7 votes

The bullshit economy: Amazon Sidewalk

5 comments

  1. [5]
    Bullmaestro
    Link
    I think there's far greater concerns with Amazon Sidewalk, or similar ideas like ISPs wanting to turn their customers' internet routers into public wi-fi hotspots... There was an article I saw...

    I think there's far greater concerns with Amazon Sidewalk, or similar ideas like ISPs wanting to turn their customers' internet routers into public wi-fi hotspots...

    There was an article I saw posted on /r/UnitedKingdom a few weeks ago about a family who came under police investigation last year because somebody used their internet connection to upload child porn. The ordeal they went through to clear their name and the turmoil of restrictions they went under, like not being able to approach their child's school, having work devices confiscated by the NCA, etc, sounds harrowing. Imagine having to tell your boss that your work laptop has been seized because the cops think you've been touching kids.

    What happens if someone dodgy ends up using your connection to do illegal stuff and you have no control over it because your ISP decided it was best to pimp out your router as a public wi-fi hotspot, or because a service like Amazon Sidewalk allowed them to use your internet connection? Do you then get arrested by the cops and charged because the activity came from your IP address?

    4 votes
    1. [3]
      knocklessmonster
      Link Parent
      The Sidewalk network, like similar systems already in use by many American ISPs, is a separate network than your home network. The case you mentioned happened because of an unsecured private...

      The Sidewalk network, like similar systems already in use by many American ISPs, is a separate network than your home network. The case you mentioned happened because of an unsecured private network.

      What these systems do is run the shared "public" network as a separate network. No traffic through this separate network will be your responsibility, as you are not in charge of managing it. That specific case was difficult because they had to demonstrate it was not them through their own network.

      I don't think any company should be forcing this on users, but I'm far more comfortable with an ISP doing it than a company known for its surveillance practices like Amazon.

      4 votes
      1. [2]
        balooga
        Link Parent
        How exactly would a third party attribute Sidewalk traffic to the Sidewalk network? Is there something unique about those packets that differentiates them from non-sidewalk packets? They're all...

        How exactly would a third party attribute Sidewalk traffic to the Sidewalk network? Is there something unique about those packets that differentiates them from non-sidewalk packets? They're all coming from the same public IP address regardless.

        If there is some distinguishing characteristic, I'm sure lots of people would be interested in spoofing it to get some of that sweet, sweet plausible deniability.

        1 vote
        1. knocklessmonster
          (edited )
          Link Parent
          This article does a better job explaining it than I can Basically, your device uses BLE (Bluetooth Low Energy) to send data to a Sidwalk-enabled device, who sends it to Amazon, who send it to a...

          How exactly would a third party attribute Sidewalk traffic to the Sidewalk network?

          This article does a better job explaining it than I can

          Basically, your device uses BLE (Bluetooth Low Energy) to send data to a Sidwalk-enabled device, who sends it to Amazon, who send it to a third party app server (or maybe just an Amazon app server). At each step of the way they can track each packet, and each packet will have to have identifying data to authenticate your access to the applications you're using.

          If there is some distinguishing characteristic, I'm sure lots of people would be interested in spoofing it to get some of that sweet, sweet plausible deniability.

          I'd imagine somebody could do it, but I think it'll be something largely restricted to lab researchers publishing interesting papers.

          I was slightly wrong because I thought Sidewalk was a WiFi system, but it's BLE. Same rules apply, though: There's still, ideally, a chain of data accountability, especially considering the authentication requirement for a Sidewalk device to send data to the Sidewalk network. The important originating device is the owner's device, and linked account info, not the IP address like that poor soul in Britain.

          3 votes
    2. pycrust
      Link Parent
      That's totally insane. I think there are two aspects to Sidewalk - the security aspect, of which you mention there are far greater threats, and the economic aspect, which the article focuses on....

      That's totally insane. I think there are two aspects to Sidewalk - the security aspect, of which you mention there are far greater threats, and the economic aspect, which the article focuses on. From a security standpoint, I totally agree, Sidewalk is a minimal issue. From an economic aspect though, it's bananas that Amazon can just piggyback off of wifi from nearby neighbors.