 If you use Alexa, Echo, or any other Amazon device, you have only 10 days to opt-out of an experiment that leaves your personal privacy and security hanging in the balance. On June 8, the merchant, Web host, and entertainment behemoth will automatically enroll the devices in Amazon Sidewalk. The new wireless mesh service will share a small slice of your Internet bandwidth with nearby neighbors who don’t have connectivity and help you to their bandwidth when you don’t have a connection. By default, Amazon devices including Alexa, Echo, Ring, security cams, outdoor lights, motion sensors, and Tile trackers will enroll in the system. And since only a tiny fraction of people take the time to change default settings, that means millions of people will be co-opted into the program whether they know anything about it or not. The Amazon webpage linked above says Sidewalk "is currently only available in the US." Amazon has published a white paper detailing the technical underpinnings and service terms that it says will protect the privacy and security of this bold undertaking. To be fair, the paper is fairly comprehensive, and so far no one has pointed out specific flaws that undermine the encryption or other safeguards being put in place. But there are enough theoretical risks to give users pause. Wireless technologies like Wi-Fi and Bluetooth have a history of being insecure. Remember WEP, the encryption scheme that protected Wi-Fi traffic from being monitored by nearby parties? It was widely used for four years before researchers exposed flaws that made decrypting data relatively easy for attackers. WPA, the technology that replaced WEP, is much more robust, but it also has a checkered history. Bluetooth has had its share of similar vulnerabilities over the years, too, either in the Bluetooth standard or in the way it’s implemented in various products. If industry-standard wireless technologies have such a poor track record, why are we to believe a proprietary wireless scheme will have one that’s any better? Next, consider the wealth of intimate details Amazon devices are privy to. They see who knocks on our doors, and in some homes, they peer into our living rooms. They hear the conversations we’re having with friends and family. They control locks and other security systems in our home. Extending the reach of all this encrypted data to the sidewalk and living rooms of neighbors requires a level of confidence that’s not warranted for a technology that’s never seen widespread testing. Last, let’s not forget who’s providing this new way for everyone to share and share-alike. As independent privacy researcher Ashkan Soltani puts it: “In addition to capturing everyone’s shopping habits (from amazon.com) and their internet activity (as AWS is one of the most dominant web hosting services)... now they are also effectively becoming a global ISP with a flick of a switch, all without even having to lay a single foot of fiber.” Amazon’s decision to make Sidewalk an opt-out service rather than an opt-in one is also telling. The company knows the only chance of the service gaining critical mass is to turn it on by default, so that’s what it’s doing. Learn more at OUR FORUM.
 Newly unredacted documents in a lawsuit against Google reveal that the company's own executives and engineers knew just how difficult the company had made it for smartphone users to keep their location data private. Google continued collecting location data even when users turned off various location-sharing settings, made popular privacy settings harder to find, and even pressured LG and other phone makers into hiding settings precisely because users liked them, according to the documents. Jack Menzel, a former vice president overseeing Google Maps, admitted during a deposition that the only way Google wouldn't be able to figure out a user's home and work locations is if that person intentionally threw Google off the trail by setting their home and work addresses as some other random locations. Jen Chai, a Google senior product manager in charge of location services, didn't know how the company's complex web of privacy settings interacted with each other, according to the documents. Google and LG did not respond to requests for comment on this story. The documents are part of a lawsuit brought against Google by the Arizona attorney general's office last year, which accused the company of illegally collecting location data from smartphone users even after they opted out. A judge ordered new sections of the documents to be unredacted last week in response to a request by trade groups Digital Content Next and News Media Alliance, which argued that it was in the public's interest to know and that Google was using its legal resources to suppress scrutiny of its data collection practices. The unsealed versions of the documents paint an even more detailed picture of how Google obscured its data collection techniques, confusing not just its users but also its own employees. Google uses a variety of avenues to collect user location data, according to the documents, including WiFi and even third-party apps not affiliated with Google, forcing users to share their data in order to use those apps or, in some cases, even connect their phones to WiFi. "So there is no way to give a third-party app your location and not Google?" one employee said, according to the documents, adding: "This doesn't sound like something we would want on the front page of the [New York Times]." When Google tested versions of its Android operating system that made privacy settings easier to find, users took advantage of them, which Google viewed as a "problem," according to the documents. To solve that problem, Google then sought to bury those settings deeper within the settings menu. Google also tried to convince smartphone makers to hide location settings "through active misrepresentations and/or concealment, suppression, or omission of facts" — that is, data Google had to show that users were using those settings — "in order to assuage [manufacturers'] privacy concerns." Google employees appeared to recognize that users were frustrated by the company's aggressive data collection practices, potentially hurting its business. More details can be found on OUR FORUM.
 When I first started using the Internet, it wasn't that far removed from its Arpanet ancestor. When I was at school, I could connect with it at a blazing fast 10 Megabits per second (Mbps) over Ethernet. From home or on the road I could only hook up at 300 bits per second (BPS) using both a TI Silent 700 paper terminal with its acoustic coupler or from a CP/M computer using a Hayes Smartmodem 300. It was great in its day, but it was never fast enough. Today, I have a cable internet connection that, in theory, can get up to 1 Gigabit per second (Gbps). It's still not fast enough. That's because back then all I was working with was text and even that was limited to 25 lines with 80 columns per line. It's a different story now. Today, I do video conferencing, watch 4K TV shows and movies, and pour gigabytes of data across the net. I really can use a Gbps connection. But what about you? Your local Internet service providers (ISP) will happily give you recommendations on their websites, but keep in mind they want to sell you more bandwidth. ISPs can also mislead you about what they can actually deliver. Over the years, I've been told by ISPs they could hook me up with connections they literally physically couldn't deliver. And let's not even talk about their speed guarantees, which more often than not are wishful thinking. So, here's a good list of what you're probably doing on the net and how much bandwidth you need to do the tasks without wanting to tear your hair out. For example, right now, my partner is streaming the 4K TV show Shadow and Bone. I'm backing up my video archives, which run to terabytes of data, to my remote Nextcloud server while checking e-mail in the background and looking at websites. In a few minutes, I'll be at a work video conference. So, altogether, I'm currently using 100Mbps. You must also keep in mind that what ISPs promise they'll deliver in the way of bandwidth often isn't what you get. For example, the Federal Trade Commission, along with law enforcement agencies from six states, recently sued Frontier Communications, alleging that the company didn't provide many consumers with the internet speeds it promised them. And, adding insult to injury, the company charged many of them for more expensive and higher-speed service than was actually provided. In my experience, this is all too common. According to AllConnect, a company that helps users find the best telecommunication deals, "15% of internet users, or 45 million people, are getting less than their advertised speeds." Of those, "Fiber and cable internet have the biggest gap – with most people getting, on average, about 55% of the speeds they pay for." Even if you are paying for high bandwidth, you may not always get it. ISPs often throttle your service if you're a "heavy" internet user or during "times of high traffic." To see if this is happening to you, run a speed test, and note the results. Then download and turn on a good virtual private network (VPN). Usually, your numbers will be less when you're running a VPN. Security comes at a performance cost. But, if you get better speed with a VPN, odds are you're being throttled. Finally, if you really aren't getting enough bandwidth with your current plan and you have no other options, I hate to say it, but you can always pay for a higher-level plan to get the speed you really need. If you do have a choice of ISPs and internet delivery technologies, I recommend, in this order, the following connection types: Fiber, the fastest of the fast; cable, can be good on downstream speeds, but tends to be much slower on upstream; and LEO satellite and 5G internet are both good, but they're still in their teething stages and their performance can be erratic. Then, there are the connections I can't recommend, but if you have no other choice in the matter, well then you have no other choice. DSL, when you can still get it, is decent with real-world speeds in the double-digit Mbps down and single-digit Mbps up. But AT&T is getting out of the DSL business so you can no longer get it. If your DSL connection goes out, I've had AT&T customers tell me Ma Bell won't fix it. Traditional satellite internet companies, HughesNet and Viasat are better than nothing if you live out in the country. But their download speeds max out, in my experience, at 30Mbps. Upload speeds are stuck around 3Mbps. The real killer though is the latency. With 300 to 500 milliseconds between pressing a key and seeing a result, video gaming and conferencing are next to impossible to pull off. Both services have data caps that will slow your down speeds to about 3Mbps if you use too much data. Get better informed by visiting OUR FORUM. |
Latest Articles
|