[cm2187]

Well, let's keep in mind it is decentralised, so only people who have been in contact with you can correlate it with your location at a given time in the past. Not the whole world nor a central authority.

And even is someone goes to that extent to track your identity down, I am not sure that local de-anonymisation is a problem. This is not something like HIV. I don't think there is any social stigma to catching the coronavirus. If you catch it you should self-isolate, and it will be obvious to the people around you that you got it. And if you don't want to self-isolate and want to hide it, what is the point to self declare that you got contaminated on the app in the first place?

[jstarfish]

> I don't think there is any social stigma to catching the coronavirus.

"In Mexico, Colombia, India, the Philippines, Australia and other countries, people terrified by the highly infectious virus are lashing out at medical professionals — kicking them off buses, evicting them from apartments, even dousing them with water mixed with chlorine."

https://www.washingtonpost.com/world/the_americas/coronaviru...

...and these are cases where the victims don't even have the virus.

Disease has always carried stigma. We tend to lash out at things we don't understand. History has seen everything from leper colonies to menstruating women herded into tents.

You or I may be able to rationalize it and say "well, shit, the test was positive-- time to self-isolate" but plenty of plebes will use it as cause to incite a witch hunt, especially if a loved one dies from it and transmission is attributable to you.

[cm2187]

OK, that's a fair point, but it would take someone uneducated that believes in the stigma to also be a tech wiz to collect and correlate the data. Presumably the app won't tell you when and where the contact happened (and if so, no implementation of contact tracing is anonymous since the app won't know that you were in a busy bus full of strangers or in a small office with a single colleague).

[jstarfish]

> it would take someone uneducated that believes in the stigma to also be a tech wiz to collect and correlate the data

Not quite. It takes a wiz to collect and correlate the data, yes. What happens to that data after that? For it to be useful, it's going to get stored somewhere. All it takes is an uneducated clerk or bored intern with access to go snooping around the de-anonymized data to compromise anybody implicated.

And this does happen routinely.

* Facebook, Uber and Google have all had problems with plebes (and tech wizzes!) with god-tier access doing inappropriate things with sensitive data.

* Bored data entry clerks with access to the credit reporting database routinely snoop on neighbors', exes' and celebrities' credit reports in spite of federal law.

* Revenge porn is such a thing that rule 34(a) ought to be that if you produce nudes, your confidant or Geek Squad/iRepair technician will post them on the internet.

* Look at how often people get doxxed by employees leaking customer PII onto reddit and 4chan, then look at how fast the mob descends on people innocent of any actual wrongdoing.

* We've seen a secretary get her hands on the Pepsi formula and try to sell it to Coca-Cola.

* The people living in the geographic center of America continue to receive death threats and harassment because of a flaw in outdated MaxMind databases that attributes ungeolocatable IPs to their location.

* There are people who refuse to participate in the census because of what certain cults of personality have done with such data.

Any chain of confidentiality is only as strong as its weakest link. You presume far too much intelligence and rationality on the part of humanity. Never forget that half of Americans wanted a belligerent narcissist to be "leader of the free world," and he still has supporters despite publicly recommending anti-parasitics and Lysol douches as solutions for a global viral pandemic.

Sensitive data is not created and left to decay in an underground bunker in Yuma. Despite its practical uses, at some level it will be exposed to individuals who lack discretion and will be exploited to malevolent ends.

Not once in human history has it worked out any other way!

[azinman2]

The deanonymized data doesn't exist except on your own device.

[Reelin]

It's a bit more complicated than that. What's being suggested here is that it would be possible for a bad actor to observe all Bluetooth activity over a large area. They could then use a diagnosis key to reconstruct someone's path through this monitored area, and then deanonymize that person by combining their path with other data sources. Later, an uneducated and hostile individual might somehow gain access to this deanonymized data and abuse it.

[nsgi]

Couldn't they do that for anyone with bluetooth on, whether or not they're using the app? I get that knowing they have Coronavirus might make them a bigger target, though

[azinman2]

That would work if there's just 1 person who is crossing the path, and you're able to physically identify them. If it's a crowd of people, you won't know who was what device unless their device is immediately next to the evil antenna. This isn't very realistic in practice, and is very unlikely to become common place world-wide. However, the virus IS already world-wide, and is a giant threat to many.

[wtmt]

People who are educated tech wizards can also have the same stigma. There are many factors at play in places that have more diversity and existing problems between communities (like race, religion, class, etc.). Hopefully, like you said, the app won’t tell you when and where the contact happened. But we still need to make sure that we have as much privacy protection as possible while making this useful.

[wtmt]

> I don't think there is any social stigma to catching the coronavirus.

Sadly, this is not true in India. Infected people have been threatened by their neighbors and friends with death. Infected people have also been harmed. Doctors, nurses and healthcare workers who have been caring for COVID-19 patients have been evicted from their houses or physically harmed (the latter forced the government to bring an emergency law providing for stringent punishment for those who attack healthcare workers).

I’m guessing that there will be a social stigma depending on the culture as well as other factors like the mortality rate (if your area has a higher mortality rate, then you’d likely hate infected people and take matters into your own hands).

Humans can very quickly develop irrational fears and react on that.

So there is a huge need to preserve the privacy of those infected.

[0xBeefFed]

So all of the tokens are being put on a central server. Today, governments use WiFi and Bluetooth to track traffic. It is not far fetched to see that your commute from point A to B could be tracked using Bluetooth receivers in transit stations.

This technology is currently being used to track people today. The use of Bluetooth address randomization does not do a sufficient job to prevent this, the only option is to not use Bluetooth.

It is important that people are aware of these risks. I am fortunate to live in a place where I can live my life without scrutiny from the government, but not all are afforded such a luxury.

[cm2187]

Even if they do that, they can only track the people who self report as contaminated for the period during which the self reporting applies (i.e. n days before testing positive). Not before, not after.

But I just can't think of a system that achieves contact tracing while no one having any idea of the whereabouts of a person who self declares as contaminated. At one point the person who self declares has to volunteer to disclose some information.

[0xBeefFed]

I think its important to give the power to the people by allowing them to omit tokens from sensitive time points. In the current protocol, that means losing a whole days worth of contacts. If you reduce the period to an hour, you still allow people to share the contacts made on their commute or their lunch break without divulging or tracing them back to more sensitive time periods they don't want to be traced back to.

[cm2187]

That’s one side of the ethical question, but what about the other side, what about the people who have been in contact during the period where the infected person would rather not have its location disclosed?

And it is a bit theoretical, as the authorities who have the capability to track your blutooth across the city have many other ways to track you (starting by calling your phone service).

What I object here with the NHS is the creation of one more tracking database with the explicit intention to let some researcher roam through it to find something interesting.

[0xBeefFed]

I appreciate you looking at the other side. To explain my view point, in this system it seems like all of the risk is put on the infected party who reports themselves. By decreasing the level of control they have, I believe you will see a decrease in the number of adoptions. It is valid to think about the non-infected user wanting to have this information, but today they don't even have this information so to even know they were exposed on their commute is above and beyond what is in place today.

I guess my original comment is a bit vague. When I look at these protocols I am interested in how large scale adversaries (Nation State) would use this technology, but also small scale adversaries (day-to-day person you are not friendly with). I think its also important to note as others have, that being outed as having the virus does put people at risk of violence in some places.

[closeparen]

Telling people when they've been exposed is not a kindness we might extend from the goodness of our hearts when convenient. It's something we must get right, every time, or the conditions that require lockdown today persist until vaccination. We cannot afford people out and about making untraceable contacts three weeks for now, any more than we could three weeks ago.

Every person is a danger to society until this is over. Release is out of the question. The choices here are continued incarceration, or parole.

I can sort of imagine a libertarian solution here, with truth in labeling: as long as I can tell before I get within six feet of you whether you share a connected component with any conscientious objectors, then I can make my own decision about risk. But I cannot imagine that many public places would permit entry to such people.

[TechBro8615]

> I don't think there is any social stigma to catching the coronavirus.

Maybe not. But there is definitely a social stigma about certain activities, like meeting your drug dealer or cheating on your spouse, which would be revealed through automated contact tracing.

[cm2187]

It would only be revealed to your drug dealer or to whoever was in the vicinity.

[candiodari]

And to the authoroties, who then promise to not violate that promise.

Except they refuse to be limited by cryptographic means to that.

Why? Because they demand the ability to change their promise in the future ... exact details to be specified. Perhaps “solving drugs” with contact tracing. At which point they have your data, you have zero control, and “your honour we can prove he lied: he was close to that drug dealer 5 times. Further details (such as that this happened in the train station and 5000 other people were also close) cannot be confirmed because that would violate privacy”.

This is the government that got caught letting police officers stalk their ex for 2+ years and then initially arrested the victim for more than 2 weeks when caught. Let’s not pretend they’re above doing this, especially since it’s become increasingly clear this contact tracing is the police’s wet dream.

[closeparen]

With any luck, we will create stigma a hundred thousand times more powerful against deliberately helping the virus spread.

[tomjen3]

Try to walk through a public place with one of the medical masks (if you can source them). Practically everybody moved as far as they possibly could.

But yeah there has been lots of stories about medical personnel who where thrown out of their rented places because of the fear of the virus.