To the guy asking if we'd using COVID-19 tracking apps...
-
Proposed government coronavirus tracking app falls at the first hurdle due to data breach | ZDNet[^] Just publish the source code with personal data from ANOTHER APP!? :wtf: "Amateurish" doesn't even begin to describe it... "A spokesperson for the Covid19 Alert app said the information was "accidentally put online" due to the haste in which the team wanted to make the source code available for analysis." If they have so much haste I'm sure this isn't the only "accident" that they put in the code. Again, I'm NOT going to use any COVID-19 app ever.
Best, Sander sanderrossel.com Migrating Applications to the Cloud with Azure arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
I'd rather die as a free man than live forever as a slave.
-
I'd rather die as a free man than live forever as a slave.
I'd prefer not to die at all :D
Best, Sander sanderrossel.com Migrating Applications to the Cloud with Azure arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
-
Gary R. Wheeler wrote:
include unnecessary features
Sounds like you are saying someone could create a framework for this.
My plan is to live forever ... so far so good
It's a combination of YAGNI (You Ain't Gonna Need It) and "since we're here, and we've got 'this', let's record 'that' too". There's a tendency in any kind of data acquisition application to record everything possible.
Software Zen:
delete this; -
So before we all jump on the "it's never going to work it's impossible not on my watch over my dead body" bandwagon, can we step back and be software developers? 1. There's a serious issue and we, as developers, can help. 2. There are serious privacy considerations. We, as developers, can help. So let's start with the lowest common denominator here ("We, as developers, can help") and workshop some ideas I think Google / Apple have discussed this one but I haven't had a chance to read up on it. It seems to be along the following lines: 1. You install an app and give it access to your bluetooth. The app generates a GUID as an ID and stores that on the device. And only on the device. 2. It constantly scans it's surroundings for other IDs via bluetooth that are being transmitted by the apps on other people's phones. It records all IDs that you're next to for more than 15 mins 3. When someone is diagnosed with COVID the health care worker requests their app ID. They don't ask for your name, your email, or anything. Just the ID you were broadcasting. 4. A central server sends out a push notification with that ID. If someone else's app has that ID in their "person I've been near for 15 mins" list they get the big red scary screen of self isolation. That's it. Start to end. You can delete the app. You can wipe any trace of the ID from your phone. The ID was never associated with you in any way. There is NO GPS logging. Anyone see any holes in this?
cheers Chris Maunder
Yeah...I see holes.... Let's start with #1. The "only on your device" is something you won't know. They also said you can recreate your GUID so that means the police can recreate your GUID. Then...when you get diagnosed as a COVD carrier and you smoosh the button...who's to say your phone won't scream at every other phone in the office...or the 120 kids are in your class...? Let's shut down businesses!! When this "6 foot" rule is being incorrectly applied as a cure all. The 6 foot rule came from an study on airplanes of "how close is too close" and they found that less than 6 feet for more than 10 minutes was too close. They didn't come up with any graphs that showed that 7 feet for 12 minutes is safe. They are finally starting to figure out now that all you have to do is walk through an area where an infected person has breathed and you can get it. No sneezing or coughing needed. It sounds like COVD has a very high replication rate so even a small viral load can overwhelm your antibody production.
-
My guess is the govt will do it seamlessly if you choose to not install the app. Truth is that the Big Data players already have all the tracking data that anyone could ever want, Covid-19 tracking app or not.
-
So before we all jump on the "it's never going to work it's impossible not on my watch over my dead body" bandwagon, can we step back and be software developers? 1. There's a serious issue and we, as developers, can help. 2. There are serious privacy considerations. We, as developers, can help. So let's start with the lowest common denominator here ("We, as developers, can help") and workshop some ideas I think Google / Apple have discussed this one but I haven't had a chance to read up on it. It seems to be along the following lines: 1. You install an app and give it access to your bluetooth. The app generates a GUID as an ID and stores that on the device. And only on the device. 2. It constantly scans it's surroundings for other IDs via bluetooth that are being transmitted by the apps on other people's phones. It records all IDs that you're next to for more than 15 mins 3. When someone is diagnosed with COVID the health care worker requests their app ID. They don't ask for your name, your email, or anything. Just the ID you were broadcasting. 4. A central server sends out a push notification with that ID. If someone else's app has that ID in their "person I've been near for 15 mins" list they get the big red scary screen of self isolation. That's it. Start to end. You can delete the app. You can wipe any trace of the ID from your phone. The ID was never associated with you in any way. There is NO GPS logging. Anyone see any holes in this?
cheers Chris Maunder
Using the app is not the problem. Someone can build a simple scanner that records all GUIDs in a given area. Link that say, to a camera and now you have a face with the GUID. The next time you see that GUID, you can look for a face. That GUID is specific to a phone/person. Remember the WiFi trash cans in London ?
-
Sounds like you're saying that if the solution doesn't work 100% (or even 80%) it's not worth it. I respectfully disagree. If there is an agreed goal to isolate infections as fast as possible then even incremental solutions are better than throwing up your hands. We're a clever bunch, with most cleverer than I. I reckon there's plenty of scope here to come up with something that works well enough and protects privacy.
cheers Chris Maunder
I am saying that if it works for (significantly) less than 10% of the cases, it is a waste. At a significant cost. I don't think the very minor benefit is anywhere close to worthwhile for the cost. I am not talking about economic cost. We are accepting an ever-increasing level of monitoring and tracking. Don't forget that you "secret" ID is continuously broadcast as long as the app is running. Any surveillance camera picking up your face, along with the ID you broadcast, will know that whenever that ID is detected, it is you. In Norway, a couple years ago, one of the government parties tried to force through a law permitting the police to infect any Internet PC with spyware, such as a keylogger, saving every keystroke you make. It didn't go through the parliament, and today that party is out of the government. But it might come back, stronger, and may force their old proposal through. If police is allowed to infect your PC with a keylogger, that isn't far from being allowed to infect your phone with a location logger. Tracking by the GSM signals - the phone regularly announcing its presence to all base stations in the area - has been available for low-resolution tracking since GSM's arrival. In a kidnapping case ten years ago, police proudly stood up in media and explained how they "by a simple keypress" can trace every single mobile phone in the country: They could trace the movements of the victim's phone and follow the kidnappers. Unfortunately, they were to late to save the victim (see Murder of Faiza Ashraf - Wikipedia[^]), but after that, there has been full acceptance for police tracking by GSM signals: See - police can use it to track criminals! That's great isn't it? If police infects our mobiles with a location tracker, after a single case where they have (say) identified drug distributors by tracking who the street dealers are in contact with, there will be no opposition to the exact tracking of anyone, so police can identify every single person you are near for more than a few seconds, whenever they think knowing your personal contacts can tell them something that they want to know. The Norwegian app use not only Bluetooth to estimate the distance between persons, but also GPS, to identify the environment where the encounter took place: On the street? In a grocery store? At a sports event? - I can easily und
-
So before we all jump on the "it's never going to work it's impossible not on my watch over my dead body" bandwagon, can we step back and be software developers? 1. There's a serious issue and we, as developers, can help. 2. There are serious privacy considerations. We, as developers, can help. So let's start with the lowest common denominator here ("We, as developers, can help") and workshop some ideas I think Google / Apple have discussed this one but I haven't had a chance to read up on it. It seems to be along the following lines: 1. You install an app and give it access to your bluetooth. The app generates a GUID as an ID and stores that on the device. And only on the device. 2. It constantly scans it's surroundings for other IDs via bluetooth that are being transmitted by the apps on other people's phones. It records all IDs that you're next to for more than 15 mins 3. When someone is diagnosed with COVID the health care worker requests their app ID. They don't ask for your name, your email, or anything. Just the ID you were broadcasting. 4. A central server sends out a push notification with that ID. If someone else's app has that ID in their "person I've been near for 15 mins" list they get the big red scary screen of self isolation. That's it. Start to end. You can delete the app. You can wipe any trace of the ID from your phone. The ID was never associated with you in any way. There is NO GPS logging. Anyone see any holes in this?
cheers Chris Maunder
Well, to get back to the original subject/proposal;
Anyone see any holes in this?
One of the big problems I see, is that BT is also working through glass and through plexiglass screens. So the "near for 15 mins" parameter should somehow account for that. I broke my head over this, the last couple of days, but couldn't come up with a solution. Anyone?
-
Proposed government coronavirus tracking app falls at the first hurdle due to data breach | ZDNet[^] Just publish the source code with personal data from ANOTHER APP!? :wtf: "Amateurish" doesn't even begin to describe it... "A spokesperson for the Covid19 Alert app said the information was "accidentally put online" due to the haste in which the team wanted to make the source code available for analysis." If they have so much haste I'm sure this isn't the only "accident" that they put in the code. Again, I'm NOT going to use any COVID-19 app ever.
Best, Sander sanderrossel.com Migrating Applications to the Cloud with Azure arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
Actually, I've heard the Google plans to slipstream the tracking application as essentially an OS update.
Truth, James
