[pintxo]

In case you test positive, and we actually have the resources to trace your contacts, your privacy will be gone in todays system for sure.

As you'll have to provide information about your recent contacts to the authorities performing the contact tracing. At least that's how I understand our local law (Germany).

So I don't think its necessarily worse doing it with an App than doing it the old fashioned way. Sure digital traces are always easier to abuse, but then on the other hand, because things get automated, actually less people might get access to your data. Which would be a privacy win.

I believe what's even more important than how we design the app, is how we design the legal framework around it. We do need rock solid laws, having enforceable data retention periods, and that limit access to the pare minimum needed.

Unfortunately, our track record for the design of such laws has not been too good over the last years.

[TechBro8615]

I can assure you that most people, if they were buying drugs or cheating on their spouse, will omit certain contacts from any “manual” tracing effort.

[Reelin]

I'm not sure if you intended that to be positive (ie tracing might be more complete in some cases) or negative (ie concerns about not wanting to reveal certain data). I'm going to go ahead and respond to the negative interpretation in case any future readers interpret it that way.

This is true, but I think a DP-3T like protocol (ex the Apple-Google spec) doesn't actually pose much risk here. The hypothetical drug dealer or other illicit contact can receive a notification that they were potentially exposed to someone that was infected, but in general no one else (a police officer, a spouse, etc) will be able to determine who was in contact with who.

In order to link someone to a particular location, you would need to observe their broadcast identifier while they were there and also link their diagnosis key back to them (this is likely to be quite difficult for most actors to accomplish).

In order to reveal a contact between two people, you would either need to do the above for both of them or to observe at least one of them at that location and time in some other manner.

[TechBro8615]

I’m sure the protocol is fully privacy preserving, now. But if we give an inch, the government will take a mile. This is about normalizing self-surveillance and isolating ourselves in response to notifications on our phone. Sure, the tech is privacy-preserving now. But who’s to say an emphasis will remain on privacy in future iterations of the technology?

Personally, I will not opt-in to this technology, and if forced to use it, I will leave my phone at home. It’s a small act of civil disobedience but it’s a necessary one IMO.

It’s alarming to me how so many in tech seem welcoming of, even excited for, this technology. I say this as someone who wrote my senior thesis on a subject related to privacy enhancing technology, so I’m familiar with the ideas.

[Reelin]

> It’s alarming to me how so many in tech seem welcoming of, even excited for, this technology.

It gets contact tracing right by accomplishing the goal while yielding almost no ground on privacy and remaining almost entirely offline. In an ideal world, all new technologies would be implemented in such a focused manner without regard for turning a profit.

I'm puzzled by your concern about normalization of self-surveillance; everyone I know has already voluntarily made drastic alterations to their behaviors due to current circumstances. I really don't see what introduction of this technology changes.

> who’s to say an emphasis will remain on privacy in future iterations of the technology?

If people don't object to widespread state surveillance later, would they have objected now? I don't see why a decentralized technology specifically built to prevent surveillance should lead to an increase in acceptance of it.

[0xBeefFed]

The difference is that the old system relied on human memory which is fallible, not to mention you can omit details which would lead to further trouble (infidelities for one). In this system the only control a user has is to turn off bluetooth, or leave their phone at home if Apple/Google override the users ability to turn this off.

[skybrian]

I think it's up to you to upload the data? It seems like it depends how the app is designed. The protocol doesn't specify it.

[0xBeefFed]

The protocol states that it will upload the Diagnosis Keys, a set of Daily Tracing Keys relevant to your exposure. So in short, if this is the case it forces the user to either upload all their keys or none.

I would like to note that a v1.1 has recently been released, my information is about v1.0.

[Reelin]

The specification (at least v1.1) contains nothing about uploading keys. The API appears to provide only the minimum required for protocol implementation.

The ENSelfExposureInfoRequest class can be used by an app to obtain diagnosis keys for the previous 14 days. What an app does with those keys is up to whoever implements it.

https://covid19-static.cdn-apple.com/applications/covid19/cu...

[0xBeefFed]

That does not seem to line up with their cryptography specification, which is where I am getting my information from. Thank you for mentioning this

[gruez]

I thought only the DTKs are uploaded? That is, you can censor your activity on a day-to-day basis but not on an hourly basis.

[closeparen]

Under what circumstances do you think it would be okay for an infected person to hide their contacts? Surely you’re not valuing your marriage over the lives that will be lost in the resulting spread?

[0xBeefFed]

If a user is in close confinement with someone they fear will lash out at them if they test positive, for one. Off the top of my head, lets say you take an Uber home and the driver now has your home address, you don't know if they will try and attack you.

This is an example off the top of my head, as other comments in this thread have explained, violence against people who have the virus is happening around the world and is something that must be accounted for in these protocols.

Edit: a link to a story from another comment (https://www.washingtonpost.com/world/the_americas/coronaviru...). I hope you can see that this technology can worsen this.

[closeparen]

The system doesn’t say who your affected contact is, only that you have one. The driver has no way of knowing it was you.

[0xBeefFed]

If you have a Bluetooth receiver logging the different IDs you've come in proximity with and when, its easy to deduce who the positive user is by who you were in proximity of at that time.

[burke]

This is why the Framework only reports matches with a very coarse granularity.

[closeparen]

At what time? It could be any user you’ve been in contact with for two weeks.