Contact Tracing Apps

Arwin

Now Officially a Top 10 Poster
Moderator
Legend
Our country is now in the process of selecting candidate apps for assisting with contact tracing and self-diagnosis. We know we are behind the UK with this, though ahead versus other European countries and we seem to have a more aggressive timeline in which we want to implement this.

This kind of app has already been deployed in several other countries. Although not a lot of evidence exists that this helps, it seems rather obvious that there is a lot of potential here, both in self-diagnosis and assisting contact tracing.

This whole process is public in the Netherlands, with live streams on the candidates, expert questions, public questions, and code is public too:

 
From what I understand the UK is going for a centralised system, but de-centralised systems will be quicker to deploy and Google and Apple are about to release their APIs for de-centralised contact-tracing for this for their respective platforms.
 
I hope this shit is as open source and transparent as technologically possible. Call me a tin-foil-hat-wearer, but I never underestimate the potential for different players in the tech and political world to take advantage of critical situations with trojan horses to further their personal agendas.

I don't think the app can't work, or that contact tracing can't be a useful tool. But that's no excuse to not be vigilant about how it is being done.

I'd rather die of corona than let the whole world become as totalutarian as China. Absurdly extreme exemple here, but the extremes are a good starting point to start thinking about where our threshold lies for our safety-vs-control cost-benefit analysis.
 
indonesia has it for around a month now. People complains it drains battery and make their phone hot. The app is purely for spying, no usable info for the user other than to alert ODP (people being monitored) and higher levels.
 
I hope this shit is as open source and transparent as technologically possible. Call me a tin-foil-hat-wearer, but I never underestimate the potential for different players in the tech and political world to take advantage of critical situations with trojan horses to further their personal agendas.

I don't think the app can't work, or that contact tracing can't be a useful tool. But that's no excuse to not be vigilant about how it is being done.

I'd rather die of corona than let the whole world become as totalutarian as China. Absurdly extreme exemple here, but the extremes are a good starting point to start thinking about where our threshold lies for our safety-vs-control cost-benefit analysis.


How true.

Just remember the Boston analytics fiasco.

It´s funny that in the last "House of Cards" Season, (mild spoilers) a company deploy an app to help the population amid a Hurricane disaster and in reality it´s used to mine personal data lol
 
How true.

Just remember the Boston analytics fiasco.

It´s funny that in the last "House of Cards" Season, (mild spoilers) a company deploy an app to help the population amid a Hurricane disaster and in reality it´s used to mine personal data lol

It's relieving to know mainstream entertainment has recently coloured this scenario into the collective unconscious.
 
I hope this shit is as open source and transparent as technologically possible. Call me a tin-foil-hat-wearer, but I never underestimate the potential for different players in the tech and political world to take advantage of critical situations with trojan horses to further their personal agendas.

If the app is from a commercial party whose business of selling information, then I would be dubious. If the app is something official from the Government, look at that Government and their technical capabilities. Chances are, any modern Western and Asian Government already have the capability to mine your data legally (or otherwise) and don't need a contact tracing Trojan horse.

If any of these apps are leaking data they shouldn't, it will become public knowledge very quickly given how easy it is to monitor network traffic from modern devices.
 
Chances are, any modern Western and Asian Government already have the capability to mine your data legally (or otherwise) and don't need a contact tracing Trojan horse.
Yes all they need to do, is grab it from the phone carriers (cause your phone is constantly pinging the towers), this position info though this will not be as accurate as something using bluetooth, and a lot more invasive
 
Yes all they need to do, is grab it from the phone carriers (cause your phone is constantly pinging the towers), this position info though this will not be as accurate as something using bluetooth, and a lot more invasive
You may be surprised how accurate triangulation of phone locations is these days when combined with wifi networks visible to your device as you move around. Bluetooth itself is a privacy nightmare in many cities with all the bluetooth beacons dotted around. It does not take match to connect the MAC address dots (wifi, bluetooth) with device-specific identifiers. Modern IMSI grabbers are also amazing.
 
Last edited by a moderator:
indonesia has it for around a month now. People complains it drains battery and make their phone hot. The app is purely for spying, no usable info for the user other than to alert ODP (people being monitored) and higher levels.

This is why the work by Apple and Google is important, to make sure this can be done with as little power as possible and not unimportantly as an OS function that always runs - currently an app can’t even keep polling Bluetooth in the background, which makes sense.

And they are designing a system with a very clear public specification with the goal to make it completely anonymous, and compatible over the two phone OS’s which is important.

Yes Bluetooth itself has some privacy concerns though only locally so the scale of the problems is tiny compared with other systems, and can be mitigated further with encryption on how the ids are exchanged etc.
 
This is why the work by Apple and Google is important, to make sure this can be done with as little power as possible and not unimportantly as an OS function that always runs - currently an app can’t even keep polling Bluetooth in the background, which makes sense.

And they are designing a system with a very clear public specification with the goal to make it completely anonymous, and compatible over the two phone OS’s which is important.

Yes Bluetooth itself has some privacy concerns though only locally so the scale of the problems is tiny compared with other systems, and can be mitigated further with encryption on how the ids are exchanged etc.
Googles solution also won't spy the exact GPS location, it'll trace contact from bt sniffing. Way better than the one used in Indonesia that use GPS and bt
 
Right. Apple and Google now even made it a requirement that an app doesn’t also collect GPS data. They also allow only one government sanctioned app per country.
 
indonesia has it for around a month now. People complains it drains battery and make their phone hot. The app is purely for spying, no usable info for the user other than to alert ODP (people being monitored) and higher levels.
which app is that? Is it officially made by Google or Apple? Is it open source?
 
Pfft. Your contact tracing privacy concerns are nothing compared to my 'immunity passport' privacy concerns!

https://www.theguardian.com/politic...us-health-passports-for-uk-possible-in-months

A centralised database containing facial biometrics? What could possibly go wrong? I'm no conspiracy theorist, but the idea makes me want to look up how to make a good tinfoil hat on the Internet.

I love these kindnof policy that simply assumes society will remain stable, safe and non-tyranical despite history proving that feeling always been naively short sighted in the past. Despite we having highly un-human non-democratic states operating right now, and despite the very crysis we are going through being empirical evidence of how fragile our global ecomomy and politics actually is.

But yeah, sure, let give every authority we can find a new chain leash for them to keep us safe. Can I also hand them my girlfriend's panties while at it?
 
which app is that? Is it officially made by Google or Apple? Is it open source?

Pedulilindungi, made by telkomsel, a government-owned company that's blatantly breaks net neutrality (there's no net neutrality law in Indonésia tho), injecting ads, and doing sketchy business. But now it's published under kemenkominfo (maybe equivalent to FCC).

Closed source.

I've tried to sniff around what data are gathered but it requires Bluetooth, and I can't find any android VM that have Bluetooth emulation.

I'm not gonna install it on a real hardware and letting it sniff all the wifi ap, and Bluetooth devices in my proximity... GPS is fine as it can be easily spoofed

Btw kemenkominfo have sketchy policies
  • Allowing companies to pay ISP to block competitors (imagine allowing Netflix to block Hulu on ISP xyz, Amazon to block Walmart on ISP abc)
  • Country-wide dns poisoning (even DoH doesn't always give clean result, DNScrypt still works all the time)
  • Planning to regulate YouTube videos
  • VPN will be regulated and considered to be the same as ISP (0_o)
  • Many more I didn't remember off-hand
 
Last edited:
https://www.theguardian.com/politic...us-health-passports-for-uk-possible-in-months

A centralised database containing facial biometrics? What could possibly go wrong? I'm no conspiracy theorist, but the idea makes me want to look up how to make a good tinfoil hat on the Internet.

I agree but this is a tricky one. We know modern conventional [travel] passport security measures only deter falsification by amateurs and that there are effective counterfeits appear quickly beyond the ability of most country's passport control to detect them. If you take your Blueland-issued passport to Redland, they largely rely on the apparent authenticity of the passport itself to determine whether or not the passport is real and that it was issued to be the person presenting it.

The only certain way to authenticate anything is to compare it to a central tamper-proof database (aka the single source of truth) or constantly redeploy cutting-edge security keeping once step ahead of counterfeiters. The latter is more privacy-friendly but is vastly more expensive.

I don't believe the UK will literally buy into health passports unless COVID-19 is still a big problem in three-to-six months because this would take a massive amount of time, effort and money at a time when the lockdown measures are already eating the economy. It's not uncommon for companies to approach their Governments with great - but prohibitively expensive - solutions to problems and the vast majority of these go nowhere.
 
The only certain way to authenticate anything is to compare it to a central tamper-proof database (aka the single source of truth) or constantly redeploy cutting-edge security keeping once step ahead of counterfeiters. The latter is more privacy-friendly but is vastly more expensive.

Are you not getting a sense of déjà vu here? Biometric passports/ID cards/some other thing? Centralised database?

We went through all of this under the previous Layout government and, if my memory serves, under one of the Tory administrations before that. It's like Groundhog Day. I remember arguing about it in RPSC here.

I honestly couldn't say where this keeps coming from. Obviously there are commercial interests, but the persistence of it across governments of all flavours makes me wonder if it's not some sort of thing that lives high up in the Civil Service.
 
Are you not getting a sense of déjà vu here? Biometric passports/ID cards/some other thing? Centralised database?
Yes, this is an old chestnut. What largely killed older proposed biometric systems was that the technology was not mature enough to be robust in being able to provide a sufficiently high assurance of identification (like orders of magnitudes below a DNA test), unacceptable false positives/negatives, inability to adapt to people changing (for visual systems) and cost.

Things like Apple's Face ID is really good, but not flawless and if you were content with "really good" - which frankly isn't good enough, to implement that in any form of passport would be massively expensive

I honestly couldn't say where this keeps coming from. Obviously there are commercial interests, but the persistence of it across governments of all flavours makes me wonder if it's not some sort of thing that lives high up in the Civil Service.

You generally hear about these things not from Government but from private industry who see, or perceive, a problem that they want to sell the Government a solution too. For the most part, Government will generally review proposals like this which some take as a sign of potential adoption, but it's just reviewing it. You have to, just in case somebody really does come up with a novel solution to things. The UK's quantum computing program got initial traction this way.
 
Last edited by a moderator:
The only problem there is that, as this government has shown, there is a long-standing policy of UK.gov selecting the option which is most expensive as well as least likely to work correctly. Probably because the decisions are made based on which lobbyist went to school with the PM/Defence Secretary/Home Secretary/Health Secretary at any given time and who is most likely to provide the best backsheesh at a future date (generally through paid directorships).
 
Back
Top