General > General Technical Chat
Bluetooth Low Energy is unsuitable for COVID-19 contact tracing, say inventors
SparkyFX:
--- Quote from: julianhigginson on May 14, 2020, 12:28:47 pm ---I think that going on and on about the RSSI strength detection thing and thinking it has to be perfect or it's useless is missing the point.
The contact tracing app is not meant to be 100% perfect.
if it can work even a bit, it can speed up transmission tracing.
which will catch some transmissions before the transmitted to person gets sick enough to be tested and get diagnosed (by which time they have passed it on themselves). so will bring down the reproduction number.
--- End quote ---
No solution can be perfect, that is not the question. The question is more or less if the advantages outweigh the current method of isolating cohorts based on location/occupation or if this additional intermediate step introduces a false sense of security for users and delays things, given the disadvantages it has. The contact tracing is done at the very beginning to isolate an outbreak, but once this stage is over whole groups of people need to isolate themselves (lockdown). Surely people want to go back to normal after the first wave passed and then it might be back to the stage of contact tracing.
Besides the problems with RF based distance measurement, there still is a whole set of other practical problems, e.g. leaving the phone somewhere (charger) while taking a break, people without a smartphone, empty battery, airplane mode.. which makes it pointless to trust such a solution entirely and that means fallback to isolate cohorts anyway. That means to also isolate people that were never infected (which you only know after a quarantine), but you are on the safe side of things and it means same rules apply for everyone. I consider there would be quite some unrest when there is contradicting information provided by an incomplete source.
cdev:
Good luck, stay safe! :palm:
Buriedcode:
--- Quote from: David Hess on May 14, 2020, 03:39:07 pm ---
--- Quote from: nali on May 14, 2020, 12:44:30 pm ---This is a pretty interesting blog post on the UK app:
https://www.ncsc.gov.uk/blog-post/security-behind-nhs-contact-tracing-app
--- End quote ---
The direct or of the National Cyber Security Centre (Ian Levy) is explaining how they are going to protect your privacy and security using a closed source application? That is a laugh.
--- End quote ---
I thought it was open source? https://github.com/nhsx/COVID-19-app-iOS-BETA
Someone:
--- Quote from: Buriedcode on May 15, 2020, 12:35:52 am ---
--- Quote from: David Hess on May 14, 2020, 03:39:07 pm ---
--- Quote from: nali on May 14, 2020, 12:44:30 pm ---This is a pretty interesting blog post on the UK app:
https://www.ncsc.gov.uk/blog-post/security-behind-nhs-contact-tracing-app
--- End quote ---
The direct or of the National Cyber Security Centre (Ian Levy) is explaining how they are going to protect your privacy and security using a closed source application? That is a laugh.
--- End quote ---
I thought it was open source? https://github.com/nhsx/COVID-19-app-iOS-BETA
--- End quote ---
Even if the users app is open source (and able to be built from source to verify thats whats actually installed etc), it is only a small part of the system.
Since people don't seem to read the links here:
--- Quote ---When you download and run the app, your phone is assigned a big random number (a 128 bit GUID) to act as your fixed but anonymous identity (we’ll call it the installation ID from now on). Only your device and the NHS server ever know that. The app asks the user the first part of their postcode (LS1 or SW1A, for example, for NHS resource planning, mainly) and it records the model of your phone (for example ‘Apple iPhone 10,2’). Your phone and the system also end up agreeing a few cryptographic keys, including a key used to authenticate your installation, and some system parameters. Nothing identifying and no personal data are taken from the device or the user.
Every day, your device generates a random elliptic curve key pair and encrypts your installation ID (and some other administrative stuff like time periods) with it in a way that only the NHS server can recover, giving you a daily, random-looking, encrypted 'blob'.
--- End quote ---
Central state actor holding the keys and the information. The app is a part of the whole system, and while the user app might be good on privacy for the particular things it does (lets make a generous assumption here) the rest of the system can be full of holes. So the government stands up and makes lots of noise about how secure and private the user app is, entirely honestly, distracting people from how the system actually works and the privacy issues it has.
cdev:
Issue: Individuals are tracked by Google Analytics. #11
https://github.com/nhsx/COVID-19-app-iOS-BETA/issues/11
Describe the bug
Individuals are tracked by Google Analytics.
When accessing the Privacy Policy tracking code is passed from the application to the covid19.nhs.uk website which is processed by Google Analytics. Data captured could be used to re-identify an individual.
COVID-19-app-iOS-BETA/Sonar/Appearance/LogoStrapline.swift
Lines 45 to 48 in 370a518
@IBAction func infoTapped(_ sender: UIButton) {
let url = URL(string: "https://covid19.nhs.uk/?utm_source=nhscovid19ios&utm_medium=mobileapp&utm_campaign=nhscovid19app&utm_content=statuspage")!
UIApplication.shared.open(url)
}
Expected behaviour
Individuals are NOT tracked by Google Analytics
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version