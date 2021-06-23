



Just before the long weekend at the end of May, Amazon announced the release of the Sidewalk mesh network. There are many misconceptions about what it is and what it does, so this article unravels some confusion.

It’s not internet sharing

Much of the coverage of Amazon Sidewalk states that it forces sharing of internet or WiFi networks. It doesn’t. A network for connecting home automation devices such as smart light switches in a more flexible way. Amazonis opens the network to its partners. The first partner is a tile tracker.

Sidewalks can use the internet for some functions, but generally not. If so, Amazon limits its speed to 80 kilobits per second, or 8 kilobytes per second. This is only about 50% more than the modems we used to use. There is also a monthly limit of 500 MB. This is less than 2 hours at 80kbps for the entire month. To be clear: it’s not going to interfere with your streaming, video calls, or anything else. The average web page size is over 2 megabytes and it takes more than 4 minutes to download at that speed.

So what is a sidewalk?

Sidewalk is primarily a mesh network for home automation devices such as Alexas smart device features, Google Home and Apple HomeKit. This mesh network can cover areas where your home network is unstable. To build an ecosystem, people embed their devices into this mesh network.

The first partner to integrate with Sidewalk is the tile tracker tag. On the sidewalk, you can use tile tags beyond the normal Bluetooth range. Sidewalk uses Bluetooth, WiFi, and 900MHz radio to interconnect mesh networks. There are other partner companies. This is important for understanding Amazon Sidewalk meshes, not just Amazon. Other companies create devices that act as entities in the network, as devices like smart light switches or hubs like echo and ring devices.

Anyway, what is a mesh network?

Let’s say you want to send a birthday card to Alice. I live next to you and you know I work with Alice. Instead of sending the card by mail, you may want to give Alice a card to bring. When I went to work, I came across Bob sitting next to Alice, so I gave him the card. I gave him the card.

It’s a mesh network. People’s web delivers messages in an ad hoc way and saves your postage. In particular, mesh networks work without explicit infrastructure or servers.

How does Amazon Sidewalk use meshes?

Suppose you have an Alexa-controlled light in your bedroom, but WiFi is unstable. If you use Alexa to turn lights on or off, the command may not run. Also, let’s assume that WiFi from a neighbor’s house is more powerful than WiFi in that bedroom. Now, what if your Alexa uses your neighbor’s WiFi instead when your WiFi doesn’t handle your commands? That’s what Amazon Sidewalk does with a very simple mesh, from Alexa to your neighbor’s WiFi and lights.

Let’s extend that example. Let’s say you’re out for a walk in your neighborhood and you realize you haven’t turned off the lights. Press the button on your smartphone to turn off the lamp. Your phone passes the message to a nearby house, perhaps a house across the street, which passes the message to another house, and it’s almost the same way your birthday card arrived at Alice. You will reach your ramp.

In some situations, Sidewalk may not be able to route messages through the mesh. Instead, you need to send the message to the Internet and then back from the Internet to the mesh network near the destination.

The Sidewalk documentation we saw does not contain details of the mesh routing algorithm, such as how messages are routed through the mesh, when and why messages enter and leave the Internet. So I don’t know how it works. When Sidewalk tries to send a message without using the internet, the message is expected to be small and relatively rare. This is because bandwidth adjustments and total data caps are not required near this limit. We don’t know how hard it is trying and how successful it is.

What about sidewalk privacy and security?

Amazon describes Sidewalk’s privacy and security in its privacy and security white paper. Amazon also has an overview, blog posts about goals, IoT integration sites, and SDK developer documentation.

It doesn’t go into the details of the Sidewalk protocol, but it looks promising about encrypted security and privacy measures. So is the routing sketch. It seems to have some good security and privacy protection. Of course, the proof is in the details and the final implementation. Amazon has a reasonable track record of designing, building, and updating the security and privacy of AWS and related technologies. It is in their interest to severely limit mesh network participants from learning about other participants, so leaks found by researchers can be bugs.

What’s the bad news?

There are many concerns about sidewalks.

Amazon failed the announcement

Most of the articles about Sidewalk focused on network sharing, but did not explain that this is a community mesh network of home automation and related technologies. At least a more recent article that stopped talking about Internet sharing talks about wireless (WiFi) sharing instead. It was difficult to understand what the sidewalk was and what it wasn’t. At the end of our investigation, we also don’t know that it was done correctly. Amazon needs to do a much better job to tell us what the new system will do.

To be fair, this is difficult! Mesh networks are not widely used for wireless communications due to the difficulty of implementing the technology. Nonetheless, this is why Amazon spends more time explaining what Sidewalk is.

Lots of missing details

Amazon has published some great overviews, white papers, and even API descriptions, but there’s still a lot you don’t know about Sidewalk. For example, I don’t know the details of security and privacy measures. Similarly, I don’t know what the mesh routing algorithm is. Therefore, there is no independent analysis of sidewalks.

In addition, although I like Sidewalks’ security sketches, it is inevitable to transfer information to Amazon, such as the IDs of devices on the new network. I’m not sure if there is any other transfer of information to the participating device, or Amazon can guess.

Because it’s that V1 system, it’s buggy

The first description of privacy and security shows that attention was paid to the design of Sidewalk, a version 1 system. Therefore, there are bugs in the protocol and software. Also, Sidewalk-compatible devices and software created by Amazon and its partners have bugs that haven’t been written yet. Early adoption of new technology has the advantage of being fast and the risk of being fast.

There is no mitigation of abuse

Sidewalk is designed for security and privacy, but not for mitigating abuse. This is an obvious hole.

The Amazon White Paper on Sidewalks provides examples of how to use your pet if you lose it. The first Sidewalk partner is the Tile tracker. We all sympathize with the missing pet and wonder where he put the key, but any system that can track the pet can be a stalker. Therefore, Sidewalk creates new opportunities for people to stalk their families, ex-romantic partners, friends, neighbors, colleagues and more. Simply drop the tracker into your purse or car and you’ll be able to track it. This is our main criticism of Sidewalk, and for fairness, Tile says they are working on a solution. This is also our criticism of Apples AirTags. Sidewalk amplifies the existing risk of rogue trackers by extending the reach of all Echo or Ring cameras participating in the Sidewalk network. If the sidewalk system is not properly controlled, estranged spouses, ex-roommates, and nosy neighbors can use them to spy from anywhere in the world.

We are also concerned about how Amazon will connect the new Sidewalk technology to one of the most controversial products, the Ring Home Doorbell Closed Camera. For example, if ring cameras are interconnected by Sidewalk technology, they can form a video surveillance system for the entire neighborhood.

Amazon’s white paper shows that security and privacy are pretty good, but Amazon is silent about this type of abuse scenario. Indeed, their pet use cases are a proxy for abuse. We are worried that we may not know what we do not know about the entire ecosystem.

Opt-out instead of opt-in

Perhaps the most important principle in designing with respect is user consent. People need to be autonomous and free to choose whether to use technology and whether other entities can process their personal information. The opt-in system has a much lower participation rate than the opt-out system. This is because most people are unaware of the system and its settings or don’t spend time changing settings.

Therefore, the default is important. By opting out of Sidewalk instead of opt-in, Amazon is expanding its network at the expense of giving users real control over its technology.

For sidewalks, the information security costs of those who are pushed into the system until they opt out can be relatively low. The main risk is the effect of system bugs. Its low risk, but no risk.

If Amazon opted in to the new system, we might not have written about it at all. It would have been traded for slow growth due to fewer complaints.

How can I turn off the sidewalk?

After reading this, if you decide you don’t want to use Sidewalk, you can easily turn it off.

Amazon has a page with instructions on how to turn off Sidewalk. If you don’t use Alexa, Echo, or Ring, you don’t use Sidewalk at all, so you don’t have to worry about turning it off.

Lack of abuse mitigation and design opt-out are the biggest drawbacks of Sidewalk.

The Amazons Sidewalk system is a mesh network that uses Echo devices and ring cameras to improve the reach and reliability of partner systems such as home automation systems and Tiles trackers. As some have reported, this is not an internet sharing system. Its design is privacy friendly and seems to have excellent security. This is a brand new system, so it has bugs.

The main problem is that there are no mitigations to prevent people from misusing it, such as tracking others. Another problem is that Amazon puts the burden of opt-out on users rather than imposing the system on them and giving them the opportunity to opt in with respect for their autonomy.

