Amazon announced its controversial “Sidewalk” platform nearly two years ago, but most of you probably missed the announcement and the uproar it caused as we were consequently distracted by the mother of all distractions in 2020. Now that we are all starting to stumble into the daylight like hermits emerging from a cave, Amazon is taking advantage of our befuddlement and online shopping addictions to roll out Sidewalk for realsies. On June 8th 2021, unless you specifically opt-out, your Amazon devices like Ring doorbells and security cameras, and the various smart-speaker/screen devices like Dot and Echo, will be automatically enrolled in Amazon’s ambitious effort to bring better network connectivity to your neighborhood. But what is it actually doing?
What is Sidewalk and why should you care?
In a nutshell, Amazon is leveraging the absolutely gigantic install base of Echos, Dots, Rings and Tiles to create what amounts to a vast mesh network. Depending on your training and professional interests, your reaction to this may vary from the “Awesome, maybe my Ring doorbell won’t keep falling off the internet,” (average homeowner reaction) to “This seems like a very bad idea,” (average security/technology consultant reaction). If you were concerned about Sidewalk bogarting your bandwidth, according their specs, it should be skimming a very small amount off the top which, unless you are on very constrained bandwidth (DSL is still the only choice in many neighborhoods believe it or not!), should not even be noticeable. From a security standpoint, Amazon seems to have its head on straight, again at least on paper, about how they are keeping the data transmissions encrypted and separate from your data. Huge caveat on this one – just because a bunch of engineers say something is safe now, does not make it so forever, as we have seen numerous network standards get dismantled and abandoned as dangerous flaws are discovered.
The big concern should be what else Amazon will be doing on the Sidewalk network. In case you hadn’t guessed it, they will be gathering data. An absolute monstrous amount of data on thousands and thousands of households, neighborhoods, camera feeds, pet walking routes, delivery times, recipe requests, song playlists, etc. All of it tagged with geolocation and numerous other telemetry points that give Amazon (and its data customers) an absolutely staggering market advantage. Depending on your leanings and privacy concerns, this may be of no big concern, or perhaps you’ve decided that Amazon gets enough of your dollars already and as such are not deserving of any more of your data than you’ve already sacrificed on the online shopping altar. If this is the case, then disabling Sidewalk is as simple as (wait for it) using your Alexa app to turn it off. Yes, this is like using the stones to destroy the stones. At least you can just delete the Alexa app after installing it to turn off Sidewalk. Until our government decides it’s time to regulate business use of our private data, it will be up to the average household to draw the line in the ongoing privacy war. Which side will you be on?
Even if you haven’t read the seminal novel 1984 in many decades, you will surely recall the omnipresent “Big Brother” and the even more haunting reminder/warning that “Big Brother is watching you.” Rather than actually representing a single person (or even celestial being) readers quickly come to realize Big Brother is the result of countless numbers of citizens informing on their family, friends and neighbors in service of the Party “groupthink“. Fast forward to the present, where, believe it or not, Big Brother is watching and listening, but maybe not quite in the way Orwell had originally imagined.
“Alexa! Play doubleplusgood prolefeed!“
Most of you have come to accept that devices like Amazon’s smart speakers, Echo and it’s petite sibling, Dot, are always listening, ostensibly to be able to snap to action the second you shout, “Alexa!” But what you might not realize (or remember) is that Amazon is recording and keeping a copy of everything the device hears after you speak the trigger word. Depending on how cynical I’ve made you about technology over the years, this may or may not come as a surprise to you, and if you’ve been reading this blog for any length of time, I even wrote about this nearly three years ago. Despite very clearly dancing on knife-edge of child-protection laws in 2016, regulation has not halted or even slowed the proliferation of millions of eavesdropping, smart-devices.
If you are curious about what your own Alexa-powered smart speaker has recorded in your private home or office, have a look at http://www.amazon.com/alexaprivacy. Fortunately for our house, most of these recordings consist of teenagers ironically asking Alexa to play Despacito, our family belting out the lyrics to various Queen anthems, and desperate searches for recipes based on the contents of pantries ravaged by previously mentioned teenagers. More importantly, despite living with someone who is a staunch advocate of privacy and who has made no effort to hide that fact, our family has obviously agreed to give up some of that privacy for the (sometimes meager) convenience and amusement the device offers. We also have a Ring doorbell on our porch and have also opted into sharing some of that video footage (at our discretion) with our neighbors, again potentially sacrificing some privacy in trade for a technologically amplified neighborhood watch.
Each person and family must decide how much privacy they are willing to sacrifice in exchange for security, and keep a very watchful eye for the point at which the sacrifice escalates from privacy to the abrogation of personal freedoms. Though we aren’t explicitly told how Orwell’s Oceania transformed into the nightmarish surveillance state, it’s easy to see how they got there. The seductive lure of convenience and personal gratification is a sure-fire way to gradually erode personal privacy and security without raising an eyebrow, just as sure and slow as a stream carving a grand canyon.
A lot of my friends and colleagues are always surprised that I don’t have more gadgets around my house, especially items like Amazon’s Alexa or Google Home, seeing as I am a long-time customer of both mega-companies and utilize many of their services on a daily basis. Those of you who have been paying attention know that I’m pretty keen on privacy, and have also seen me write on the topic time and time again, mostly because companies like the aforementioned sometimes have trouble respecting our right to privacy. It’s not that I have something to hide, it’s that I am very specific about what I want to share, and that does not include sharing private family conversations with a work acquaintance, which seems to be what happened to a Seattle couple via their Amazon Echo device.
Entre nous becomes menage a trois
What many fail to truly understand is that in order for any voice-activated device to work, it must always be listening to everyone nearby, waiting for its moment to shine. In the case of the incident mentioned above, the Echo device thought it heard its vocal trigger, “Alexa” (or something phonetically similar) woke up, heard another trigger, “Send a message,” which caused to start recording what it thought was a legitimate message, which it then dutifully sent on to the unintended recipient. The couple had no idea their conversation was recorded and were only clued in when the unintentional eavesdropper called them to warn them about the incident.
How many times has your phone (iPhone or Android) self-activated because it thought it heard its vocal cue? Mine does this about 2-3 times a month, mainly because it hears (or thinks it hears) me saying “OK” and “Google” all the time, when in fact, I’m just having a conversation with someone nearby. It’s even self-activated because of audio from a podcast or song, which is really weird and creepy sometimes. Hackers have demonstrated the ability to completely compromise late model devices, and it’s a known intelligence exploit to compromise surveillance subject phones explicitly for the purposes of turning on the microphone as the ultimate audio bug. We carry these devices everywhere, and now they are in our most private spaces. It’s just you and me, and the internet now.
For those of you who haven’t seen the Amazon Echo in action yet, it can be quite an eye opener. We are quickly converging on an environment that was not long ago considered science fiction. The Echo can quietly sit in the corner of your room, waiting for anyone in the family to give it a command, whether it’s to play some music, check the weather or order something from (surprise surprise!) Amazon. It’s also a perfect example of technology racing ahead of the law, and unlike the ongoing controversy around email and ECPA, the stakes are much higher because of who is allegedly at risk: our children. I’ll admit that this may seem a bit melodramatic, but the Guardian US isn’t wrong when pointing out that Echo and other products like it (think Apple’s Siri and Google Now) might actually be in violation of COPPA. For those of you in the room who are not lawyers, this is the Children’s Online Privacy & Protection Act of 1998 which, among many things, prohibits the recording and storage of a child’s voice without explicit permission of their parents or legal guardian.
What this means for you:
Even though I am a parent of young child for whom COPPA was enacted to protect, it hasn’t been too hard to suppress the urge to disconnect and discard every voice-activated, internet-connected device we own (which would be quite a few, including my daughter’s precious iPad). As with many technology items that dance on the edge of privacy invasion, I weigh the convenience and value they bring against the loss of privacy and security they inherently pose. I do see the problems technology like this presents: thousands (possibly millions) of parents set down products like Echo and Siri right in front of their children precisely because using them is simple and intuitive, and in the case of Echo, they are actually designed for use by everyone in the family. However, most people probably don’t realize that today’s voice recognition technology relies on pushing recordings of voice commands to the cloud where they are cataloged and processed to improve algorithms. Not only do those recordings store our children’s voices, they are also thick with meta data like marketing preferences, “Alexa, how much does that toy cost?” and location data, “Alexa, where is the nearest ice cream shop?” I’m pretty sure none of us gave explicit permission to Apple before allowing our kids to use Siri on their iPads and iPhones. If you were to adhere to a strict interpretation of COPPA, Apple, Amazon and Google (as well as many others) have an FTC violation on their hands that could cost them as much as $16,000 per incident.
As for your Echo (or smartphone or tablet) – only you should judge whether it’s an actual risk to your child. For the moment, the law is unclear, and knowing our government, likely to remain so long after the buying public makes up its own mind.
As if having your Windows computer files and iPhone being held for ransom wasn’t bad enough, Android-based devices can now “enjoy” that ignominious fate as well. Security researchers are reporting that hundreds of Android devices, primarily in Russia and the Ukraine are being infected by a Trojan called “Pletor” which can do just like it’s Windows based counterparts: the victims were tricked into installing the trojan by fake websites, apps and games, and once the victim’s content is encrypted, the trojan demands a ransom of approximately $30-35 USD to unlock the data.
What this means for you:
Though it has happened before, it’s still extremely rare for a Trojan like the above to make it through the screening process that Google performs on all the apps that are available through the Google Play store, and even if one does, it’s pulled quickly. Google can even reach out retroactively to affected phones to remove the harmful app. That being said, it’s not hard to “side-load” apps on Android devices, which is primarily the way Android malware spreads. The easiest way to keep your Android devices safe: don’t side-load apps. Only install apps published through Google’s Play Store. Keep in mind, for everything not a Kindle Fire, installing apps from Amazon’s App Store is considered side-loading, and should only be done if you really know what you are doing. And if you just can’t live without side-loading apps, make sure you don’t store any important information on your device, and keep it well away from sensitive business data. The more risky your activities are on the device, the more likely it is that device will get compromised.
Earlier this year, CEO Thorsten Heins of beleaguered tech company BlackBerry infamously stated, “In five years I don’t think there’ll be a reason to have a tablet anymore.” The press had a field day with this quote and the explosive growth of tablets in 2013 alone seems to be proving otherwise. As if to rub Mr. Heins’ and other tablet-doomsayer’s faces in it, October is seeing the launch of multiple new tablets, including new lineups from Microsoft, Nokia and Apple, all essentially debuting on the same day.
Apple dominated the American media on Oct 22 with the debut of “the lightest full-sized tablet” on the market, the iPad Air, weighing in at a diminutive single pound. It also updated the wildly popular iPad Mini with its high-resolution “Retina” display, bringing the 7″ tablet up to par with competing models from Google and Amazon. In an attempt to not be out-done (and sadly not quite succeeding in that effort), Nokia announced its first tablet today as well. The Lumia 2520 will run Microsoft’s Windows RT, a move that analysts questioned given the tepid consumer response to Microsoft’s tablet OS, but is not unexpected in light of the Redmond tech-giant’s recent acquisition of Nokia’s hardware business. Not wanting to be left out of the tablet party, Microsoft held its own midnight release event on Oct 21 at its retail stores around the country to celebrate the arrival of the Surface 2. Despite loud music, flashy displays and enthusiastic staff, the Surface 2 launch parties seemed to be (unsurprisingly) sparsely attended.
What this means for you:
If you’ve been holding off on buying a tablet for some reason, the market is currently overflowing with choices, and many of them are very strong on features and backed by staunch developer support and healthy ecosystems, notably the iOS and Android family of products. Though many are saying it’s too early to tell, the Windows RT and Windows 8 tablets have a stiff, uphill climb in the market, something that is keeping developers away from the OS, leaving Microsoft’s app marketplace relatively barren compared to the competition. There’s been a minor stir of interest in the Surface tablets from the arts industry, primarily because of the hardware’s robust pressure sensitivity, but unless you have a specific use case in mind, I’d steer clear of the Windows tablets for now. If you’ve been concerned about the size and weight of the 10″ tablets (very hard to use as bedtime readers or if you spend any time as a standing commuter) you can’t go wrong with a 7″ tablet from either Apple, Google or Amazon, all of which now feature high-definition screens, robust app stores and great portability.
Proving that sometimes our Congress people come by their paychecks honestly, a bi-partisan privacy caucus led by Joe Barton (Rep. TX) sent a list of questions to Google’s CEO Larry Page, asking him point blank about several privacy issues, including whether or not Google would allow the use of facial recognition technology on the device.
Supposedly, Google has maintained from the start that facial recognition would never be implemented without “strong privacy protections in place.” In a Google+ post Friday, they reiterated this position and stated that Google “…won’t be approving any facial recognition Glassware at this time.”
What this means for you:
By default, Android OS-based devices can only install software via Google’s Play store. Software distributed via Play must go through Google’s approval process, much like apps on Apple’s iTunes store, so you can assume that Google will be true to their word and prevent distribution of facial recognition apps simply by not approving them. However, unlike iPhones, many versions of Android allow “sideloading” of apps with a simple settings change. Sideloading in the Android ecosystem is well established – Amazon.com has an app store that requires sideloading to be enabled, and instructions for enabling this capability are easily found on their website and many, many others.
Bottom line: this is yet another Pandora’s box that won’t be closed. Facial recognition is a reality, and portable, undetectable devices capable of performing this function are only a step away from today’s consumer technology. Technology (and scientific progress in general) advances despite legal or cultural ramifications. One could argue that society only advances in light of controversial technologies like Google Glass. We are only beginning to glimpse the potential of an always connected and much less private world. Google Glass is only one step in a long, uphill climb.
Shoppers enjoy online purchasing for a variety of reasons, but the lack of sales tax is probably highest on that list of perks. That may soon change due to a revamped Internet Tax bill re-introduced last week on the Senate floor, and one which could be voted on as early as this week. The “Marketplace Fairness Act“, penned by Sentor Mike Enzi (R., Wyoming), essentially requires any internet business with more than $1M in online sales to collect taxes on the US’s estimated 9600 state and local taxing authorities, something that brick-and-mortar businesses don’t have to do, even if sales come from across state lines (and presumably through channels other than the internet). Opponents of this bill state that this places an unfair burden on smaller internet businesses, as calculating and processing taxes for nearly ten-thousand different localities presents a logistical nightmare with which even large companies struggle. Obviously, brick-and-mortar companies back this bill, especially the big ones – Wal-Mart is a vocal backer, but even online retail giant, Amazon.com has thrown in their support. It may surprise no one that they have a dog in this race – Amazon offers a subscription-based tax-processing service to online retailers.
What this means for you:
If you sell more than $1 million in taxable goods on the internet to customers in the United States, you might need to look at some serious upgrades for your online store in the near future. On top of the huge headache this creates for your website administrator and programmers, this may also complicate your shopping cart process, and your customers may be in for a shock when they discover that their online shopping isn’t paying off like it used to. Opponents say that this bill will throw a wet-blanket on online shopping, and could be a huge damper on the struggling American economy. The bill hasn’t been made law yet – but it may behoove you to find out where your local government representative stands on this issue.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net. Note: image has been digitally altered by Chris Woo.
According to analyst IDC, Android-based smartphones account for three out of every 4 phones sold worldwide in Q3 2012. As anticipated, this expansion of the market has also prompted a surge in fraudulent apps being developed and installed on phones. Security firm F-Secure reports a 10X increase in the number of distinct malware apps detected in the marketplace, finding over 50k apps this quarter alone. Most of these apps appear to be making their debut on 3rd party apps stores outside of the US looser security standards allow the malware to slip into the marketplace undetected.
What this means for you:
Earlier this year, Google implemented a security review process on its official “Play” store, reducing the number of fraudulent apps significantly. However, unlike the iPhone ecosystem, which locks users into only getting apps through its tightly controlled and reviewed iTunes appstore, Androids can bypass the Google’s official appstore to “sideload” apps on their smartphones via a single checkbox setting that is available in the operating system. Just because you can do something doesn’t mean you should. With the possible exception of Amazon’s App Store, I would not recommend installing apps from any 3rd party app store. Amazon.com led the way in sideloading by announcing their own appstore in early 2011, primarily as a means to avoid paying distribution fees to Google to service their own Android-based Kindle devices. Given that keeping their user base safe is probably of utmost concern, it’s likely that Amazon will be carefully reviewing apps distributed through their ecosystem.
If you insist on sideloading apps from a 3rd party app store, make sure you know what you are doing, review the apps carefully, and when in doubt, do your research before installing that magical app that will do it all, and is also free. It may not cost you any money up front, but the longterm damage to your security and identity may be a cost you can’t afford.
As anticipated, Apple announced the much-rumoured iPad Mini in a press conference on Tuesday in San Jose, CA. Measuring 7.9″ diagonally, the new tablet is just slightly larger than Amazon’s Kindle Fire, Google’s Nexus 7 and several other Android-based models that have preceded the Mini by as much as a year. Former CEO Steve Jobs was known for his contempt of the 7″ form-factor, but as Apple’s dominance of the tablet space has eroded over the past year, the Cupertino technology company has decided to field a 7″ horse in the race in an attempt to regain some lost ground. Wall Street, however voted its ambivalence to the move by selling off Apple shares moments after the announcement, dropping shares by as much as $20 in the days trading, citing the Mini as evidence that Apple has lost sight of what people really want, which is less choices, not more. Shareholders may have also been disgruntled by the announcement of a new revision of the latest iPad model featuring the new, compact data connector and a faster processor, “obsoleting” it’s 3rd generation iPad after only 7 months.
What this means for you:
If you’ve held out this long on buying an iPad, it probably wasn’t because it was “too big.” Most folks who did think the 10″ iPad was too big have already bought a 7″ Kindle, Fire or Android-based tablet and are more than likely firmly embedded in that devices ecosystem. Many tech-heavy households are also likely to have an iPad as well, so adding another tablet to the mix is probably not in the cards for the majority of consumers. Corporate buyers who were already reluctant to invest in iPads aren’t any more likely to buy a 7″ version, and instead will be watching the arrival of Microsoft’s Surface tablet very closely, as should you if you’ve not already made your tablet investment. If, somehow, you’ve managed to not buy any sort of tablet device, and find your smartphone is just a bit too small for reading or casual video watching, the iPad Mini may be a gentle gateway into the world of tablet computing. The 7″ form-factor is very portable and bag friendly, and big enough for personal entertainment, especially in crowded places such as planes, buses and the backseats of cars. Keep in mind: if you are used to the weight of the black and white Kindles that Apple’s new Mini is heavier, not only physically, but will also weigh twice as much on your wallet.
- 1
- 2