Hacker News new | ask | show | jobs
by detaro 1829 days ago
Yes, it's fairly obvious that none of this works if you don't verify that the identity matches the ID (the yellow paper pass won't either!), but you can nevertheless expect that plenty places won't do that. Or even just see "app shows the right color and a QR code", there was an embarrassing amount of media coverage of the fact that if you set the system time in the future the German app will show the "right" color even if someone hasn't waited long enough after their vaccination... which of course has zero effect on if validation succeeds or not.
3 comments
the_mitsuhiko 1829 days ago
There is not even an app here, people just show QR codes from wherever they have stored them.
link
vbezhenar 1829 days ago
The only thing you should verify is photo. Because you can't really verify an ID either (other than checking a photo). So QR code should just encode a photo URL (and sign it) and QR scanner should display that photo.
link
bonzini 1828 days ago
Currently the image is retrieved via a very powerful distributed database with embedded authentication, consisting of millions of wallets and handbags. The authentication key is the name and date of birth, and is printed on both the pass and the medium that stores the image.
link
distances 1829 days ago
That would mean some centralized data store. I'd be against such a measure. Current approach is device only, with very limited risk of data breach.
link
vbezhenar 1828 days ago
May be it's possible to encode some kind of low-res compressed image in QR-code? I did not run the math. Or may be it's even possible to scan photo from smartphone display, run some kind of image hash and compare it to hash inside QR-code. This way it would be possible to work completely offline. I think it's called perceptual hashing, though I'm not sure if it's cryptographically secure.
link
dolmen 1826 days ago
The issue is not about compression (well, it could be).

It is is about the authority that delivers the QR code: if it doesn't have the data (photo) it can't produce the QR code.

For example, I have been vaccinated in April, long before the green pass appeared. No one took my picture at that time (and that's not the task of doctors to take pictures and store them in central database, for privacy reasons). I still deserves a QR-code to go out of home.

In France we have ID cards which can link a photo to the name and birth date. So encoding name and birth date in the QR-code are enough.

link
Yaina 1829 days ago
That's so strange, and almost suggests that the people implementing these apps don't understand the security model behind these codes.

Any information on the users phone can 100% not be trusted. It should just show the QR code. On the other hand the scanning App has to validate the signature, check if the dates are correct and display a big info that the QR is only valid if the name is the same as the one on a presented ID.

Maybe this should have been a design requirement from the EU spec.

link
logifail 1829 days ago
> the people implementing these apps don't understand the security model behind these codes

I'm not entirely sure that the people implementing the policies understand the 'herd immunity' model, nor the by now fairly comprehensive statistical data on who is and isn't at significant risk from Covid19.[0]

Q: If a healthy 18 year-old chooses to attempt to go to a nightclub unvaccinated, who exactly is put at risk from this?

[0] https://www.ons.gov.uk/aboutus/transparencyandgovernance/fre...

link
aj3 1828 days ago
A: non-immune people this 18-year comes in contact with later
link
logifail 1828 days ago
Public health bodies will struggle to convince healthy young people to take a vaccine that gives them very little direct benefit.

"Children's risk of severe disease from Covid is tiny, deaths are extremely rare and have only occurred in UK children with profound underlying and life-limiting conditions. The direct benefits to them of vaccination would be low."[0]

[0] https://www.bbc.com/news/health-57496074

link
aj3 1828 days ago
we live in society
link
logifail 1828 days ago
> we live in society

Insert quote from Margaret Thatcher from 1987?[0]

More seriously, there is no [longer] one approved way to live, thank goodness.

We rightly demand that larger / mainstream groups respect minorities.

At what point is it OK to stop listening or respecting minority views, and who gets to decide that?

[0] "you know, there's no such thing as society. There are individual men and women and there are families" https://www.theguardian.com/politics/2013/apr/08/margaret-th...

link
atoav 1827 days ago
I would take a vaccine to protect my grandmother.

I would even take a vaccine to protect some abstract person with a broken immune system whom I never met and probably never will.

I would even do that if the vaccine wouldn't help me (which it does).

It is called empathy and caring for each other.

link
MayeulC 1828 days ago
> Q: If a healthy 18 year-old chooses to attempt to go to a nightclub unvaccinated, who exactly is put at risk from this?

That person, plus every person they come in contact with.

Oh, you can compute the total "risk" of course. Assuming the person is contaminated and you put their personal "risk" treshold at an arbitrary 2% (which I just pulled out of thin air: chance of getting unacceptable side-effects: p(side_effect|contaminated)). You then have to sum that up for every person they come in contact with.

sum((1-vacc_effectiveness)*personal_risk*transmissiveness).

The real contribution might be even greater than that, as the contaminated will go on carry the virus to other people.

In theory if the number of people is large enough, you should be able to replace the values with average ones, but it's likely that 18 yo will spend more time with 18 yo than 70 yo.

To sum it up, herd immunity only works if enough people are immune (vaccinated). Everyone should feel responsible for it, even 18 years-olds (unless you take a very individualist view of life, which seems like a dominant feeling in the US: it works a lot like the prisoner's dilemna). Anyway, I'm just proud of performing my civic duty, I won't be a carrier for that virus.

link
ec109685 1828 days ago
That’s not how vaccine effectiveness works. There’s already a probability less than one of getting Covid if unvaccinated, and the effectiveness of the vaccine is the reduction from that.

So if over the course of their study period, 100 unvaccinated people got covid out of a thousand tracked, with a 98% effectiveness, only 2 people in the 1000 people vaccinated group would have gotten it.

So vaccines are really effective. Even more so for preventing serious complications.

link
logifail 1828 days ago
> chance of getting unacceptable side-effects

There are a considerable number of people out there - some of whom are young and healthy and at vanishingly small personal risk from Covid19 - who if you mention the phrase "unacceptable side-effects" their first thought would be of side effects from vaccination, not the virus.

The boss at my daughter's kindergarten had Covid19 last summer. She had to quarantine for two weeks, then came back to work. She told me (unprompted) that sitting out the quarantine was way worse than the virus.

Telling these people they are stupid or anti-social - or simply downvoting them :) - may not be the most effective strategy to make them change their mind.

How should society approach this?

How should governments approach this?

link