+1 for analyzing the source. If you're concerned about the app, I suggest you read the specifications and reference implementations yourself. No more private information is disclosed than with manual contact tracing in daily use.
The electronic tracking element is at most as invasive as regular Bluetooth MAC rotation for static observers. That is to say, it can detect the presence of a device but not the identity of its owner. For identity to be disclosed, a peer meeting the transmission temporal window threshold would need to voluntarily disclose the ephemeral token it saw to AHS. AHS may recover the identity (phone number) at this stage, but it assumes that the peer has been clinically diagnosed and the peer has voluntarily contributed their tokens in order to interrupt future transmissions. The critical risk in my opinion is technically competent people muddying the waters without recourse to fact, given the apparent opacity of the system to the man in the street and the fertile public growth/acceptence of conspiracy theories (e.g. 5g). However, I'm at a loss to think of a more useful cryptographic privacy-preserving personal interaction protocol. This is not to dismiss dangers, which are real, or the existence vulnerabilities in this protocol (particularly when the source hasn't been verified). I also suggest looking at D3PT (https://github.com/DP-3T) which I think is the strongest of the pack, and has some interesting details (like the cuckoo filter). The proposed Apple/Google system call too, in that it also eliminates server side generation of ephemeral IDs. Somewhat related, I liked the books 'Dragnet Nation' and 'The Age of Surveillance Capitalism' too. On Wed, May 13, 2020, 8:18 PM TekBudda <[email protected]> wrote: > The only thing I am fearful of is how complacent people are in letting a > tyrannical government extend its reach even further into our lives. > while simultaneously and unnecessarily destroying out economy. > > On 5/13/2020 7:55 PM, Greg King wrote: > > Analyzing what the contact tracing app does is not supporting what it > does. It might make you more (or less) fearful tho...) Greg > > ----- Original Message ----- > > From: "TekBudda" <[email protected]> > > To: "[email protected] [email protected]" <[email protected]> > > Sent: Wednesday, May 13, 2020 7:18:33 PM > > Subject: Re: [clug-talk] Fwd: My side project doing app analysis > > > > While I applaud your sons initiative there is no way I could in good > > conscience support anything that attacks & compromises peoples rights or > > privacy. Especially for something like the current environment. > > > > On 5/13/2020 1:07 PM, Greg King wrote: > >> If any of you have a hankering to contribute insight into into Alberta's > >> tracking app, my son has started a project to do just that. Other > >> countries have active discussions on the pros and cons of their > >> governments approaches to tracking citizens but Albertans have been > >> mostly mute. Here is a chance to delve in, understand, an make your > >> thoughts on the matter known. > >> Greg > >> ------------------------------------------------------------------------ > >> *From: *"patrick f king" <[email protected]> > >> *To: *"Greg King" <[email protected]> > >> *Sent: *Wednesday, May 13, 2020 10:48:36 AM > >> *Subject: *My side project doing app analysis > >> > >> Hi Dad, > >> > >> My side project doing analysis on the government's contact tracing app > >> is live > >> > >> https://github.com/abtt-decompiled/analysis/blob/master/analysis.md > >> > >> Feel free to forward to any other techies you know! I've been chatting > >> with a few others, mostly Australians looking at their app, and I'm > >> hoping they get a responsible disclosure setup in place for the app soon > >> ... > >> > >> Patrick > >> > >> > >> _______________________________________________ > >> clug-talk mailing list > >> [email protected] > >> http://clug.ca/mailman/listinfo/clug-talk_clug.ca > >> Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > >> **Please remove these lines when replying > >> > > > > _______________________________________________ > > clug-talk mailing list > > [email protected] > > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > > **Please remove these lines when replying > > > > _______________________________________________ > > clug-talk mailing list > > [email protected] > > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > > **Please remove these lines when replying > > > > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying >
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
