General > General Technical Chat
Working From Home - Impacts of Coronavirus
Syntax Error:
@eevForumBloggers:
You can read the full technical Google/Apple contact tracking and tracing over Bluetooth API [draft] specifications here:
--- Quote ---Google and Apple are releasing draft documentation for an Exposure Notification system in service of privacy-preserving contact tracing:
--- End quote ---
https://www.apple.com/covid19/contacttracing/
SiliconWizard:
--- Quote from: dunkemhigh on April 26, 2020, 09:05:54 pm ---
--- Quote ---How reliable would that be really, knowing we are
--- End quote ---
My guess is it will take about 4 hours before someone fakes being infected just for the laughs. And someone really infected might have other things on their mind than dicking around with a phone app. In which case there would have to be some 'official' interaction - perhaps a code that only a doctor confirming an infection will provide to prevent false positive abuse, and 'strong incentive' to set yourself as being infected if/when you are.
--- End quote ---
Sorry, I fail to see how that could work in practice.
They are all swearing 1/ that people can't be individually traced, 2/ that its use will only be voluntary. What kind of strong incentive are you talking about exactly?
floobydust:
--- Quote from: nctnico on April 26, 2020, 08:46:43 pm ---
--- Quote from: floobydust on April 26, 2020, 08:18:37 pm ---I understand this as Bluetooth tracking compared with GPS tracking. Converting a Bluetooth UUID to an actual person's ID or phone number requires access to private information and your contact list, and who trusts these cheezy app developers to not harvest it all and sell it to third parties ala zuckerburg style and claim it was a hack.
--- End quote ---
But Corona tracking apps don't work that way. The Bluetooth ID gets hashed (which means converted to a unique fingerprint which cannot be traced back to the original; see SHA256 for example). On your phone you'll have a list with those fingerprints for a couple of weeks. A central server receives messages from phones of which the user says he/she is infected and you get a message saying a fingerprint is infected.
In short: there is no absolute location tracking involved and no personal c.q. traceable information is shared. Also many Corona tracking apps are open source so anyone can see how it works. As bd139 wrote: you should really do some investigation into how Corona tracking apps actually work instead of writing utter nonsense.
--- End quote ---
How does the hashed Bluetooth ID or beacon get resolved back to the original person for notification?
I'm holding my pitchfork because Canada has does not have the EU GPDR regulation wrt data privacy, so we constantly get Silicon Valley/USA datamining in apps.
"...Once {app} enabled, users’ devices will regularly send out a beacon via Bluetooth that includes a privacy-preserving identifier — basically, a string of random numbers that aren’t tied to a user's identity and change every 10-20 minutes for additional protection. Other phones will be listening for these beacons and broadcasting theirs as well. When each phone receives another beacon, it will record and securely store that beacon on the device."
"At least once per day, the system will download a list of beacons that have been verified as belonging to people confirmed as positive for COVID-19 from the relevant public health
authority. Each device will check the list of beacons it has recorded against the list downloaded from the server. If there is a match between the beacons stored on the device and the positive diagnosis list, the user may be notified and advised on steps to take next."
"In the second phase, available in the coming months, this capability will be introduced at the operating system level to help ensure broad adoption, which is vital to the success of contact tracing."
Let's look at it backwards then, the privacy policy on these lovely nice sweet coronavirus apps:
UK COVID Symptom Tracker Privacy Notice
Third party processors for both kinds of information
We use third parties to process some of your personal data on our behalf. When we allow them access to your data, we do not permit them to use it for their own purposes. We have in place with each processor, a contract that requires them only to process the data on our instructions and to take proper care in using it. They are not permitted to keep the data after our relationship with them has ended.
These processors include:
Amazon Web Services
Google Cloud Platform
SurveyMonkey
Segment
Google Analytics
Mixpanel
Google G-Suite
MailChimp
Mailgun
Intercom
Sentry
Google Firebase
SwiftyBeaver
It's this third-party shit where they get to use your private data for their internal purposes - why I would not participate.
SiliconWizard:
--- Quote from: floobydust on April 26, 2020, 09:29:28 pm ---"In the second phase, available in the coming months, this capability will be introduced at the operating system level to help ensure broad adoption, which is vital to the success of contact tracing."
--- End quote ---
Yeah, even just that, I'm not sure people have realized what that meant in the long run.
"help ensure broad adoption," means: making it unavoidable. That's politician's talk.
And if that gets deep into operating systems, you can be sure it will be used, reused and abused in the long run.
bd139:
Floobydust: We use most of those and we’re fintech and have full control over the data. They are service providers.
Back in the old days the same shit happened but in crates of paper and EDI dial ups...
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version