On June 8, Amazon is rolling out Sidewalk, its mesh network designed to amplify its hardware ecosystem by improving device setup, range, and wi-fi reliability. Amazon device owners will be automatically enrolled. While they can opt out, privacy advocates worry the default opted-in approach will push people into an untested network.

What is Amazon’s Sidewalk Network?

Amazon Sidewalk creates a low-bandwidth network that pools a small portion of your internet bandwidth to increase connectivity and range. This allows smart home devices to create a bridge between your WiFi and one another. For example, if your Ring doorbell is barely within your WiFi range, but your Echo device is in between, Ring can use Sidewalk to stay connected.

Compatible devices include Alexa, Echo, Ring security cams, outdoor lights, motion sensors, and Tile tracking devices. To give an idea of scale, Amazon had sold over 100 million Alexa-powered devices alone as of 2019.

The good

Extended device range through a distributed network

Device owners contribute a small portion of their internet bandwidth to create a larger network that can improve device performance, both inside and outside the home. Sidewalk simplifies setting up new devices, extends the working range of devices, and helps devices stay online.

Minimal data usage

Amazon limits the total monthly data used by Sidewalk to reduce the chances of degraded home network performance. It’s capped at 500MB, which is roughly equivalent to streaming 10 minutes of high definition video.

The bad

Users are opted in by default

To create an effective mesh network, Amazon needs as many devices as possible to contribute. Taking advantage of human psychology, Amazon has decided to automatically enable Sidewalk on every capable device, knowing that people rarely change the default settings.

If suddenly my devices can connect to my neighbor’s networks, or vice versa, it seems reasonable to make this opt-in. However Amazon puts the burden of education and action on the customer to explicitly opt out, hoping that the majority of people will be too lazy to bother.

The network’s privacy and security remain largely untested

Amazon has anticipated and acknowledged security concerns — Sidewalk has three layers of encryption and Amazon argues they protect customer privacy by limiting the amount and type of metadata shared and clearing routing information every 24 hours.

However, the network has not been tested on a large scale.

Privacy experts worry about sharing location data and connecting highly sensitive and personal devices like cameras and speakers to such a vast, unproven network.

Widely used Wi-Fi and Bluetooth technologies have had plenty of serious security vulnerabilities, from hackers bypassing firewalls to remote attacks to losing confidential data. So we should take potential risks seriously.

The risky

Automatically participating in a massive data collection network

Big Tech has a wealth of data on each and every one of us, from our location, phone calls, emails, contacts, browsing history, and more.

Amazon in particular knows who knocks on our doors, what we say with family and friends, and what we buy.

An independent privacy researcher warns us: “In addition to capturing everyone’s shopping habits (from amazon.com) and their internet activity (as AWS is one of the most dominant web hosting services)… now they are also effectively becoming a global ISP with a flick of a switch, all without even having to lay a single foot of fiber.”

Automatically allowing Amazon to collect our encrypted data and funnel it into a vast network outside of our home opens us up to additional risk and vulnerability. It seems that a shift of this magnitude should require extensive testing and explicit consumer consent.

Business and design reflections

Amazon has clearly anticipated privacy concerns surrounding Sidewalk, and their documentation repeatedly asserts that “preserving customer privacy and security is foundational to how we’ve built Amazon Sidewalk”. They’ve even written an entire white paper around privacy. But despite their apparent conviction, they’ve chosen to make it opt out…which is a telling.

This calculated decision clearly puts business above privacy. They purposely put the burden on the customer to educate themselves and manually opt out if desired.

In contrast, Apple’s iOS 14.5 update requires users to explicitly grant permission for apps to track and share their data across apps or websites owned by other companies. By mid-May, the daily opt-in rate was only 6% of US users and 15% of world-wide users.

Clearly providing more transparency and explicit control around privacy can change customers’ behavior.

If Amazon has written an entire whitepaper espousing how security and privacy are integral to the development of Sidewalk, why don’t they trust the value and merits of Sidewalk to convince customers to join?

Only time will tell if Amazon is making the right decision. At least they recognize that privacy and security are fundamental considerations, but we’ll see if more testing and rigorous evaluation was necessary. Hacks and data breaches have increased, with recent attacks on oil pipelines and meat production. While Sidewalk will bring value, Amazon should be confident and forthcoming enough to let their customers make an informed decision.

Like this article? Join my email list.