Amazon FireTv Cube scares the shit out of me

sploosh , 4 months ago

Don't buy an information vacuum if you don't want your data sucked up. Definitely don't buy multiple generations of information vacuum from the same company.

darkmatternoodlecow , 4 months ago

It's not the "only option", not by a mile. It's just convenient for you to say that it is so you don't feel so bad about giving money to the worst of the evil megacorps.

ad_on_is OP , 4 months ago

alright, what's a 4k hdr alternative then, that supports hdr and dolby vision?

PowerCrazy , 4 months ago

I've been using an intel NUC for like 5 years now. It does 4k no problem.

ad_on_is OP , 4 months ago

yeah, but does it do HDR? I suppose not.

I would love to use my own setup of hardware/software, but it's simply not possible without making sacrifices

PowerCrazy , 4 months ago

Anything that supports HDMI 2.0 or Display Port 1.4 can do HDR. My intel nuc does hdmi 2.0, that was why I bought it. So yes, it does. Stop being a naive consumerist and learn what you are actually consuming.

ad_on_is OP , 4 months ago

https://r-htpc.github.io/wiki/faq#what-is-hdr-video-and-what-do-i-need-to-take-advantage-of-it

DOLBY VISION AND HDR10+ MEDIA PASSTHROUGH IS NOT SUPPORTED ON HTPCS; If you need support for these, you’ll need a media device/non-PC, like a Nvidia Shield, Fire TV, Dune HD, etc..

I did learn a lot about my consumption, and believe me when I say, that I wish my options were broader. But it is how it is. And most of the content I watch is in HDR10+ or DV.

But yeah, everyone's milage may vary.

PowerCrazy , 4 months ago

Media passthrough isn't the same as streaming from the HTPC. IF you look directly above the quote above.

For a HTPC, this means HDR support must be in the video, GPU, video interface (HDMI/DP) and ultimately your output device (typically a TV).
HDR10 is supported on HTPCs under Windows, macOS Catalina, Android and (usually) libreelec/coreelec operating systems. Linux is NOT supported.

So you if you have a HDR10+ source on your IntelNUC, or whatever, you can play that over HDMI 2.0 to a compatible TV without an issue.

ad_on_is OP , 4 months ago

yes, playback might work, but it will fall back to HDR10 or even SDR, since not all metadata is passed through.

So to fully take advantage of hdr10+, dolby vision, 5.1, atmos, and what not... each device in the chain, from the source to the output, and the hdmi cable, have to fully support it.

appel , 4 months ago

What is the purpose of the device? I'm almost certain that there is another option, which is just a small PC running whatever software you need.

MSugarhill , 4 months ago

Probably the same they use for setting up Kindles since ages albeit there was an option to get it iunconfigured too if you want to use it as a present.

7eter , 4 months ago

This is likely part of Frustration-Free Setup.

MinekPo1 , 4 months ago

I mean I get why its a thing but like ew , very uncomfy , ugh

twinnie , 4 months ago

When I set up my Amazon devices there was an option for it to save my WiFi details but I always declined.

Darkassassin07 , 4 months ago

Hmm

Two possibilities:

Is the old device still plugged in while you setup the new one? Perhaps they connected to each other. My previous Samsung phone did this with my new one without prior setup of the 'feature', though after I signed into my Samsung account onnthe new phone.

Or it could have come pre-loaded with data on your account...

I'm not very comfortable with either option really.

__init__ , 4 months ago

Did you order it using your Amazon account? I think they pre-configure them for you unless you say “this is a gift” when ordering.

ad_on_is OP , 4 months ago

yes I did order it with my Amazon account

However, as appreciative as I am for making my setup process easier, I'm also not happy with the fact, that some random dude had access to my device prior to me.

Who says he's not part of some weird group installing miners or bots onto my device causing it to slow down over time?

SomeBoyo , 4 months ago

it's probably automated

4grams , 4 months ago

so much better. Instead of a human seeing it, your personal info is now a part of the amazon machine. IMHO it’s even more terrifying to know it’s automated than it would be if some kid unboxed it off the assembly line and personally typed your shit in off a piece of paper.

God I’m old.

__init__ , 4 months ago

To be fair, if you’re ordering from Amazon, your personal info was already “part of the Amazon machine.”

4grams , 4 months ago

Oh, I know. Was more a reaction to the absurdity of the sentiment that automation was somehow less creepy.

thragtacular , 4 months ago

You have an Amazon account, dude. Amazon already has your fucking information. ALL OF IT. Including things like card numbers, addresses, phone numbers, and your purchasing and viewing habits.

It pulled wifi settings from another Amazon device that you have, most likely.

It also downloaded your fucking information when it accessed the internet.

Do you really think there's some fuckin' rando sitting there doing nothing in an Amazon warehouse until the moment you order this thing, when they just plug it into a server and download your information to it?

No, it connected to your wifi and downloaded it.

Welcome to how almost every single electronic device operates.

If you're worried about miners or bots you shouldn't be purchasing invasive shit to plug into your home network. In fact, you shouldn't even have a home network.

ad_on_is OP , 4 months ago

No, it connected to your wifi and downloaded it.

I know thst, but when and how did it get the wifi info.

Did they automatically flash that onto the device, sealed the box packaged it and delivered it - all within 24hrs.

GlenRambo , 4 months ago

From @7eter below.

"Frustration-Free Setup utilizes a network of helper devices (such as compatible Echo devices, Fire TV devices, routers, or smartphones with certain Amazon apps) that are already connected to the internet to help you set up new devices in fewer steps. When you turn on a new compatible device, helper devices in range can help it connect to your networks and/or to Alexa via wifi, Zigbee, Bluetooth, or Matter."

Darkassassin07 , 4 months ago

In other words: your amazon devices are freely giving your wifi info to any nearby new amazon device regardless of whether you've signed into that new device or not.

Begs the question: What other clearly private info do they give away with 0 auth or verification?

GlenRambo , 4 months ago

"Freely" if you enable the setting as the user posted above.

with 0 auth or verification

The verification still needs one of the devices listed in my post to be active on your wifi to allow the setup and communication.

The auth is likely done by device to device handshake. Its just that there isn't a human involved.

Don't get me wrong I hate Amazon as much as anyone and would never have one of their devices in my home.

But most of the other posts in this thread are missing the technical aspect of the question.

Darkassassin07 , 4 months ago

Depending on a setting being disabled thats more than likely on by default isn't much comfort. Most people won't know about or look for those kinds of settings, especially with the deceptive descriptions often used for features like these.

To be clear, I don't use these devices either; I'm just concerned for those that don't know any better.

The verification still needs one of the devices listed in my post to be active on your wifi to allow the setup and communication.

Yes, that's what I said; your amazon devices are giving away your wifi info to new devices. As in once you've allowed an amazon device onto your network, any new device can add itself to that network via your existing device without your input.

This happens before the new device has authenticated into your amazon account as it doesn't yet have an internet connection (ie before its proven to be your device and not say a neighbours) and before you manually provide authentication for your wifi. Hence the 'with 0 auth'.

The auth is likely done by device to device handshake. Its just that there isn't a human involved.

A handshake between a device you own but have little control over and a device you've never seen before, may not have physical access too, and that could have been compromised before requesting your info. Great.

I'm not saying they're beaming it out in plain text for all to read; just that they'll give your info to a device you may not even be aware of let alone own or have any control over. That device may be a stock Amazon device, or it could be something more malicious.

thragtacular , 4 months ago

Yes, that’s what I said; your amazon devices are giving away your wifi info to new devices.

No, they are not. You make it sound like any asshole can walk by and just turn something on and get your wifi info.

If you're worried about a device somehow being compromised between being shipped by Amazon and making it to your front door, please dispose of all electronics and go live in the woods. That level of paranoia is not reasonable.

Darkassassin07 , 4 months ago

Yes, that is exactly what I'm saying as that's what it sounds like.

If you can buy a new amazon device and have it connect to all your stuff without your input; what stops someone else buying an amazon device and connecting to your network with it?

Obviously I'm not worried about the device I actually receive; I'm concerned that someone can buy their own device and use it to connect to other people's networks via existing amazon devices.

thragtacular , 4 months ago

My dude, if someone is able to just walk up to your house with a random device and hang out long enough to establish a wifi connection and pull out any sort of useful data you have WAY BIGGER PROBLEMS than someone potentially using your Amazon account to order dildos.

First of all, they have to already know you have that device.
Then they have to physically get close enough to it for a connection to be made.
THEN they have to hang around long enough for any sort of updates and shit to happen.
THEN THEN they have to try and figure out how to get any useful data from this connection, which is likely an extremely limited one unless they've already established how to pivot out of the device and into something else in which case they probably would have just done that through your original device anyway.
THEN THEN THEN they have to find a way to remove said useful information to a device that can actually store it.

All while standing next to your front door holding their dick.

It would be FAR easier to just leave a random USB stick on your porch and wait for your dumb ass to forget it isn't yours.

Or, even easier than that, just goddamn buy your information on the open market. They already have your address. It's not like you can't be found.

Have I illustrated quite yet why these low percentage attacks are the realm of movies?

Darkassassin07 , 4 months ago (edited 4 months ago)

First of all, they have to already know you have that device.

Ie: any amazon smart device; which are becoming increasingly popular and found in many homes globally.

Also, I'm not taking about someone targeting me, you, or anyone specifically. I'm talking about someone wandering around looking for homes that happen to have a vulnerable device and seeing where they can get from there.

Really not hard to find.

THEN they have to hang around long enough for any sort of updates and shit to happen.

Trivial when you consider not everyone lives in a single-family home with significant yardspace around it. Apartments exist, so do smaller multi-family dwellings.

THEN THEN they have to try and figure out how to get any useful data from this connection

The useful info here being your WIFI password (the info this connection is intended to spread) allowing an attacker to piviot to the rest of your network.

THEN THEN THEN they have to find a way to remove said useful information to a device that can actually store it.

This would be where I've repeatedly talked about an attacker being able to purchase an amazon device, jailbreak it, and use it to connect to your network

They can buy a device from Amazon then have all the time in the world to figure out a method of retrieving data from it. Once a method is worked out, they then deploy it against unsuspecting victims. (ie any random home they can get near and find an amazon device thats broadcasting looking for new devices)

if someone is able to just walk up to your house with a random device and hang out long enough to establish a wifi connection and pull out any sort of useful data you have WAY BIGGER PROBLEMS

I completely agree which is why I'm not happy with Amazon providing a hole to achieve exactly that.

thragtacular , 4 months ago

Oh, by the way, the person with the device has to have received one that wasn't already tied to THEIR account in any way. You know, like by the automated system that sends these things out reading a barcode on the side of the box that associates device IDs with a particular account. Not sure about anything else but this was the case a decade ago when I bought my first Kindle. I'd imagine it's a bit more sophisticated now.

Go hang around a random apartment complex with wifi sniffing boxes and see how long it is before someone tackles you.

Honey, if you think a wifi password is needed to pivot to a network then you don't know what the word pivot means. At that point you're fucking BREACHED, BITCH. There's no pivoting, only ownership.

Ah yes, just jailbreak the Amazon device with phantom software that somehow has completely different checksums but still... has the same checksums.

All of this just illustrates you're an ignorant-ass that doesn't know how any of this works, wringing your hands about scenarios that DO NOT EXIST IN THE REAL WORLD.

If I absolutely need to get into your network I'm not fucking around with a fucking rooted Amazon FireTV I'm just going to CRACK YOUR FUCKING WIFI PASSWORD DIRECTLY.

Apparently I have all day every day to fuck around so why do I give a shit about it taking a week or two?

More likely, I'll walk up to your door with my phone in my hand and go "Hey, I just moved into the apartment next to yours and the wifi up at the office is broken. Could I log onto yours for a moment and pay a bill real quick? I apparently don't get any damn signal here either. I just moved from a fuckin' building where I had no signal, you'd think they'd have figured it out by now!"

And almost every time this will be more than enough.

Darkassassin07 , 4 months ago

Jesus, would you like some fries to go with all that salt?

Have a good day m8.

Lojcs , 4 months ago

Can't this all be prevented by the already connected devices checking if the new device matches a newly purchased, not yet set up device in your purchase history? Really slim chance someone eavesdrops on its id and retransmits fast enough to hijack the setup

Darkassassin07 , 4 months ago

Possibly.

A) has amazon actually implemented such a system?

B) do you trust it's functioning correctly? Both now and for the foreseeable future.(would/could you even know if it wasn't?)

Side note: does this feature work with factory reset and/or re-sold devices?

Lojcs , 4 months ago

I don't see why they wouldn't. No way to verify I guess but it's really hard to think Amazon wouldn't come up with a system equivalent or better than what I did while reading this thread.

I imagine it'd be a one time convenience thing, or maybe you could open amazon and click 'set up this device again' or something and it reactivates

CazRaX , 4 months ago

At some point with the old device you agreed to Amazon saving used WiFi networks on your account, it asks you during setup of all Amazon internet connected devices. All Amazon has to do is connect the device serial number with your Amazon account ID, which is one of the options when you buy an Amazon device.

Pat , 4 months ago

if you got it from Amazon, they can preload your account and wifi details that you previously used with their products