Amazon recently announced the launch of a new service: Amazon Sidewalk which appears to have caused quite a stir. The tech giant has come under fire for the way it has rolled out the new service, amid concerns regarding user privacy and security.

Let’s briefly review the service to decide whether it is a useful new feature or a cause for concern.

What is Amazon Sidewalk?

The first thing to note is that at present the service has only launched in the US. Obviously, it could be expanded to other regions at a later date, so users from other regions may also wish to continue reading.

Secondly, the service has been launched on an opt out basis, meaning if users do nothing they will automatically become a member the new service.

So what is Amazon Sidewalk?

The purpose of Sidewalk is to link tens of millions of Amazon and Ring smart devices (see list below) in order extend their range and improve their connectivity. By linking the devices together, Amazon will create new proprietary neighbourhood-wide networks where smart devices will be able to communicate even when a users WiFi service is poor or unavailable. So, in theory, if your broadband goes down at home, your Alexa, smart doorbell or security camera would still be able to operate thanks to its connection to other Sidewalk-enabled devices in your neighbourhood (up to 500m).

To achieve this, a small portion of a users home broadband connection will be dedicated to maintain connectivity to the Sidewalk network and allow Sidewalk enabled devices in the neighbourhood to communicate. The bandwidth used by the service is quite low and is capped at 500mb per month and 80kbps bandwidth at any given time. To put this into perspective this is roughly the same amount of bandwidth needed to stream 10 minutes of high definition video.

Amazon were quick to point out in their Whitepaper that although the Sidewalk network will use a portion of a users home broadband connection, the devices that use the network do not have access to the users WiFi network or data. Likewise, a users home WiFi network does not have access to neighbouring smart devices or data.

Finally, Amazon claim to have carefully designed privacy protections into how Sidewalk collects, stores, and uses data and metadata. Data sent and received on the Sidewalk network is protected using three layers of encryption, similar to how the Onion Router network works.

Affected devices

Compatible devices which can participate in Amazon Sidewalk are called a Sidewalk Bridge and include:

Amazon

  • Echo (2nd generation onwards)
  • Echo Dot (all)
  • Echo Plus (all)
  • Echo Show (all)
  • Echo Spot (BLE only)
  • Echo Studio (BLE only)

Ring

  • Floodlight Cam (BLE only)
  • Spotlight Cam (BLE only)

My Thoughts

  • Reading the Documentation provided by Amazon you do get a sense that they have carefully designed security and privacy protections into how Sidewalk collects, stores, and uses data and metadata. However, Sidewalk and the supported devices are not open-source, meaning users have to basically trust Amazon that the system works as advertised and does not have any undocumented weaknesses.

  • Secondly, the auto opt-in approach Amazon has used is disappointing. Many users will not take the time to investigate the service and will simply do nothing. In essence, they will fail to grasp the impact of the option and will automatically become members of the service. A service such as this will only work if there is high take up by users. Amazon know this, and appear to be leveraging this to their advantage.

  • Thirdly, the fact these devices can be automatically updated with new services that are activated unless the user intervenes shows that users are not in full control of their devices. Ultimately, Amazon are dictating how users should use their devices.

  • Finally, while the service appears to be secure at present there is potential for problems down the line. For example, if Amazon’s update process was compromised in the future an attacker could easily perform malicious changes to the devices without the user knowing. Also, since the new Sidewalk network will be running as a background service users will not be actively monitoring what the devices are doing. If a future vulnerability was found and exploited by hackers malware or viruses could spread very quickly across the tens of millions of devices using the Sidewalk network.

Conclusion

Having reviewed what Amazon Sidewalk is, and how it works, we can now try to answer our original question:

Is Amazon Sidewalk safe or should I opt out?

Having read the Whitepaper provided by Amazon it would appear that the Sidewalk Network is safe to use (for now). Of course, this does require us to trust Amazon that the system works as advertised and does not have any undocumented weaknesses.

The biggest danger I see with Amazon Sidewalk is not so much what it is now, but what it could become. Amazon could add undesirable features in the future which may go unnoticed by users. Also, if hacked, the service could easily become the new stomping ground for the next IoT botnet.

The decision to opt out is a moot point for me. I do not, nor ever intend to, own one of the devices on the list. Take that as a cue.