Amazon Sidewalk: Should you opt out?

May 10

There has been a bit of a media frenzy since the announcement of Amazon Sidewalk, the new community communication initiative from Amazon. The pervading opinion has been that everyone should opt-out of this new network because…well, because it’s Amazon.

This is somewhat understandable given a groundswell of support for privacy protection, growing distrust of tech giants in this area, and reports of less-than-ethical behavior around Amazon’s treatment of their employees. But let’s take a breath and look at what Amazon has designed here.

What is Amazon Sidewalk?

Firstly, Sidewalk is not WiFi, and it’s not a data sharing network in any real sense. Instead, it’s a low power, low speed message-sending network based on the 900MHz ISM radio band, but can also use Bluetooth. This band can’t achieve the same data speeds as those frequencies used for WiFi and other smart home protocols, but it is much less prone to interference and obstructions, and thus can have better range. Z-Wave actually operates in this band as well, and for the same reasons, along with many well established radio devices like two-way radios, and the pagers of old.

That increased range and building penetration is key to Sidewalk’s purpose, which is to provide a more reliable way for low-powered devices to be able to send their message traffic where it needs to go. This has various uses, such as being able to place sensors further from the home than WiFi would allow; Having a smart garage door opener or gate opener on a larger property, or in a situation where you can’t get good WiFi signal in that location, weather sensors out in the back yard, or smart lights on a path down the driveway are some conceivable scenarios.

Amazon is also looking to use this network for location-finding, and has announced a device called Fetch which is intended to locate lost dogs using this technology. I’ve seen it compared to what Apple is now doing with their Find-My network and AirTags, and it does have some similarities in that respect. The Alexa app allows you to disable this specific aspect of Sidewalk on your devices if you wish.

If could also provide a way for your SideWalk enabled devices to remain functional in the event your WiFi goes out, as you devices could potentially still communicate using a neighbors internet connection if they have a SideWalk device in range. After all, having your smart lights stop working because of an internet outage is a frustration we can do without.

Doesn’t this mean other people are using my internet?

Yes and No. Because of the nature of the message traffic Sidewalk is designed to carry, the network usage is very small. Amazon is also ensuring things don’t get out of hand by hard limiting combined bandwidth use to 80Kb/s up to a maximum of 500MB per month. That’s the equivalent of a fraction of a single HD video. Given that traffic will be in small chunks spread over time it will effectively be unnoticeable.

More importantly, no one will be on your network and no one can see what Sidewalk devices you have. This is due to Amazon’s security design for Sidewalk which shows a great deal of care and attention to privacy from the ground up. Any individual Sidewalk device you may have will essentially create a secure tunnel through to your internet connection that nothing can see into, and doesn’t give any access to your network or other devices. It’s a virtual wire from the end device, to Amazon’s servers that connects to nothing else.

How does Sidewalk privacy work?

Amazon is employing a collection of well understood technologies to ensure security and privacy over the Sidewalk network. These include things like multi-layered end-to-end encryption, rotating security keys, and time limited routing information.

Every Sidewalk device is issued a unique ID and session key when it is enrolled in the network. This ensures only authorized Sidewalk devices can communicate at all. The session key is used to generate rolling encryption keys for use when sending messages to and from the device, and these are changed every 15 minutes to prevent de-anonymization (figuring out who is talking to whom).

There are four entities involved in any Sidewalk message transfer:

The End device (a light or sensor for example)
A gateway device (a Sidewalk device with permanent power like en Echo or Ring Floodlight cam)
The Amazon Sidewalk Network Server (which handles routing traffic)
The Application server (owned by the maker of the end device that handles what to do with the message).

The encryption keys are used in three separate layers of encryption to ensure that each of these entities only has access to the data that they need to do their job. Ultimately, the message is between the End device and the Application Server that controls it. This could be a Ring Spotlight Cam sending a motion to Ring’s servers. The server takes that message and creates a notification on your smartphone.

Think of each layer like a locked box. The box can be closed and locked by the sender, and only the received of that box has the key. The boxes are placed one inside the other to allow the message to be sent.

The End device creates it’s message and put’s it in the smallest box for the Application Server. It then puts that in a larger box for the Amazon Sidewalk server with the the details of the Application server it needs to go to.
The End device sends the boxes off and a Gateway in the area will accept it.
The Gateway has no idea what’s in the box, it’s job is simply to act as a courier. It puts the box (with the smaller box inside) into another box locked with a separate key held by the Amazon Sidewalk Server. This box contains the ID of the gateway. This is so the Amazon Sidewalk Server knows which gateway to send the reply to. This gets handed to the Amazon Sidewalk server.
Amazon’s server unlocks the outer box and sees it’s from Gateway X. It then unlocks the next box which tells it there is a message from device Y to the application server. It sends the inner box with the message to the correct destination server.
The Application server receives the box and unlocks it, and can then process the message.

This process ensures that at no time can any party see anything about the message or even the parties to it, that it doesn’t need. The Amazon server doesn’t know who owns the devices involved, nor what the message is. The gateway doesn’t know where the message is going or who the sender is. The end device doesn’t know anything about the gateway as it simply broadcasts blindly, so the owner of a Sidewalk device has no information about other people’s devices.

The process is detailed in Amazon’s Sidewalk security white paper, so you can check it out if you need more specifics.

Should I Opt Out?

Amazon’s design is robust and employs all the best practice privacy provisions we should expect of today’s technology. The implementation is where the rubber meets the road, though, and until security analysts can get a good look at it over time we can’t know for sure if it’s been put together properly.

But even so, having the design up front allows us to be sure of the intent, and that appears to be good. Amazon knows this needs to protect their customers or there will be severe blow back, and they want this to succeed.

Ultimately Sidewalk promises significant benefits for end users in terms of reliability and extensibility of our smart devices, but it’s up to individuals as to whether they think Amazon will build it as well as it has been designed.

Sidewalk will only be available in the United States for now, likely due to variations in the allowed use of the 900MHz band in different countries. If you do choose to wait and see, Amazon has given us the means to opt out of the service any time we want.