Based on a previous comment of yours I assumed this to be the case. Apparently, that was an incorrect assumption on my end.
That’s not how this works. Sure you read the correct spec? Seems like you’re either misinformed, or confusing it with another contact tracing scheme.
This is the one where your phone shouts random strings, and other phones within earshot “write down” the random strings they hear. When you get sick, your list of random strings for the past 14 days or so get uploaded. Periodically everyone else downloads the new list of “suspect” random strings. Their app checks whether it “heard” any of the new “words” on the list, and if so, informs the user that they may be at risk.
It’s not protected. It’s public data. That’s the whole point: there’s nothing in that database that could be traced back to you, unless you would give away the private keys with which those random strings are signed and tell the recipient “these keys belong to me, kieran”. And that would be like giving away your SSH private key: unbelievably stupid of you to do, but not a flaw in the SSH protocol.
I sure hope not! This isn’t going away in a couple weeks time, and there will be other epidemics/pandemics that would greatly benefit from having contact tracing from the get-go rather than having to wait 4 months before we get our shit together. Either way, this is a moot point. The only things that are uploaded are the randomly generated strings of confirmed cases, nothing that can be traced back to you.
Not really. Since when has the mainstream media ever correctly reported on anything technical? Unless Google or Apple explicitly say that these APIs, which are merely system calls, will only be available to certain organisations, I wouldn’t read too much into what an industry known for its lack of understanding of technical matters, and for its inaccurate reporting of anything to do with “these magical thinking machines” has to say on the subject.
Because the thing hinges on cryptography. And you want your cryptography algorithms developed by someone who actually knows what they’re doing. That’s why the API for generating and signing these random strings become part of the OS: to ensure that app developers have access to verified implementations of the APIs and won’t be tempted to write their own.
Because nobody would trust that app if it were only available from Google, so they instead just provide a cryptographic API that allows anyone to make the right system calls in order to generate one of those random strings. This means governments, health organisations, but also FOSS developers could write their own implementation, so anyone will be able to find an app that satisfies their trustworthiness requirements.
I think you’re confusing two different meanings of the word API. This is not a REST API where you have to pay for an account in order to access it. This is a local API: a set of methods with predefined method names and arguments to be used on the local machine. Aka: a “library”.
There is of course the server that collects all the uploaded data from known infections, and that will obviously also use an API in the traditional sense like you understood the word. Since they want to prevent jokers from spamming the system with false reports, I’m going to assume, based on what I’ve read so far (namely that it’s going to be the hospitals who upload the data) that uploading will require an account that will only be given out to verified health organisations. Whether they get charged for this or not is not really relevant. We’re talking about potential privacy invasions, let’s stay on topic.
You’re entitled to your scepticism. However, it appears that experts in the field (e.g. virologists, health administrations) and who don’t have anything to gain by invading your privacy (they’re not the government, nor are they coerced by them) seem to think that this would be enormously beneficial to both their work, and the public in general.
And their arguments make sense: it won’t stop the virus from spreading, but it will allow people to be notified they may be at risk before they show symptoms. These people can then get tested, so their contacts can receive a warning as well, or at least self-quarantine. This won’t help the people that they’ve already spread the virus to before being notified, but it will allow them to prevent spreading it further afterwards.
Um, NO. People on this thread have shown opposition to this very idea, without even understanding what they’re talking about. Paranoia is running rampant. “Not on my phone!”; “Please, Pruism, don’t react to this so that nobody will notice you and require you to install this on your phones as well” etc… This is no longer speculating, this is calling to action to oppose this scheme.
If you read what I wrote above, which explains exactly what this is and how it works, you’ll realise that it’s just a harmless system library that generates random strings. This library can then be used by applications to do secure, anonymous contact tracing. What’s being offered is a way to end the lockdowns sooner, whilst not infringing on your privacy. But apparently you prefer to be responsible for more deaths, or give up your rights of free movements for longer, rather than accepting an elegant and privacy preserving solution that would allow us to regain our freedoms with minimal casualties sooner.
Also: “behaving like” is not namecalling. Words have a meaning. Please use them properly.
Not sure what country you live in, but over here, the healthcare institutions are pretty open about this stuff and have set up their own information sites that don’t depend on the mainstream media. We know that people die due to the virus; that’s not even under discussion anymore. If that’s the best you can offer to the discussion, I suggest you stop bothering.