To the guy asking if we'd using COVID-19 tracking apps...
-
The problem isn't in your approach. The problem is that whatever solutions are created will include unnecessary features and data handling that lend themselves to misuse. Normally I'm an optimist, but the Wild West of mobile app development does not give me confidence.
Software Zen:
delete this;Gary R. Wheeler wrote:
include unnecessary features
Sounds like you are saying someone could create a framework for this.
My plan is to live forever ... so far so good
-
Apparently the Australian tracking app doesn't track location, but they can't release the source code to prove it because "security reasons".
That's not how security works... :~
Best, Sander sanderrossel.com Migrating Applications to the Cloud with Azure arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
-
So before we all jump on the "it's never going to work it's impossible not on my watch over my dead body" bandwagon, can we step back and be software developers? 1. There's a serious issue and we, as developers, can help. 2. There are serious privacy considerations. We, as developers, can help. So let's start with the lowest common denominator here ("We, as developers, can help") and workshop some ideas I think Google / Apple have discussed this one but I haven't had a chance to read up on it. It seems to be along the following lines: 1. You install an app and give it access to your bluetooth. The app generates a GUID as an ID and stores that on the device. And only on the device. 2. It constantly scans it's surroundings for other IDs via bluetooth that are being transmitted by the apps on other people's phones. It records all IDs that you're next to for more than 15 mins 3. When someone is diagnosed with COVID the health care worker requests their app ID. They don't ask for your name, your email, or anything. Just the ID you were broadcasting. 4. A central server sends out a push notification with that ID. If someone else's app has that ID in their "person I've been near for 15 mins" list they get the big red scary screen of self isolation. That's it. Start to end. You can delete the app. You can wipe any trace of the ID from your phone. The ID was never associated with you in any way. There is NO GPS logging. Anyone see any holes in this?
cheers Chris Maunder
Should you be alerted if you came into contact with someone that came into contact with a confirmed case, i.e. 2nd-hand contact (or even 3rd-hand contact)? If so, then all your close-encounter data needs to be harvested, which removes the veil of security in the original proposal.
-
a) That XKCD is so awesome. b) Yep. They can and do track us already. The only problem is, even though we've allowed them to do it because it's convenient to us, we're not going to let the data be used to open up our lives because we don't want to admit it openly. Deep down we all just want our cake and we want to eat it too.
cheers Chris Maunder
Chris Maunder wrote:
The only problem is, even though we've allowed them to do it because it's convenient to us, we're not going to let the data be used to open up our lives because we don't want to admit it openly.
I think that's because the tracking products we use now (Apple, Microsoft, Google and Facebook mostly I guess) started out pretty innocent. The tracking aspect was added later or we only later found out it was tracking us. By that time, the technology became a part of our lives and routines and at that point it's hard to switch. There isn't even a decent alternative for some services, like Windows which I really need for my job (and which I'll always prefer over Apple, Linux is too technical for most users). Or a smartphone which I now can't do without and I only have two options, being tracked by Google or being tracked by Apple (and I choose Google every time). Now this new corona app is created for the sole purpose of tracking us and we aren't using it yet. I think that's just a step too far for most people.
Best, Sander sanderrossel.com Migrating Applications to the Cloud with Azure arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
-
So before we all jump on the "it's never going to work it's impossible not on my watch over my dead body" bandwagon, can we step back and be software developers? 1. There's a serious issue and we, as developers, can help. 2. There are serious privacy considerations. We, as developers, can help. So let's start with the lowest common denominator here ("We, as developers, can help") and workshop some ideas I think Google / Apple have discussed this one but I haven't had a chance to read up on it. It seems to be along the following lines: 1. You install an app and give it access to your bluetooth. The app generates a GUID as an ID and stores that on the device. And only on the device. 2. It constantly scans it's surroundings for other IDs via bluetooth that are being transmitted by the apps on other people's phones. It records all IDs that you're next to for more than 15 mins 3. When someone is diagnosed with COVID the health care worker requests their app ID. They don't ask for your name, your email, or anything. Just the ID you were broadcasting. 4. A central server sends out a push notification with that ID. If someone else's app has that ID in their "person I've been near for 15 mins" list they get the big red scary screen of self isolation. That's it. Start to end. You can delete the app. You can wipe any trace of the ID from your phone. The ID was never associated with you in any way. There is NO GPS logging. Anyone see any holes in this?
cheers Chris Maunder
I tend to agree with you, @chris-maunder - it's obvious that 'standard' contact tracing mechanisms don't work with something as infective as covid-19 and if we don't want one of extended lockdown or health system overload, we as societies (whichever one we happen to live in) need to change things about how we operate, whether that be apps like this or/and wearing masks full time (as happened in places in North America after the flu of 1918/19 - it only lasted a year or so, though, until masks were discarded). And having had first and second hand experience of covid-19, ICUs and ventilators, I can say I don't want people to have to go through all that if it can be avoided. At the same time, I understand the reluctance to trust organisations like governments or commercial entities like Google and Apple. I know their interests and desires aren't going to be aligned with mine (except through occasional lucky coincidence), but I think this is one area where they might be pulling the same way...
Java, Basic, who cares - it's all a bunch of tree-hugging hippy cr*p
-
So before we all jump on the "it's never going to work it's impossible not on my watch over my dead body" bandwagon, can we step back and be software developers? 1. There's a serious issue and we, as developers, can help. 2. There are serious privacy considerations. We, as developers, can help. So let's start with the lowest common denominator here ("We, as developers, can help") and workshop some ideas I think Google / Apple have discussed this one but I haven't had a chance to read up on it. It seems to be along the following lines: 1. You install an app and give it access to your bluetooth. The app generates a GUID as an ID and stores that on the device. And only on the device. 2. It constantly scans it's surroundings for other IDs via bluetooth that are being transmitted by the apps on other people's phones. It records all IDs that you're next to for more than 15 mins 3. When someone is diagnosed with COVID the health care worker requests their app ID. They don't ask for your name, your email, or anything. Just the ID you were broadcasting. 4. A central server sends out a push notification with that ID. If someone else's app has that ID in their "person I've been near for 15 mins" list they get the big red scary screen of self isolation. That's it. Start to end. You can delete the app. You can wipe any trace of the ID from your phone. The ID was never associated with you in any way. There is NO GPS logging. Anyone see any holes in this?
cheers Chris Maunder
I don't like giving companies the meta-data to do contact-tracing, because the market is quickly pivoting to make huge profits off of the technology, with a strong disregard for the mid-term consequences. It's not even the privacy concerns I'm worried about, I'm only worried about enabling governments to identify dissidents in a novel way. What if it gets used to contact-trace minorities? You could, in theory, identify and target any minority; information that can be used to push almost any political agenda.
-
Nelek wrote:
the best protection we can use is just to switch our brains on,
Whoa, whoa, WHOA. Now you're just talkin' crazy.
cheers Chris Maunder
Looking at the news and how people was behaving... It was not that obvious :sigh: :sigh:
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
-
Chris Maunder wrote:
The only problem is, even though we've allowed them to do it because it's convenient to us, we're not going to let the data be used to open up our lives because we don't want to admit it openly.
I think that's because the tracking products we use now (Apple, Microsoft, Google and Facebook mostly I guess) started out pretty innocent. The tracking aspect was added later or we only later found out it was tracking us. By that time, the technology became a part of our lives and routines and at that point it's hard to switch. There isn't even a decent alternative for some services, like Windows which I really need for my job (and which I'll always prefer over Apple, Linux is too technical for most users). Or a smartphone which I now can't do without and I only have two options, being tracked by Google or being tracked by Apple (and I choose Google every time). Now this new corona app is created for the sole purpose of tracking us and we aren't using it yet. I think that's just a step too far for most people.
Best, Sander sanderrossel.com Migrating Applications to the Cloud with Azure arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
Sander Rossel wrote:
Now this new corona app is created for the sole purpose of tracking us and we aren't using it yet. I think that's just a step too far for most people.
Exactly, and that's why in Germany they are thinking on making it mandatory X| X| X|
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
-
a) That XKCD is so awesome. b) Yep. They can and do track us already. The only problem is, even though we've allowed them to do it because it's convenient to us, we're not going to let the data be used to open up our lives because we don't want to admit it openly. Deep down we all just want our cake and we want to eat it too.
cheers Chris Maunder
Chris Maunder wrote:
b) Yep. They can and do track us already.
I'm one of the easiest to track. I still use my Windows Phone. It's like Al Bundy's 1 million miles Dodge... They don't need any ID for me! :laugh:
-
Sander Rossel wrote:
Now this new corona app is created for the sole purpose of tracking us and we aren't using it yet. I think that's just a step too far for most people.
Exactly, and that's why in Germany they are thinking on making it mandatory X| X| X|
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
Nelek wrote:
Exactly, and that's why in Germany they are thinking on making it mandatory X| X| X|
Do they also plan on handing smartphones out to everyone who doesn't have one?
-
Sander Rossel wrote:
Now this new corona app is created for the sole purpose of tracking us and we aren't using it yet. I think that's just a step too far for most people.
Exactly, and that's why in Germany they are thinking on making it mandatory X| X| X|
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
How are they ever going to enforce it? And what if you don't own a phone or one that doesn't run Android or iOS?
Best, Sander sanderrossel.com Migrating Applications to the Cloud with Azure arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
-
Nelek wrote:
Exactly, and that's why in Germany they are thinking on making it mandatory X| X| X|
Do they also plan on handing smartphones out to everyone who doesn't have one?
Johnny YYZ wrote:
Do they also plan on handing smartphones out to everyone who doesn't have one?
No That's exactly the idiotic aspect of it. A magazine even reported about including it as "system update" so it can be forced. But as we already said... it brings nothing, if not 100% used (and even then, it is pretty useless). But I suppose, people will complain A LOT about it. And hope the "common sense" starts getting present in some debates, because right now... some arguments they are using in several topics are a bit bizarre.
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
-
How are they ever going to enforce it? And what if you don't own a phone or one that doesn't run Android or iOS?
Best, Sander sanderrossel.com Migrating Applications to the Cloud with Azure arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
Sander Rossel wrote:
How are they ever going to enforce it?
there were comments about integrating it in the system. If that is true, I suppose Google / Apple would have no objections at all for having an official excuse to integrate such a tracking tool that can be derivated to other purposes easily enough.
Sander Rossel wrote:
And what if you don't own a phone or one that doesn't run Android or iOS?
That's something people is trying to make them see... it brings nothing if such an app is not 100% extended and used... and even then is not that useful, as many other already pointed out in this thread. For the ones that can read german: Kontakt-Tracing vs. Corona: Aderlass beim Pilotprojekt PEPP-PT geht weiter | heise online[^] It is supposed to be talked about "security" and "privacy" but seeing some of the political comments... - Die Grünen setzten sich weiter für die Anonymisierung und den Verbleib der Daten bei den Usern sowie eine gesetzliche Regel ein, die Nachteile für Nicht-Nutzer "und einen Zugriff auf die Daten durch Dritte ausschließt". - The green force remark their position about anonymizing the data, that the data stay by the users-devices and that there must be a law to exclude disadvantages for the Non-Users and the access to that data by third parties - "Disadvantages for the non users" >>> WTF? Really? what kind of disadvantages? - "Keeping the data in users devices" >>> In principle not a bad idea, but the data amount needed for this to work... you can forget it. It is going to bloat the capacity of the majority of the devices - "A law to avoid access to the data by third parties" >>> I thought there were already laws about it, and FB is breaking all of them with very little consequences...
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
-
Proposed government coronavirus tracking app falls at the first hurdle due to data breach | ZDNet[^] Just publish the source code with personal data from ANOTHER APP!? :wtf: "Amateurish" doesn't even begin to describe it... "A spokesperson for the Covid19 Alert app said the information was "accidentally put online" due to the haste in which the team wanted to make the source code available for analysis." If they have so much haste I'm sure this isn't the only "accident" that they put in the code. Again, I'm NOT going to use any COVID-19 app ever.
Best, Sander sanderrossel.com Migrating Applications to the Cloud with Azure arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
I'd rather die as a free man than live forever as a slave.
-
I'd rather die as a free man than live forever as a slave.
I'd prefer not to die at all :D
Best, Sander sanderrossel.com Migrating Applications to the Cloud with Azure arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
-
Gary R. Wheeler wrote:
include unnecessary features
Sounds like you are saying someone could create a framework for this.
My plan is to live forever ... so far so good
It's a combination of YAGNI (You Ain't Gonna Need It) and "since we're here, and we've got 'this', let's record 'that' too". There's a tendency in any kind of data acquisition application to record everything possible.
Software Zen:
delete this; -
So before we all jump on the "it's never going to work it's impossible not on my watch over my dead body" bandwagon, can we step back and be software developers? 1. There's a serious issue and we, as developers, can help. 2. There are serious privacy considerations. We, as developers, can help. So let's start with the lowest common denominator here ("We, as developers, can help") and workshop some ideas I think Google / Apple have discussed this one but I haven't had a chance to read up on it. It seems to be along the following lines: 1. You install an app and give it access to your bluetooth. The app generates a GUID as an ID and stores that on the device. And only on the device. 2. It constantly scans it's surroundings for other IDs via bluetooth that are being transmitted by the apps on other people's phones. It records all IDs that you're next to for more than 15 mins 3. When someone is diagnosed with COVID the health care worker requests their app ID. They don't ask for your name, your email, or anything. Just the ID you were broadcasting. 4. A central server sends out a push notification with that ID. If someone else's app has that ID in their "person I've been near for 15 mins" list they get the big red scary screen of self isolation. That's it. Start to end. You can delete the app. You can wipe any trace of the ID from your phone. The ID was never associated with you in any way. There is NO GPS logging. Anyone see any holes in this?
cheers Chris Maunder
Yeah...I see holes.... Let's start with #1. The "only on your device" is something you won't know. They also said you can recreate your GUID so that means the police can recreate your GUID. Then...when you get diagnosed as a COVD carrier and you smoosh the button...who's to say your phone won't scream at every other phone in the office...or the 120 kids are in your class...? Let's shut down businesses!! When this "6 foot" rule is being incorrectly applied as a cure all. The 6 foot rule came from an study on airplanes of "how close is too close" and they found that less than 6 feet for more than 10 minutes was too close. They didn't come up with any graphs that showed that 7 feet for 12 minutes is safe. They are finally starting to figure out now that all you have to do is walk through an area where an infected person has breathed and you can get it. No sneezing or coughing needed. It sounds like COVD has a very high replication rate so even a small viral load can overwhelm your antibody production.
-
My guess is the govt will do it seamlessly if you choose to not install the app. Truth is that the Big Data players already have all the tracking data that anyone could ever want, Covid-19 tracking app or not.
-
So before we all jump on the "it's never going to work it's impossible not on my watch over my dead body" bandwagon, can we step back and be software developers? 1. There's a serious issue and we, as developers, can help. 2. There are serious privacy considerations. We, as developers, can help. So let's start with the lowest common denominator here ("We, as developers, can help") and workshop some ideas I think Google / Apple have discussed this one but I haven't had a chance to read up on it. It seems to be along the following lines: 1. You install an app and give it access to your bluetooth. The app generates a GUID as an ID and stores that on the device. And only on the device. 2. It constantly scans it's surroundings for other IDs via bluetooth that are being transmitted by the apps on other people's phones. It records all IDs that you're next to for more than 15 mins 3. When someone is diagnosed with COVID the health care worker requests their app ID. They don't ask for your name, your email, or anything. Just the ID you were broadcasting. 4. A central server sends out a push notification with that ID. If someone else's app has that ID in their "person I've been near for 15 mins" list they get the big red scary screen of self isolation. That's it. Start to end. You can delete the app. You can wipe any trace of the ID from your phone. The ID was never associated with you in any way. There is NO GPS logging. Anyone see any holes in this?
cheers Chris Maunder
Using the app is not the problem. Someone can build a simple scanner that records all GUIDs in a given area. Link that say, to a camera and now you have a face with the GUID. The next time you see that GUID, you can look for a face. That GUID is specific to a phone/person. Remember the WiFi trash cans in London ?
