon thing works in 900MHz and it's for IoT devices only. You're not getting "full internet access".
Re: (Score:2)
Re: They must really want you online... (Score:3)
Pretty sure I have an album by Excruciating Rectal Emanation somewhere here on red splatter vinyl.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
You won't be able to deal with all of the nasty legal letters because all your computing gear will have been taken away when your placed was searched for kiddie porn.
Comcast already does this on XFinity internet (Score:2)
How is this legal?/allowed?, surely this is a conspiracy for theft of services, computer intrusion laws etc not to mention against your ISP contract which forbids you from doing this, i would of thought the big ISPs would have their lawyers lined up ready, or your RICO police
XFinity will share you bandwidth to other subscribers. Last I checked, you can turn this off and I am a subscriber and any XFinity free WiFi connection seems so glacial, I imagine they're not taking too much of yours. I have mixed feelings about this. It has helped me out of a jam more than once since I have a shitty mobile plan or wanted to connect using a laptop or ipad my shitty mobile plan has a glacial hotspot service. If I am not using it and it's not slowing down my service, I am just paying a tr
Re: Comcast already does this on XFinity internet (Score:2)