sdbryan

GeorgeBMac said:

sdbryan said:

GeorgeBMac said:

command_f said:

lkrupp said:

Anyone who downloads and installs these contact tracing apps should have their heads examined. We can’t trust ANY of these bastards, including Apple.

Really? I trust Apple (beyond the usual errors that everyone makes), mostly because their motives are clear. At worst, it's not in their selfish interest not to protect our data. You have to pick who you trust but you do have to pick someone; if not, bin that smart phone, and the feature phone, because the network tracks them all. They kind-of have to, of course, so they can deliver your calls to you.

As to "these tracing apps", they aren't all the same. The Apple/Google framework is yet to be released* so it can't have failed already, the UK's NHS app uses entirely an different implementation and they've open-sourced their software so that the ethical hackers can help them improve it.

You can't use the fact that one app sounds as though it's dodgy to condemn the whole class. That's like saying Android phones are poor so iPhones must be too.

*My bad: it was released yesterday. I think my point still stands.

Yes, Apple's motives are clear:   promote privacy above all else.  And normally that is a good thing.

But, in this case, putting privacy above all else means putting it above the lives of tens of thousands --- because a lack of effective testing  & follow-up tracing means death to tens of thousands.  Are you willing to sacrifice your own life or the life of your mother or father, grandmother or grandfather for "privacy".

Those in China and S. Korea put their country, their lives and their economy above "privacy".

Republicans are willing to sacrifice their country, their lives and their economy for some supposed privacy -- which they gave away 20 years ago in their Patriot Act anyway!

Has anyone else bothered to read the documents that Apple/Google have made available describing the protocol and framework? It is helpful when one critiques the parties involved. The protocol preserves privacy while enabling robust contact tracing. Of course contact tracing does require participation. If you choose to not participate because of privacy concerns then you have the opportunity to PROVE why the protocol fails (who knows? it might). But I don't see anyone even attempting to provider such a proof.

Yes, it does preserve privacy

No, it does not do contact tracing (you might look up what the term means).   That is why they changed its name -- because it does not do contact tracing.

OK, I believe I can see where you are coming from. Yes, the way it is designed it is clearly an opt-in system. First you can choose not to use it all. Even if you use the system and you get tested positive you again get to choose to notify and you need verification by medical personnel that you did indeed test positive.

Assuming those conditions are met and the devices register that transmission of the virus was possible, you get notification that you were exposed and should self-quarantine and get tested. You are not informed who, where, or when about the event but you do learn of the exposure. I am sure it does not fit the detailed description of contact tracing that has been around before and is massively labor intensive and privacy invasive and completely hopeless for notifying people you don't even know but were possibly exposed. Even among people you know expecting exhaustive recall over a possibly extended period is asking a lot.

The clear advantage of exposure detection is that it doesn't depend on possibly faulty memory or knowing everyone's identity just in case they might need to be notified some time in the future. Exposure detection does depend on participation but it is cost free and exhaustively vigilant. There could be a cost for periodic virus testing but that should be provided cost free by the state if there is any rationality at all.

Conventional contact tracing for sexually transmitted diseases makes more sense because you really should know the identities (and when and where) of persons who need to be contacted. For something as insidious as Covid-19 it is a different game.

GeorgeBMac said:

command_f said:

lkrupp said:

Anyone who downloads and installs these contact tracing apps should have their heads examined. We can’t trust ANY of these bastards, including Apple.

Really? I trust Apple (beyond the usual errors that everyone makes), mostly because their motives are clear. At worst, it's not in their selfish interest not to protect our data. You have to pick who you trust but you do have to pick someone; if not, bin that smart phone, and the feature phone, because the network tracks them all. They kind-of have to, of course, so they can deliver your calls to you.

As to "these tracing apps", they aren't all the same. The Apple/Google framework is yet to be released* so it can't have failed already, the UK's NHS app uses entirely an different implementation and they've open-sourced their software so that the ethical hackers can help them improve it.

You can't use the fact that one app sounds as though it's dodgy to condemn the whole class. That's like saying Android phones are poor so iPhones must be too.

*My bad: it was released yesterday. I think my point still stands.

Yes, Apple's motives are clear:   promote privacy above all else.  And normally that is a good thing.

But, in this case, putting privacy above all else means putting it above the lives of tens of thousands --- because a lack of effective testing  & follow-up tracing means death to tens of thousands.  Are you willing to sacrifice your own life or the life of your mother or father, grandmother or grandfather for "privacy".

Those in China and S. Korea put their country, their lives and their economy above "privacy".

Republicans are willing to sacrifice their country, their lives and their economy for some supposed privacy -- which they gave away 20 years ago in their Patriot Act anyway!

Has anyone else bothered to read the documents that Apple/Google have made available describing the protocol and framework? It is helpful when one critiques the parties involved. The protocol preserves privacy while enabling robust contact tracing. Of course contact tracing does require participation. If you choose to not participate because of privacy concerns then you have the opportunity to PROVE why the protocol fails (who knows? it might). But I don't see anyone even attempting to provider such a proof.

lkrupp said:

sdbryan said:

lkrupp said:

Anyone who downloads and installs these contact tracing apps should have their heads examined. We can’t trust ANY of these bastards, including Apple. ...

Wouldn’t it be more worthwhile to ‘examine’ the protocols that Apple/Google have published to see if there is some privacy defect? Assuming a rigidly cynical position for all contact tracing efforts could lead to reduced ability to contain outbreaks which would have real world consequences. I hope security experts do vigorously examine contract tracing efforts and I am sure they will. But unless and until a problem is discovered I would encourage everyone to participate so that fewer people get sick and die. Because it is a global pandemic.

You might have a point IF this were a rare thing. But every time an app like this comes out (for whatever purpose) a security researcher soon discovers it’s phoning home with all sorts of collected data. In the case of this app it was discovered that it was not only collecting data but sending it to third parties, in this case Foursquare and Google.

The app you refer to was not using the Apple/Google protocol. It was just an app in Apple's app store. Not a sterling endorsement of the app store screening process but if they were security research types that is probably not the job they would have. Also it is not obvious why Foursquare would be interested since the Apple/Google protocol apps are disallowed access to location API's. In other words that article was a red herring though the author might not be aware of how misleading it was.

sabos said:

Did Apple learn nothing from the Google “glass-hole” debacle? The issue with these isn’t technical, it’s social. The backlash against people wearing cameras on their faces in public spaces was a genuine phenomenon ...

Did you read the article? It claimed the product would have a lidar sensor but not a camera.