PSA If you have Amazon devices, you may want to opt out of Amazon Sidewalk

If you own any one of a number of Amazon devices, and are in the US, you have just over a week to opt out of a feature the company calls Amazon Sidewalk, to avoid potential security and privacy issues …

Amazon Sidewalk will automatically be switched on as of June 8, unless you opt out. The company has announced it rather quietly.

What it does is allow your devices to connect to your neighbor’s Wi-Fi, and to allow your neighbor’s devices to connect to yours – all without exchanging passwords.

Amazon Sidewalk is a shared network that helps devices like Amazon Echo devices, Ring Security Cams, outdoor lights, motion sensors, and Tile trackers work better at home and beyond the front door. When enabled, Sidewalk can unlock unique benefits for your device, support other Sidewalk devices in your community, and even locate pets or lost items.

Amazon Sidewalk creates a low-bandwidth network with the help of Sidewalk Bridge devices including select Echo and Ring devices. These Bridge devices share a small portion of your internet bandwidth which is pooled together to provide these services to you and your neighbors. And when more neighbors participate, the network becomes even stronger.

Amazon says that it has designed the system with privacy in mind.

Sidewalk protects customer privacy by limiting the amount and type of metadata that Amazon needs to receive from Sidewalk endpoints to manage the network. For example, Sidewalk needs to know an endpoint’s Sidewalk-ID to authenticate the endpoint before allowing the gateway to route the endpoint’s packets on the network. Sidewalk also tracks a gateway’s usage to ensure bandwidth caps are not exceeded and latency is minimized on a customer’s private network.

Information customers would deem sensitive, like the contents of a packet sent over the Sidewalk network, is not seen by Sidewalk; only the intended destinations (the endpoint and application server) possess the keys required to access this information. Sidewalk’s design also ensures that owners of Sidewalk gateways do not have access to the contents of the packet from endpoints (they do not own) that use their bandwidth. Similarly, endpoint owners do not have access to gateway information. The Sidewalk Network Server continuously “rolls”, or changes transmission IDs (TX-ID) and Sidewalk Gateway IDs every 15 minutes to prevent tracking devices and associating a device to a specific user.

All the same, I’d echo the ArsTechnica cautionary note.

There are enough theoretical risks to give users pause. Wireless technologies like Wi-Fi and Bluetooth have a history of being insecure. Remember WEP, the encryption scheme that protected Wi-Fi traffic from being monitored by nearby parties? It was widely used for four years before researchers exposed flaws that made decrypting data relatively easy for attackers. WPA, the technology that replaced WEP, is much more robust, but it also has a checkered history […]

Consider the wealth of intimate details Amazon devices are privy to. They see who knocks on our doors, and in some homes they peer into our living rooms. They hear the conversations we’re having with friends and family. They control locks and other security systems in our home. Extending the reach of all this encrypted data to the sidewalk and living rooms of neighbors requires a level of confidence that’s not warranted for a technology that’s never seen widespread testing.

How to opt out of Amazon Sidewalk

  1. Open the Alexa app
  2. More > Settings > Account Settings > Amazon Sidewalk > Off

If you don’t, your devices will be automatically enrolled on June 8. At the time of writing, the feature is US-only, so no action is needed in other countries.