Read on Twitter
Kinda excited and kinda sad that in my short career as a tech activist, I can now, for the first time, throw up my hands and say “I’ve been talking about this for years!” 
https://twitter.com/mims/status/1390695966681014274
https://twitter.com/mims/status/1390695966681014274
One of my most popular tweets, in fact, was about this. I don’t love sharing it bc some mild factual errors appear due to haste and lack of available info at the time, but for posterity, here it is. Every now and then it resurfaces in my mentions bc (surprise!) people DO care. https://twitter.com/lizjosullivan/status/1177243350283542528
Now with Fewer ErrorsHere’s why I’m still freaking out about Amazon Sidewalk (but not as much about Apple’s tags):
NOTE: There’s still plenty wrong with AirTags but I’ll let @FoxCahn do the talking here: https://www.cnn.com/2021/05/05/tech/airtags-apple-privacy-concerns/index.html
Ok, once more, here’s why Sidewalk bad:
1. Apple’s data claims to be E2E encrypted. If done right, this should prevent your iPhone’s location artifacts from showing up in a court subpoena. Sidewalk, not so much. AMZN is inviting agencies to blow an even bigger hole in the 4A.
1. Apple’s data claims to be E2E encrypted. If done right, this should prevent your iPhone’s location artifacts from showing up in a court subpoena. Sidewalk, not so much. AMZN is inviting agencies to blow an even bigger hole in the 4A.
2. LoRa devices act like regular routers in that they are always in “listen mode”, looking for new devices (phones too) who may want to connect. When devices exchange this info, regardless of whether they connect, it contains some info that MAY be identifiable.
3. MIT students were able to combine these signals (they’re called probe requests) and some fancy data science to map student movements on their campus. https://www.freecodecamp.org/news/tracking-analyzing-over-200-000-peoples-every-step-at-mit-e736a507ddbf/
4. In FACT, this 2017 experiment (as anecdotal as it may be) showed that only 25% of the phones who talked to their hidden listening device used MAC randomization. Meaning 75% of the phones gave the device, WITHOUT CONNECTING, a piece of identifying info: the phone’s unique ID.
6. In the students’ experiment, they “anonymized” the collected data to allay privacy fears. Without that step, for any phone whose probe request was vacuumed up by the device (or now by Amazon), that MAC address would be enough to follow an individual’s movement through the day.
ESPECIALLY if you OWN the ENTIRE, NATIONWIDE network!!
6. Amazon builds carceral tech. They sell to police departments. They have deep relationships with US agencies. There’s nothing stopping them from turning this “bug” into a “feature”.
7. As I’ve said from the start: the privacy concern isn’t just for the people who own these devices, it’s the consequences for those of us without Echos or Rings or what have you. The Amazon Carceral Network™ is there and it might see us, whether we want it to, or not.
