[grujicd]

Ok, this is getting strange. There are two ways to get test results:

- it's automatically sent to email (if they have it)

- you can download it from ezdravlje.rs portal

The test I shared above is the one I got on email. However, I went to portal, downloaded pdf, and now I have two copies. They're different! IDs and all the data are the same, but QR codes are different.

This is the new one: https://pcr.euprava.gov.rs/validate.php?cqcode=1641923234g3D...

Timestamp on new pdf is: 1641923234, which is GMT: Tuesday, 11. January 2022. 17:47:14

So it appears that timestamp is related to when pdf is generated, and when you download it from the portal it's generated at that point of time, i.e. there are no pdf documents sitting on government server!

So this timestamp is definitely no proof of forgery. But test ID might be - that one is still suspicious.

And one more thing, when I switch tabs with my two QR codes - page content is the same but shifted a bit. I didn't look into html/css to see what's different.

[grujicd]

I have 2 more datapoints. My wife went with me to the testing on the same date. If you're negative on rapid test, they usually take PCR as well. Since she was negative on the first one, there was a PCR too. These are her QR urls:

Rapid test:

https://pcr.euprava.gov.rs/validate.php?cqcode=16415703349MJ...

Timestamp: 1641570334, time: GMT: Friday, 7. January 2022. 15:45:34

PCR:

https://pcr.euprava.gov.rs/validate.php?cqcode=1641924832NyL...

Timestamp: 1641924832, time: GMT: Tuesday, 11. January 2022. 18:13:52

I downloaded PCR from portal today, that's why it has today's timestamp.

What's interesting is that her test IDs are 7601574 and 7631146 while they were taken within 15 minutes from each other. There's some 30k difference, and I think Serbia runs around 40k tests a day. PCR samples are sent to central lab and processed later, that would explain why PCR's ID is much higher.

However I don't think we have definite proof of how these test IDs are generated. Different labs could be assigned batches of IDs, PCR tests itself could have preassigned IDs (you can see they have same ID when you're tested, but I'm not sure it's the same ID as presented in results). If test ID is generated when results are inserted into database, then they should always be incremental and Novak's test IDs point to forgery. But there could be other explanations.

My conclusions:

- timestamps are not proof of forgery

- test IDs are suspicious, but we can't be sure.

[djoko_research]

Intro: Looking at covid19.rs/homepage-english/ I can see that there was a total of 1.444.532 people tested and the data is marked for 10.01.2022 at 15:00.

This is exactly the same as here: https://ourworldindata.org/coronavirus/country/serbia

So I'm assuming that this dataset can be trusted.

The point:

From the dataset: Date: 2021-12-16, new tests: 13690.0, total tests: 7032035.0 Date: 2021-12-22, new tests: 14808.0, total tests: 7107851.0 Date: 2021-12-26, new tests: 9265.0, total tests: 7158932.0

As We can see Djoko's "ID" (7371999) is much larger than total number of tests for 26th of December 2021 (by 213067) and for me this furthers your point that We don't know how this number is generated. (It seems to be sequential, but is it?)

[pajowu]

Hey, it'd be great if you'd reach out to zerforschung at hallo@zerforschung.org :)

[grujicd]

I've sent a brief email with links to these posts. Let's see if they publish a correction!

[msuvakov]

They probably generate ID when results are stored in database, not when samples are taken. Difference in processing time explains this. What are the dates of result (stated at the bottom of the pdf)?

[truthhunter]

Another question: Are all results displayed in green color, also the positiv ones?

[arliebeach]

All valid reports ("Report is VALID!") - both negative and positive tests - are in green color (Bootstrap 3 class .alert-success).

All invalid reports ("Report IS NOT VALID!") are in red color (Bootstrap 3 class .alert-danger). You can see it when open https://pcr.euprava.gov.rs without any subdir/script/query string.

[truthhunter]

Thx, for the feedback. In germany it's quite unusual to display the positive test in green, that's why I asked.

[arliebeach]

Initially, I had the same thought. Greetings from Germany too :-)

[grujicd]

Green/red have the same semantics in Serbia as in Germany.

This green for positive test mean just that QR code and associated test are valid, not that it’s good or bad. Positive test is bad in the first 14 days but after that it’s good - it gives you same rights as if you were vaccinated. But it’s the same test in both cases and green just tells us it’s a valid document.

Digital certificate is different kind of document. That’s the one you need to enter restaurans, bars, etc. after 20h - it will be red if you don’t fulfill conditions, e.g. vaccination or positive test within last 6 months (but not within 14 days), etc.

In programer’s lingo, test result is const, while digital certificate is a function of multiple conditions in context of current date/time.

[mandarino]

Great analysis!

[DominikPeters]

Can you see from your records whether the confirmation number (i.e. 7601263-535518) is fixed at the time of the report, e.g. sent as part of the email? An alternative that comes to my mind is that the number is assigned when the report is first generated, which could in principle explain why Djokovic's numbers are out of order if the first time he accessed his PDF was on 26 Dec.

[grujicd]

My two PDFs with different QR codes have the same test ID (7601263-535518). So that one is not generated on the fly. But we don't know 100% if it's generated on database insert (altough it very much looks like that), or if there are some batches depending on lab, PCR batch, etc.

[zo1]

This is super important for everyone to see. The timestamp is not proof of time of test but rather the time that the test was "generated" for download. Anyone prominent on Twitter should respond and assist with this information.

I've done these kinds of systems many times in the past and there could be any amount of reasons why a timestamp is included like this. Especially with weird government regulations, policies and rules that mandate all sorts of info to be included inside government documents. Like adding a year or date to when a company was registered to a company's company registration no.

[kkjjkgjjgg]

Nah, let's just run with the story first, could generate a fair amount of clicks!

[SpicyLemonZest]

I've been beating this drum for a while, but HN really needs to just ban direct links to Twitter threads. I can't remember the last time I saw one on the front page that was actually true.

[aspenmayer]

So new policy is to shoot the messenger, then?

[SpicyLemonZest]

When the messenger is spreading false information all the time, yeah, you shouldn't let them be a messenger anymore. I wasn't being hyperbolic: the vast majority of Twitter threads that I've seen make it to the HN frontpage, easily above 75%, are factually incorrect ragebait.

[aspenmayer]

Sucks to be the fourth messenger then. Blanket bans would also block post by amazing Twitter users like foone.

It sounds like you just don’t like or use Twitter. Is that accurate?

[penumbra_3]

Yup, its timestamp for creation of PDF. Just tested on my old PCR tests and timestamp i get in URL is from 11.1.2022. and PCR swab was done on 27.2.2021.