[red0point]

Valid point. DP3T (in one configuration) adresses this and lets you filter out certain parts that you do not wish to disclose. Thus, this then requires you to upload all broadcast identities used in the relevant timeframe, but because of space-related issues is then „compressed“ using a Cuckoo-Filter. This, however, yields false-positives. To eliminate those to a managable amount, it further requires more space.

So, this has a tradeoff. Personally I don‘t think that linking multiple IDs in a day is a big intrusion of your privacy (and remember, it‘s only disclosed to anyone for the timeframe that is epidemologically relevant) - full de-anonymization still requires some second channel, such as cameras or the like - which can be linked together without those Broadcast IDs anyways.

[radicalbyte]

The thing with Bloom/Cuckoo filters is that you can play around with the parameters and, for example, provide a set of filters for a day in such a way that the app users can do a binary search.

It never provides a false negative so all positives can download their set-up filters until they're satisfied.

The filter that DP3T are describing isn't that much bigger than the DTK set anyway.

[0xBeefFed]

The unlinked DP-3T is one extreme, there is a happy medium if developers don't want to use Cuckoo Filters or Bloom Filters due to false positives, which is to decrease the linkable period. If the period was an hour, people could freely share legitimate tokens for their commute, but hide the ones where they had an hour long 1-1 with their manager.