I've seen all sorts of solutions put together by municipalities big and small from counties to states to countries and everything in between during this whole Covid thing and the thing that struck me is how easy it was for them to essentially track you with perfect precision and tie it back to a phone number.
> Except it wasn’t hastily built
They were built very hastily with little oversight with iterative beta cycles in plain sight.
> nefarious way that you’re implying
I didn't imply any nefarious intent what so over. All I implied is that your location data is being tracked and put into some database somewhere and you don't control it.
Who has this data? No idea.
How will it be used a year from now? 10 years from now? No idea.
Does it draw more energy on my device or use more processing power? No idea.
When you say Apple or Google installed, I assume you’re talking about exposure notifications that they built. I work at Apple and witnessed it. Nothing about it was slapdash and privacy was #1.
In this system, it’s not easy at all for government agencies to track you. That was very explicitly part of the design, as is shown in all the public docs. It’s not like how it works is a secret [1].
Your location isn’t being tracked and put into a database. Nothing about exposure notifications uses location.
I honestly just don't believe that it can work well enough in some places. Especially here in Hawaii where gatherings are on a beach and people leave their cellphones in their car or backpacks or whatever. I was even recently at a camp where people were sharing a blunt and there wasn't a single phone in sight cause it was out of signal range. Could have easily been a super spreader event and the tech solution would have failed.
What are you even trying to draw attention to here? This appears to be using the EN framework, which suggests it wouldn't have been approved for distribution if it collected any personal data or location information.
I get that you have an axe to grind here for some reason but I'm not even sure what point you're trying to make.
Exactly. It's not like Exposure Notifications are meant to solve every single spreading case out there -- many people aren't even opting into it. But we need all the help we can get, so why not chip away at the problem?
I have no axe to grind at all. I'm just saying why I personally don't use it. I don't really have an opinion one way or the other. Please don't be so angry with me.
> All I implied is that your location data is being tracked and put into some database somewhere and you don't control it.
This is patently wrong. Exposure Notification apps (those using the official APIs, anyway) have no access to location APIs. The absolute worst they could possibly do is to log your IP address when you reach out for new data, but this is also true of every app you use, and every website you visit.
You don't really seem interested in understanding how they actually work, but if anyone else cares, https://ncase.me/contact-tracing/ is a pretty reasonable explanation.
It isn't fair to claim they were built with (1) no oversight, (2) hastily, and (3) out of plain view when you haven't even looked into how it works. AFAIK none of the implementations use location data.
There were many locations who built their own apps that did not follow this privacy model, or used it incorrectly, but for most cases "your location data being put into some database" is not accurate.
There is no amount of mental gymnastics you can do to turn “app that tracks when yours and other phones are together and does <something> about it” into something that is inside my moral boundaries.
Then I'd suggest you're not being reasonable at all, because the way it works is entirely consistent with a privacy-first methodology.
That <something> by the way is to take the database that's only on your phone (and never uploaded) and show only you an alert. That's it.
If this is immoral, but letting covid spread around the world and have people needlessly suffer because you refuse reasonable interventions, then I don't know what is moral.
You mentioned Apple & Google remotely installing something, so the only logical conclusion is that you're talking about Exposure Notifications (which btw are opt-in, not opt-out, so remotely installed is a mischaracterization here). If someone built their own solution and put it on the app store, then it doesn't really have much to do at all with Apple or Google outside of being distributed on their platforms, and certainly would never be remotely installed (at least on Apple platforms... I have no idea what Oppo might do in China for example, but whatever they'd be doing would likely be because some country law dictated it).
And that's really a shame. It has the power to make an even larger dent in the epidemic. This is the cult of ignorance at play, where mistrust of all institutions (heavily fueled by need to get clicks to serve ads) means we can't have nice things.
There's some truth in what you're saying, but mistrust of institutions is completely rational in light of history. Empirically, ignorance in this context would be unskeptically trusting institutions.
That it strays into the irrational at times is as human as the inevitable corruption that fuels the mistrust.
For someone without full knowledge of the technology to assume (in this case wrongly) there's a privacy issue is entirely practical. It's an assumption that will be correct far more than it won't.
People are responding to fear of past president. One could argue that it is highly unlikely that it will happen again. One could even PROVE that it is NOT happening again NOW - but you are still dealing with someone responding out of fear.
I feel like we are seeing the exact same phenomenon with (SOME) people who respond out of fear of catching the virus.
I would be really interested to learn more about why some people 1) are fearful of government tracking 2) are fearful of the virus 3) aren't fearful of either.
Personally I've watched my self move between all 3 over the past year - it has been a WILD ride
Yeah, that’s the claim, but it conveniently ignores all the metadata that ties a particular device to certain places/times/events based on the other rotating IDs they’ve seen. It’s like Nintendo 3DS StreetPass but bad.
You’re assumption about that and the full software implementation might be far apart. You can’t trust anybody with stuff like this as it will always be misused and abused until the perps are caught. The value of source code access is honesty.
If you have an iPhone and don’t trust Apple, you’re already compromised. Why would they wait for AirTags or Exposure Notifications to track your location when their entire OS is a black box?
The Canadian version of the app recently added “secure anonymous usage statistics”, which aren’t particularly anonymous (since all we have is their word that they don’t log your IP), and that aren’t particu secure (messages are encrypted with HTTPS but it’s not too difficult to infer the contents of the message based on their length). And, you can’t opt out of them.
I still have it on my phone (although at least within my house I’m blocking their metrics via pinhole) but I 100% understand why someone would not want it on their phone.
But the fact that they could be tracking which citizens have and have not been shown a "You have been exposed to Covid" alert, and there's no way to opt-out, is a little scary.
> What are you able to infer about the contents exactly?
Most days, you are not exposed to covid and you don't interact with the app. So most days, the app transmits a "background-check" event to the server. This means the contents of the message will be the exact same length every day.
As a passive listener, then, you can watch for days where the length of the message is abnormal, and then because there's only so many different kinds of messages that the app sends and they all have unique lengths, you can infer what metrics events must have been sent to the server based on the delta of the message lengths. You can figure out if a user has been shown a "You have been exposed to COVID" based purely on passive listening to traffic from the device.
but it could be used to essentially manipulate you to stay at home if someone went around town and then told the app that they have covid, which is nefarious enough
