You Need to Opt Out of Amazon Sidewalk

Illustration for article titled You Need to Opt Out of Amazon Sidewalk
Photo: Victoria Song/Gizmodo

Have you heard of Amazon Sidewalk? Probably not. But there is a good chance that you or someone you know has an Amazon Echo or Ring camera. And if you own one of those devices and live in the U.S. (or know someone who does), you need to tell them to opt-out of the service as soon as possible.

What is Amazon Sidewalk? The feature was quietly announced late last year and again at this year’s fall hardware event. In a nutshell, it’s a sort of secondary, shared network for certain connected Amazon devices. The idea is it uses Echo and Ring devices as a bridge to extend connectivity over longer distances. So, say your internet goes down and thus renders your outdoor Ring security camera useless. Not an issue with Sidewalk—you can just tap into a neighbor’s Echo or Ring device. Because, oh yeah, Sidewalk pilfers a small portion of your bandwidth that then gets lumped together with other Echo and Ring devices in your vicinity to create this separate network. In total, Amazon says that the monthly data it will “borrow” is capped at 500 MB, or roughly the equivalent of streaming 10 minutes of high definition video.

Advertisement

Earlier today, I was one of many people who received an email from Amazon saying that Sidewalk’s launch was “coming to [my] Echo device later this year.” I knew what Sidewalk was, mainly because I’m a gadget reviewer and I recently wrote up the fourth-generation Amazon Echo. Still, the email bugged me. While Amazon was quick to give the general gist of what Sidewalk does, it didn’t spell out what security and privacy precautions Amazon was taking to make sure this secondary network wouldn’t be easily exploited. Instead, it was framed as me, an Echo owner, donating a “small portion” of my internet bandwidth to provide a service to my neighbors. Oh, and in a throwaway sentence near the end, the email said that Amazon Sidewalk would be enabled by default on all supported Echo and Ring devices linked to my account.

On Amazon’s Sidewalk FAQ, there’s a bit more detail, including a comprehensive list of devices that can act as Sidewalk Bridges (but not devices that are Sidewalk-enabled). The FAQ also provides a link to a more detailed whitepaper on the privacy and security used by Sidewalk. TL;DR—Amazon says Sidewalk uses three layers of encryption, and you will never know what other Sidewalk devices are connected to your devices.

You’d forgive some of us for being incredibly skeptical. Perhaps it has something to do with the fact that just last year, Gizmodo was able to map Amazon’s home surveillance network, revealing the possible locations of tens of thousands of Ring cameras across 15 U.S. cities via the Neighbors app. Or the fact Vice and Gizmodo both found instances of hackers breaking into Ring cameras, ultimately leading to a class-action lawsuit. Or, the fact that initially, Amazon did not explicitly state in its privacy policy that humans may listen to voice recordings collected by Echo Devices. Maybe it’s remembering that a Portland couple once learned their Echo had recorded a private conversation and sent it to a colleague due to misinterpreted background noise.

What about that white paper? The one where Amazon goes into great detail about its privacy and security measures? At the end of the day, that’s a white paper written and commissioned by Amazon. Of course, Amazon is going to tell you that it’s done everything in its power to make sure Sidewalk is private and secure. They might not even be lying about that. But there are talented hackers out there who, given enough time, would likely find a way to exploit a potentially gigantic secondary network that gives them access to a wide swath of homes.

Advertisement

Obviously, the success of Amazon Sidewalk will depend on how many people opt in, because even Amazon has learned it has to provide opt-outs or risk another round of bad press. But even if only a small fraction of users opts in, that’s terrifying. Smarthome devices already have a bad rap when it comes to security. Remember the Mirai botnet malware? In the case of Amazon Sidewalk, you are not only trusting that this network Amazon is building out isn’t vulnerable, but also that users will stay current on relevant security patches and that if risks are exposed by third-party security researchers, that Amazon will respond in a timely and transparent manner. You are essentially trusting Amazon—a company known for some shitty practices—to do you a solid.

As AI activist Liz Sullivan tweeted last year, “Amazon is building the infrastructure to monitor us all. It won’t be long before they package mesh routers into Ring devices to increase the footprint of access. What’s really sad is that they’ll profit from this, while the public eats it up as ‘just another cool gadget.’”

Advertisement

The easiest thing to do is not buy into the Echo or Ring ecosystem. However, there are plenty of reasons why you might want a smart assistant and an Echo in particular. Accessibility for a disabled loved one is one of them. And, when it comes to smart speakers, Pandora’s box is already open. However, Amazon is providing you the option to opt out of Sidewalk—and you should absolutely take it. Sure, it might only take a small portion of users to opt in and enable a privacy nightmare, but you don’t have to be one of them.

To disable the feature, you have to update the Alexa app to its latest version. Once you’ve done that, sign into your Amazon account, then tap More > Settings > Account Settings > Amazon Sidewalk. Once there, do yourself a favor and turn that shit off.

Advertisement

Consumer tech reporter by day, danger noodle by night. No, I'm not the K-Pop star.

Share This Story

Get our `newsletter`

DISCUSSION

rvincent1960
Times up, time to leave!

What the fuck is the point of an “opt out” if they can just force it back on any time they want? Like next time they update the software it turns it back on and then you have to turn it back off again.

This “idea” has real world security and potential cost impacts which means it should absolutely only be an “opt in” only option. FFS, 1/2 a GB could be a shit load of data to someone on a budget plan and god only knows what zero day exploits could spring up on something with this much reach. Just imagine the potential if a hack is found that gives access to a whole neighborhood of Amazon devices!

It’s the kind of thing that should have a huge red banner, with a double check, “are you sure you want to opt in” message to make sure you understand just how much risk you could be in here.