[chvid]

I think this is a quite reasonable design that also takes into account basic privacy concerns.

I can see the central component can be used to better protect against certain spam-like attacks as mentioned under the section "Notification issues". And also can provide potentially better tracing as mentioned in the section "Centralised vs Decentralised".

[chvid]

For example (from the paper) in a decentralised approach how would you protect against:

The targeted false alerts problem

Assume an attacker wishes to target a particular user and cause them to self-isolate. They can get sufficiently close to the target to create a proximity event that will score as high risk. If the attacker self-decalres symptoms, in the process submitting this contact event, the target will be notified to self-isolate

The mass notification problem

Consider a malicious user, who can collect broadcast identities from around a particular area, such as a hospital, and record them all.

They can register a malicious pseudo-device and generate realistic-looking but entirely fake contact events for all the BroadcastValues it has observed.

[joshuamorton]

> The targeted false alerts problem

You require, for example, a registered healthcare provider to approve the act of marking yourself as symptomatic. Which basically means that you can't mark yourself as symptomatic unless a doctor agrees/diagnoses you, which is a good idea anyway, given the amount of people who are like "my flu in december must have been COVID".

[chvid]

But that would be a quite a different app from what is described here; as far as I can see self-diagnosis is how you use the app.