Another important distinction is between an “app” and a “protocol”. What Google and Apple are delivering is a protocol, and presumably a central server to receive the reports. They may accompany this by an app, but it will be one among many.
Singapore seems to use something very similar to what Google and Apple are doing, but they’re also storing your phone number when you create an account. And there’s a way for the authorities to deanonymise the people you’ve been in contact with. So it’s not “privacy respecting”, regardless of what they claim (whitepaper here).
France is using a scheme that apparently is also not privacy protecting, but I can’t really discern that from the whitepaper. However, the people behind ROBERT have acknowledged this flaw in their response on a Github issue on the subject. I’m not sure whether France will fall in line with the rest of the EU to guarantee interoperability, or whether they’ll dig in their heels and stubbornly continue with their own incompatible implementation. Knowing the French, it could go both ways.
Australia apparently is also doing its own thing, but I haven’t found any details on their implementation in the short time I’m willing to allocate today. It appears to be similar to Singapore’s approach though, and also requires a phone number to create an account, which raises some red flags.
All of these implementations are (or will be) open sourced so the public can inspect them. All of them are, for now, entirely voluntary. And that’s unlikely to change for reasons I’m not going to repeat.
In conclusion: sure, some countries are doing their own thing, and left to their own devices, it appears quite a few of them are bungling it. That’s precisely why Google and Apple are pushing for this: in order to have one standard and secure way of doing this across the globe. Because COVID-19 does not stop at the border. Having one standard way of doing contact tracing is greatly beneficial because it would make the data relevant across borders. Because people actually do cross borders on a regular basis. Google and Apple represent the majority of mobile phone users. That’s why they are in a unique position to push for a unified and privacy respecting approach to contact tracing.
That too will presumably be incompatible between the Google/Apple effort and the efforts of individual countries.
This could break the anonymity. Collecting any personally identifying information (name/alias, mobile number, age, approximate location) during registration seems like it is undermining the anonymity guarantees.
Exactly what information is sent to a central server and what information is sent to a peer remains to be seen.
Normally, yes. A country could perhaps argue that while there is any need for this app, that won’t be happening, or will be restricted to certain countries.
If an app transmits a true random, meaningless, unique id that is generated on the phone and which changes fairly frequently - and that is all that it transmits then that is about as close to anonymized as you can get.
However
you are trusting that there are not Bluetooth listening devices around that record more than just the id (those devices could be modified clients or they could be dedicated devices - the obvious additional data point would be the physical location)
you are trusting that the app really does transmit only the id (and that it does not even have access to any PII)
you are trusting that the host operating system is doing Bluetooth address randomization and doing it well
you are trusting that your device cannot be profiled in order to reveal a little more information about the device itself (this would particularly be the case if WiFi is also enabled but potentially also via the cellular modem) - or a related similar attack where information via the app is correlated with information via one or both of the other two radios - Hardware Kill Switches anyone? - but I think the L5 does not allow separate control over WiFi and BT i.e. would have to have both “on” and then software disable the WiFi
WiFi has always had that problem i.e. if in a public place (or any place where not planning on using WiFi) then WiFi should be turned off. Otherwise you leak too much info. On hardware that has a Hardware Kill Switch that means using it. On other hardware that means disabling WiFi in software and hoping that it does something - and it probably does.
I always have BT off except when in the car so BT has never before been a conscious consideration for me. (Does contact tracing work car-to-car e.g. when stopped in traffic? That may be some false positives.)
However the whole COVID thing has highlighted that good hygiene extends beyond a mere virus to include wireless protocols too.
You shouldn’t be sharing your viruses any more than you should be sharing your data. The Librem 5 is an anti-virus.
From what I can tell from jrial’s posts, he appears to be either not an American or he is a naive American. You need to go back to the source of the issue as a first step. The first time someone’s rights are violated, we don’t start making justifications and excuses about how there is no one harmed by the violation and talking about the good that can result by violating people’s rights. The intervention from Google, Apple, and the government simply stops there and that is where the story ends, or at least where it should end. I would rather see a few million people die of a virus and be amongst them myself, then to institutionalize the violation of people’s rights because some big company or the government supposedly knows better than I do, what should be good for me and then to implement their choice which circumvents my rights, against my will. Whether or not the contract tracing program should be installed to my phone should be up to me and me alone. Until my government acknowledges that this should be my choice, I know that I definitely don’t want it on my phone. And that’s where it should end. I can be reasonable. But it should be my choice. There are much worse things than dieing from a virus. And many of them can start with an innocent-sounding program being installed to my device against my will. The precedent caused by tolerating this intrusion is not worth the lives saved. Many if us have come to accept the trade where we get some services for free in exchange for letting Google and Apple spy on us. But any government mandate to force these kinds of arrangements is very dangerous.
If I had a Librem 5 in my hands then this wouldn’t be an issue …
If you have a later model spiPhone then you got the Bluetooth contact tracing framework installed on your phone whether you like it or not (if you let it install updates at all - and sooner or later you will need or want an update).
It’s worse than that. With Android, the updates are forced within a few day window. This only gives you a choice of exactly what time of day the updates get made. But you get zero choice that within the few day window, you’re going to get the updates. The Covid 19 app has already been pushed to my phone. Looking forward to getting my Librem 5.
Not updating my iPhone now. I don’t see any features I need from Apple where I will need to install them.
Plus, the Librem 5 comes is going to be a brand new (and awesome) phone. Hopefully it comes before the iPhone dies (for whatever reason). If not, a flip phone, or Nexus 5running UBPorts, should hold me over.
If you have an iPhone, not updating to 13.5 or higher will keep the API off your phone. Unfortunately, I didn’t update my SE before and now either have to keep it on iOS 11 or go to 13.5.1. Apple used to keep one or two older versions signed and usable, but not now.
I would rather stay in lockdown than have even more surveillance. Being much more diligent about keeping radios off even though I’m running 13.4.1 without the API.
I think if you check, you’ll find it doesn’t tell “if someone nearby might have it.” The phone won’t know that.
IF, for example you passed by someone in the grocery store, and days later, they are diagnosed positive COVID, then you and others that were near that person will be singled out and told what to do; i.e. report and receive the attention as described by your country’s policy. Enforcement is up to the local country.
Now that both Google and Apple have decided to hard-wire the ‘app’ into new phones so it won’t be optional means it will be used for a wide range of surveillance. How about that. People will spend hundreds of dollars for a digital leash, pay monthly fees to have it Stalk, Monitor, Record and Control (SMRC) them and they’ll love it because in exchange for all the cost in money and privacy, they can get facts off Facebook and learn to live their lives the way they are told to.
“It’s not that I have something to hide. I have nothing I want you to see…” Anon
An app that is based on this framework is recording proximity, proximity to everyone, regardless of whether that person is currently positive or is diagnosed in the future as positive or tests negative in the future or is ever even tested.
Theoretically the proximity data is only used when a person tests positive but …
Theoretically the proximity data is deleted when it is too old to be useful but …
Proximity is defined by distance and duration - and that may vary from app to app i.e. country to country.
You know it. I’ll quit using the app first, or at least try not to update them, although the iPhone won’t update apps that the update won’t run with current iOS. As far as I know, I only have one app that will stop working once it falls behind two versions. Everything else is capable of being years out of date and still work.
Or in my case the web browser kept on locking up and in desperation I let it upgrade to 13.5
On the spiPhone, the setting can be accessed in more than one place but one of them is
Settings - Privacy - Bluetooth - COVID-19 Exposure Logging
I have that “off”, I have Bluetooth “off”, and I don’t have an app installed that uses the new COVID-19 functionality anyway … so hopefully I am safe, but as always with a blackbox phone that has to be taken on trust.
That depends entirely on which flavour of Android. My Galaxy S5 is running the same LineageOS 14.1 (Android 7.1.2) which it’s had since January 2018. Yes, it’s old. but since there’s nothing wrong with it, I see no need to install a newer version of the OS.
Admittedly, I am nowhere near a typical phone user (the last time it connected to the cellular network was an accident when I hit the airplane mode control instead of the wi-fi enable control), but there’s no reason to just let your phone do what it wants when you can just wipe it and install an OS which gives you more control.