[the_mitsuhiko]

> Even if the transmission of a message is observed in the system (e.g. via communication metadata), it must not be possible to conclude that a person is infected himself or herself or has had contact with infected persons. This must be ensured both with regard to other users and to infrastructure and network operators or attackers who gain insight into these systems.

I don't think this is doable. All protocols that we currently have have the ability to reveal this information in one way or another.

There are two fundamental approaches at the moment: soemthing like DP-3T which uses TCNs (temporary contact numbers) where contacts exchange temporary numbers. On infection you download the list of infected people and compare on your device for matches. This fundamentally reveals who was infected. Then you have centralized approaches where you hand out encrypted IDs which a central authority can decrypt. In the latter case you can just create new device IDs which again lets you easily figure out which of your contacts was infected.

In the latter case you have the theoretical possibility to detect such behavior due to the sheer amount of IDs generated by participants.

Generally the attack vector would be someone putting a beacon to a super market and making pictures of people going in and out and capture their IDs. Then they could figure out later which of the people got infected.