amazon
- However good and strong your WiFi password is, if an attacker can access your neighbor’s network, they can hack your neighbor’s Alexa and then use it to gain access to your own wireless network.
- A braver attacker could sit outside your house with a hacked Alexa, or an app on their laptop that acts like one, and use it to connect to your Ring doorbell and then attack the other computers on your network.
Amazon sent me an email about their new “Amazon One” service:
Amazon One is a fast, free identity service that allows you to pay using only your palm at all Whole Foods Market, Amazon Fresh, and Amazon Go locations. Your Prime member discounts will be automatically applied when you checkout at Whole Foods Market.
I was raised in an evangelical Christian household, as are somewhere around 25% of Americans. I can say with authority that a huge percentage of the US believes that paying with a “mark” on your hand, or forehead, is a certain indicator that the world as we know it is about to end. I do not believe this. I personally know plenty of people who do.
Things like this from a major brand always surprise me. I find it hard to imagine that the focus groups it surely went past didn’t have at least a few people saying “no, I won’t use this, because it’s literally the work of the Antichrist”.
An Amazon seller tried to bribe me
I bought a suitcase from Amazon, partly because of its good reviews.
The suitcase is alright. It’s not the best I’ve ever seen, but the price was decent and it seems like it should last a while. A couple of weeks later, I got a postcard from the seller offering a bribe. If I sent them proof that I posted a 5-star review, they’d pay me $15.
I followed Amazon’s instructions to report the bribe. No response. I left a review of the suitcase stating that the seller had offered to pay me for a good review. That action did earn a response from Amazon: they deleted it.
If I can’t talk about it on Amazon, I’ll talk about it here. Amazon doesn’t seem to care if sellers are paying for good reviews. They don’t want you talking about it, though. The takeaway is that Amazon’s reviews aren’t trustworthy. If that seller tried to bribe me, they surely paid other customers for their good ratings.
You can do better, Amazon. Your product ratings are a big part of why people buy things from you. If we know they’re literally paid ads, we’d be better off taking our business elsewhere.
Updated 2023-12-26
Same with a travel steamer:
An acquaintance suggested writing the review, cashing in the reward, then updating the review with my genuine thoughts. That’s tempting. I don’t blame anyone who does that. I don’t want a sketchy vendor to be able to say that they’ve paid me for reviews, though.
Surprise eero hardware end-of-life
Amazon is ending software support for 1st generation eero devices at the end of September 2022. That’s fine. You can’t support old hardware forever, and five years is a decent run.
But it’s not OK that I got less than a month’s notice that it was happening, and no email or app notifications. I happened to open the eero app for unrelated reasons and saw a banner telling me my hardware will be obsolete later this month. That’s unacceptably short notice that the hardware is all but dead. Sure, it may keep working for a while, but without security updates or routine bug fixes, it’s not anything I’d want to depend on. If I’d received any other notice whatsoever, I would have been investigating hardware upgrades, reading the various sale emails they’d sent me, and otherwise preparing for the day. Now I have to scramble to fix something that I didn’t know needed fixed, and I don’t appreciate it.
To the folks at eero: this is a managed system. You have my contact information and know what hardware I’m using. This would have been an excellent opportunity for you to let me know about this a few months ago. You could have suggested appropriate hardware upgrades and turned it into a sales opportunity. As your customer, I would have liked that.
Tripping on a Cracked Sidewalk
Amazon Sidewalk is a new project which allows Amazon devices (like Alexa, Ring doorbells, etc.) with different owners to share their Internet connections. In short, your Alexa talks to your neighbor’s Alexa. If your Internet connection goes down, your neighbor’s device will relay messages for your device so that it can keep working. Similarly, if your Ring doorbell is closer to your neighbor’s Alexa than to your own WiFi router, it can send alerts to you through their Alexa.
This is a terrible idea.
This means that a device on your home network — a device you bought and paid for yourself — is letting other devices you don’t control borrow your Internet connection. Amazon claims to have designed this as a secure system, but people in infosec know that a new security protocol written and implemented by a single company is going to be a mess. When (not if, but when) an attacker finds a flaw in the Sidewalk protocol or the devices it runs on, 2 terrible scenarios seem likely to happen:
If you have any Amazon devices, I strongly recommend you follow their instructions to turn off Sidewalk immediately. Because Amazon plans to turn this on for everyone who hasn’t explicitly asked them not to, if you don’t follow those instructions, you’ll be allowing people near your home to use your WiFi. Some owners have claimed that they turned off Sidewalk but that it turned itself back on after a software update. If this happens in my home, I will literally throw our Alexas out in the trash.
Amazon Sidewalk is a solution without a problem. Turn it off. This is a potential disaster in the making.