19
votes
Will you install the contact-tracing app on your phone?
Looks like governments around the world are going to start releasing tracing apps into the wild very soon. Now it's everybody's personal decision to install it or not.
So my question to you, tilderinos: Are you going to install it? Why or why not? What would change your mind?
Personally, I think I will if the app is going to be open source.
I know that Apple+Google's tracing framework is open-source, but I'm not sure if the app itself will be.
Personally, I'm not as stringent as them. But it's gotta be reasonably private. If it needs location services or stores personal info centrally, it's gotta be a no from me.
How are we expecting it to work if location services aren't enabled? I haven't really been following news about it. And even without location services, could it track wifi networks we see? I'm on iPhone myself and not too sure if that is an accessible API (of course if it's an Apple-made app that restriction may not matter)
AFAIK, it doesn't use location services or WiFi, just bluetooth. Your phone generates a random identifier that changes every 15 minutes, and when you go near someone else with the app, your phones share identifiers over bluetooth. All that data is stored locally on-device. Apple/Google have a database that say which random identifiers correspond to which phone, but they cannot see who's been in contact with who. If you test positive, you say so in the app and it sends a notification to all of the phones linked to the random identifiers your phone stored for the past two weeks. Source
I'll throw this out there - even if it does just need Bluetooth, don't be surprised if it asks for location permissions. I know on Android, requesting a Bluetooth scan requires the same
ACCESS_FINE_LOCATIONpermission that GPS requires, since Bluetooth can be used to derive a user's location fairly easily. I'd assume it would be the same on iOS.You're slightly wrong about the part with sending notifications. As far as I know from previous discussions, and the article you linked doesn't specify either, it works by publishing your numbers/identifiers. Could have a distributed network of publishers, a central location, whatever, doesn't matter as the data on it does not identify you, so beyond not publishing fake numbers, you don't have to trust them.
So with those numbers out there, everyone elses phones will continually look for newly published numbers that they have already seen in the wild. If that's the case, now that person will take action - quarantine, get tested, yada yada. This approach is better because I don't need to tell anyone who I've met recently. People just tell me the (perfectly meaningless) identifiers of infected people and I check if I've met them. I'm the king of my own data. In fact, unless shouting random numbers into the world worries you or you've actually come into contact with someone infected - you're basically completely off the grid. Just downloading a bunch of random numbers every so often.
The Australian version (which has already been released) works slightly differently to what you've described.
If someone tests positive, they can choose to upload their contact data to a database which can only be accessed by local health authorities, and the health authorities (contact tracers) then contact everyone to let them know they've been exposed to the coronavirus.
I will be pretty comfortable installing it as long as it's not legally mandated. If it is, the easiest way around that would be to not carry my phone when outside.
But then, if you later found that you were infected, you couldn't warn everyone? A phone sitting at home doesn't do anyone any good.
I really don't want to support the precedent set by mandatory tracking software, even considering that consequence.
I'm doing what I can already - limiting any kind of exposure with the outside world, wearing a mask when I do go out, using hand sanitizer. I even moved in with a couple of friends a month ago so now only 2 of the 3 of us need to go out every week, rather than each of us individually getting groceries.
How is this going to work unless it is installed and activated by default? Unless everyone wakes up one day to the app open on their phone, having been pushed by Google Play or by whatever system Apple has for remote-controlling their phones, with some kind of notice or consent prompt, I don't see the install base ever being wide enough to be actually useful.
I'd assume they (Apple/Google) would just push a notification/popup asking if you want to opt-in, and if so, enable/install your local contact tracing app. But yes, if they don't, and the user has to seek it out manually via the app store, there's no way this could ever be effective.
It won't be available on my phone's OS, a Google-free privacy focused fork of Lineage. I think I would not have installed it, anyway.
The app itself is managing the privacy issues pretty well. But there are unsettling upgrades being added directly to the Apple and Android OSes, and no guarantee those upgrades will be removed afterwards.
I haven't dived too deeply into the implementation, so I'd be interested to know what's concerning about the OS changes?
I'm not a security researcher, although I do work in privacy, and Apple has made some misleading design decisions in the past:
In my opinion, these "features" walk a fine line between user experience and privacy protections. While I assume Apple has somewhat altruistic intentions with its contact tracing protocol/app, I can easily see this be the beginning of a slippery slope of increased surveillance. I may be a bit jaded, but putting my faith in public corporations over governments as the lesser of the two evils doesn't sit well with me.
So far DP-3T seems to have the right idea, but as with all security, there will be bugs and even potential backdoors upon initial launch. I am keeping my eye on the contact tracing, but I have my doubts of its efficacy if it doesn't manage to overcome the human factor of adoption (if only it could spread virally!).
I agree with what you said, but I would like to offer a counterpoint about Apple. Bluetooth and WiFi are protocols, but they are also ways to connect to certain devices. Normal users don’t care one bit why protocols anything uses. Having “Bluetooth” off means “don’t connect to my car Bluetooth or other Bluetooth devices”. Having “WiFi” off means “this hotspot sucks, just let me use my mobile data”. For a normal user, neither of those use cases require the phone radio to be powered down and unused. Bluetooth beacons and passive WiFi scanning are completely different features from a user point of view. Both of those simply increase location accuracy. A user doesn’t care if location uses cell towers, gps, glonass, Bluetooth, WiFi, or carrier pigeon. If they want location off, they turn location off.
That being said, it is a slippery slope. We should continue to be wary of sliding, but do not discount it simply because it could be a slippery slope.
Crap. I was afraid someone would ask for details.
I don't recall specifics. My recollection is that there are OS changes which allow apps to 'phone home' as it were, even when the apps are not running, and/or when phone security settings show that apps do not have network-access permissions.
But again, all I really remember is that there were OS-level changes that were being introduced which made perfect sense for contact-tracing, but seemed ominous for future privacy issues, if they're not removed 'after'.
Can anyone else out there confirm or deny this, with some documentation?
Not available as in not in the official app store? Lineage is based on Android, so I assume most Android apps can be side-loaded.
I haven't yet bothered trying to install it on my Sailfish phone. I tend to just assume popular Android apps won't work, especially if they require things like GPS and Bluetooth, both of which the Norwegian contact-tracing app rely on.
Nutshell ... the app requires new OS-level updates to work, and the OS I'm using, /e/OS, has announced they will not be implementing those OS updates. So the app itself is irrelevant.
From their website ...
I already did.
The Australian app was released on Sunday night. I installed it last night.
I want to get out of lockdown, and getting enough people using this is one of the preconditions required before the government will consider releasing lockdown restrictions. Also, I'd like to be notified if I'm exposed to the coronavirus.
No, not going to happen.
Why? Any app whatsoever? A particular app that you have particular concerns with? Are you familiar with the way the more privacy-positive examples work and why they don't leak any sensitive information?
I don't want to normalize tracking apps like this. Even if they're "privacy-positive" (please help me understand what that means), once that cat is let out of the bag, it's not going back in. Frankly, I don't believe it's possible for an app to not leak any sensitive information.
Well, let me just say that unless you consent, the "model children" apps will literally only shout out random numbers into the void via bluetooth. No information whatsoever in those random numbers. (In fact I believe it usually happens by handshake, i.e. you can't even put a passive sniffer up, it'll have to be active and therefore detectable) The magic happens when you tell your app that you've been diagnosed. In that case, the app will have to leak a little bit of information: Which random numbers you sent while you were presumed infectious. Others can look these up, but they are only useful if their phone heard these numbers anyway. Otherwise it's just random noise. So who actually gets any personal info here? Anyone who has seen your numbers knows that they have been in contact with someone with Covid, and they know when. If they've been with only a few people at the time, well, that kind of deanonymizes you, but only as much as contact tracing would anyway. If they've been with a lot of people (public place e.g.), it's less sensitive.
If we get an implementation that follows best practices, it's literally as private as a public official doing contact tracing.
Also, that app is completely voluntary and as long as you don't get sick, there's no cat getting out of that bag at all. You just wipe it from your phone and it's all good. It's not the Patriot Act, it's just an app on your phone.
The worst attack I can come up with involves putting up an active tracker to figure out if a specific person has covid. You sniff all the numbers in an area and look for an opportunity where there's only one person and one signal is around. You can now match that signal's current random number to the person. If the random number is later declared infectious, you know that the person was diagnosed with covid a few days later. That of course involves some either a person tracking other people or a CCTV camera or similar to track people. If you scale this up with lots of sniffers everywhere, you could collect lots of these random numbers. If a bunch of them get revoked(i.e. declared "infectious"), you know someone has that kind of a movement pattern. Who? Dunno. Also, if several people declared their numbers infectious at the same time (possible by just waiting for a bunch of results before publishing the new numbers), you can't differentiate who is who. You get a bunch of Space/time points from several anonymous people. All of these attacks involve detectable "phantom" bluetooth signals. And all these attacks go to complete shit once people stop getting sick or just refuse to publish their random numbers. Which you of course can do. Even though it's kind of a dick move to let incubating people keep walking around.
There is so much bigger fish to fry, privacy-wise.
Probably not to be honest or maybe not. I dunno. It feels like surveillance with possible future abuse of it and if there is a right to opt out I think I will to just use the right given.
At the same time... I want to help the tracking of the virus to help fight it. It’s an odd dilemma between my, granted sometimes pretty over the top, fear of government abuse and misuse and just normal “this virus sucks”
Probably, although I'm not sure how effective it will be.
It won't tell me if I am at risk because my kids classmate has a father who was at risk.
It won't tell me if I touched the same shopping cart that an at risk individual touched earlier.
But right now we need all the help we can get.
Contact tracing is never going to be perfect whatever method they use, but that doesn't mean it can't be effective. It's about reducing population-level transmission rates by getting most exposed people to quarantine. That can still happen even if some connections are missed.
The only one that I'll be installing is this one - https://github.com/RaphaelJ/covid-tracer
I would love to use that app myself, but it seems you need a Mac to compile it for iOS, the phone that I use, and the computer that I use, a Windows computer, is not a Mac. That is unfortunate. However, I would absolutely be supportive of a FOSS app for something like this (although with an iPhone, I can’t be that supportive; eh, what can ya do).
I am inclined to install it unless early reviews indicate terrible problems.
Maybe.
I think initially I will take a wait and see approach, and continue my social distancing. Once more information comes out post-rollout, I will determine if I will install it or not. I have "de-googled" my device quite a bit and something like this seems to be counter-intuitive to that work. I really don't trust Google with my data but if I can get assurances that it is only being used for contact tracing, I will likely opt in to it. I think I would be much more open to it if the state of California was sponsoring it and there was a considerable amount of oversight into it.
Seeing that my phone is an old Blackberry Curve, no.
If I had a smartphone, I'd consider a FOSS app. Otherwise my answer would be "not a fucking chance".
It depends on the eventual form of the app, but most likely. I think contact tracing is probably the only way out of lock downs before a vaccine is widely available, and digital contact tracing will make it feasible at the scale that is needed. Contact tracing apps do not inherently have to violate privacy or digital rights, but obviously they have the potential to. There was some good discussion of the privacy aspects involved in this podcast I listened to, and then there are the Contact Tracing Rights framework which seems pretty good to me.
Personally, I think contact tracing in some form is somewhat inevitable. I think grassroots support for it can actually be a good thing, as more public awareness can help shape the eventual form these programs take. I've been involved with the team at testandtrace.com for this reason, and if you're interested in these issues (and test and trace in general), consider subscribing to /r/testandtrace if you're still on Reddit.
Not a chance, fancy pants