Apple, Google Ban Use of Location Tracking in Contact Tracing Apps (reuters.com) 76
Apple and Alphabet's Google on Monday said they would ban the use of location tracking in apps that use a new contact tracing system the two are building to help slow the spread of the novel coronavirus. From a report: Apple and Google, whose operating systems power 99% of smart phones, said last month they would work together to create a system for notifying people who have been near others who have tested positive for COVID-19, the disease caused by the coronavirus. The companies plan to allow only public health authorities to use the technology. Both companies said privacy and preventing governments from using the system to compile data on citizens was a primary goal. The system uses Bluetooth signals from phones to detect encounters and does not use or store GPS location data. But the developers of official coronavirus-related apps in several U.S. states told Reuters last month it was vital they be allowed to use GPS location data in conjunction with the new contact tracing system to track how outbreaks move and identify hotspots.
For Now (Score:3)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
MS used unpublished APIs to give Word an advantage over WordPerfect.
What's to stop the systems here doing the same?
Re: (Score:2)
Re: (Score:2)
It will be for our own good. Trust me./quote Stupid post #2 with no reason whatsoever.
Re: (Score:3)
If they were, known Stasi fans HMG and French Government would not have tried to develop their own.
I do not trust Apple and Google separately for a split second because anything they come up with is PM/Engineering driven without proper thoughts of the consequences. If they have come up with something together, there we Lawyers involved as well as proper consideration of the consequences. So this is likely to remain "as advertised" and any backdoors will be only the USA Gov/FISA ones (somet
Both companies have your location history. (Score:2)
what does it matter when they have the location history in a different data bucket already anyways?
for 99% of people who would use their app they could look into that data and look it up from there.
It's kinda dumb really. you want to have tracking or not? if you install the app you very clearly want to, imho.
bluetooth contact tracking is kinda iffy - but not only that, this way they have the gps locations of the people who have gps disabled in their phones as well but are running this app, by correlating fr
Re: (Score:3)
It's kinda dumb really. you want to have tracking or not? if you install the app you very clearly want to, imho.
That is assuming people have a choice. Governments might force you to install the app if you want to go outside for example.
Re: (Score:2)
Re: (Score:2)
Those features will be quietly added in an update.
Stupid comment based on nothing whatsoever.
No, no it's not. (Score:2)
Events in the Universe consist of things slamming into each other, why do you need to know more than who you ran into? Why do you need to know where?
Isn't the whole idea to propagate a chain of notifications? You need events, not locations for that.
Re: (Score:2)
To elaborate on what I'm getting at, we define our notion of space by events, and then we describe other events to (attempt to) create a set of events that constitute "location".
We know "where" a GPS receiver is, because we've bounded it in one particular way, with a particular set of events. Contacts can function just fine in a space thats topologically marked by POSETS of contact events. You don't need to specify the bounds as a Cartesian triple.
Re: (Score:1)
Re: (Score:2)
While I generally agree, potentially understanding *where* a cluster of cases originates might help to understand appropriate policy actions that should take place. Completely for hiding that data from automated gathering though.
Re: (Score:2)
It only says no GPS. You can still track location without it, just not as accurate. This works by looking at what WiFi networks are visible near you and making an a guess at your location based on their relative signal strengths.
Re: (Score:2)
If you believe you have symptoms, see a doctor.
If you don't have symptoms, they won't test you anyway.
"But the app said..."
We don't have enough tests.
Assuming you've followed the social distancing guidelines, all you can do is hope you don't get infected. So see the first point: see a doctor if you believe you have symptoms.
We don't need an app for this.
Re: (Score:3)
Besides, aren't people obsessed with checking their phones more likely to bump into other people?
Re: (Score:1)
Re: (Score:1)
Well, we can certainly tell why you're not a doctor. Among the many reasons why what you're saying is a load of bollocks:
- It causes a set of symptoms that are somewhat like pneumonia, but are not pneumonia
- The idea is to identify doctors who are asymptomatic or mildly symptomatic who then pose a risk to patients and colleagues
- Not all patients have fever or respiratory symptoms audible through a stethoscope
- Lots of other diseases also cause fever and respiratory symptoms
etc etc
Back in your box, dipshit
Re: This sounds like a goddamn nightmare (Score:2)
Well that's completely the wrong advice. I work for an American company who also kept repeatedly saying this despite it contradicting the government advice of most of the countries they operate in. Our government said: go home and call 111 if you think you have symptoms. They absolutely did not want Covid-19 patients going to see the doctor because deep cleaning a GP's office is expensive and disruptive and also puts other vulnerable people at risk of infec
Whoops! Can't Just Turn Off Bluetooth! (Score:4, Insightful)
The natural response to predatory tracking initiatives like this is to just disable bluetooth. But you can't do that and use a headphone on a phone that has had the jack removed.
Re: (Score:2)
faraday case or bag time
Re: (Score:2)
dongle time
Re: (Score:2)
Actually the natural response to this (if you're so inclined) is to not install any apps that use the API.
Re: (Score:3)
I would be surprised if a normal app with normal blue tooth permissions could even achieve this as it would require bluetooth devices to be auto discoverable the whole time. I suspect only Apple or Google has access to the internals needed to make this happen in the first place.
Re: (Score:3)
They are not using Bluetooth discovery, they are using Bluetooth Low Energy. BLE devices can transmit advertising messages periodically that other devices can pick up. Discovery is used when trying to pair, it's a different system entirely.
The real issue for apps not using this API is that the OS will prevent them running in the background, in order to stop them killing the battery. The UK's app requires users to be in close contact for half an hour before it flags it up, for example, because the most frequ
Re: (Score:2)
Could also be a legal agreement that needs accepting before they are allowed to officially use the data.
I hope I'm wrong, but it'll start as opt-in, then the loop will get closed as laws catch up. Look at how social distancing started: first a recommendation staying apart from others. Gradually stronger advice until it becomes a punishable offense to break social distancing. Then emergency numbers you can call to tattle on people who aren't abiding. Once a majority of people are abiding, the leverage st
Re: (Score:1)
Re: (Score:2)
Huh?
I have a Google Pixel 3 and an iPhone XL. Both work perfectly fine without Bluetooth and headphones. I just plug my headphones into the USB-C jack at the bottom of the Pixel, and into the Lightning port on my iPhone.
I can even be fancy and use a high end DAC or my USB speakers with both.
Oh wait, maybe you're not familiar with th
Bet the data can be de-anonymized and localized (Score:4, Insightful)
I bet someone will figure out how to de-anonymize and localize the data based on other information. We need *laws* to prevent misuse of information. Technical hurdles just mean some smart people waste a lot of effort and get to the same result.
Re: (Score:3)
Re: (Score:3)
That's why the random code your phone advertises while using this API changes every 15 minutes.
Re: (Score:1)
Laws are easily broken. Technical solutions can be much more effective.
Provably secure - it can't be done (Score:5, Interesting)
> I bet someone will figure out how to de-anonymize and localize the data based on other information.
Of course if you're running Google Maps, that has your location, so *Google* would have your location "based on other information". Of course that has nothing whatsoever to do with this app. In the world of mathematically provable cryro and security, that's call a priori information - something they already knew.
The health department or other government agency doesn't have that information, so it's not a priori information from their perspective. That's who we want to think about. Based on the information available to the health department with this app, what information can they learn? Secondly, people we are physically close to for a few minutes receive a token. Can they get any interesting information from that token?
What we can sometimes prove about crypto-based schemes, such as this one, is that no computationally bounded attacker can gain non-trivial information. For other schemes, we can prove that an attack IS possible. Crypto nerds like me look at the spec and try to prove it is secure or it's not secure, under different conditions for the attacker. For each type of security, we prove security (or lack thereof) by showing that the information the attacker has is indistinguishable from random bits, or it is distinguishable from random bits.
Trivial information includes the fact that someone (we don't know who) sent a message (presumably using the app).
We can analyze the crypto here and try to prove it secure or not:
https://covid19-static.cdn-app... [cdn-apple.com]
We see that the health department / government receives the following:
When someone reports that they have been diagnosed, they can submit some codes. Those codes are randomly generated numbers, numbers their phone randomly generated each day. What information can the health department infer from the random numbers they receive? Can we show that the numbers are indistinguishable from random?
The numbers sent to the health department ARE random numbers. Therefore they are indistinguishable from random numbers. The health department / government can learn nothing from those numbers. It *can* note that somebody submitted numbers, without in who submitted them, so the health department can learn that an anonymous person was diagnosed. But the health department already knows that because the doctor reported the diagnosis. So that's a priori information. They learn nothing new from the app. That leaves this info for them:
Somebody who was positive used the app.
We already knew someone was positive.
So the health department can learn is that somebody used the app.
"Somebody used the scheme" is defined as trivial information. The government can learn no new non-trivial information from the app. It's provably secure.
How about the people around you? They can learn something that the health department can't learn. They receive the SHA-256 HKDF of random numbers. Those are indistinguishable from random if either SHA-256 is unbreakable or HKDF sha-256 is unbreakable. We have reason to believe that SHA-256 is unbreakable, so that's a pretty safe bet. That leaves the contacts receiving a number that is indistinguishable from random - provably totally secure, BUT then they might receive the same number two minutes later if you're still there. That's distinguishable from random. Contacts CAN learn that somewhere near them right now was also near them two minutes ago. (Fresh tokens are generated every 10 minutes).
For contacts, we can therefore prove two things:
1. It's not perfectly secure in the sense that in a given 10-minute window, a number might repeat, indicating that the same person is still nearby.
2. If we decide we don't care about repeats within 10-minute blocks, if we ignore the repeats, then we end up with
Re: (Score:2)
Ps - what I laid out above is of course an informal proof, not a formal one.
Formally, we'd show that the data is indistinguishable from random. Because what the health department receives actually IS a random* number, there isn't much to add for a formal proof.
As for nearby contacts, one could probably do a little more work to formalize the proof. Still, it's pretty straightforward - it's a truncation of a strong operation on a trusted hash, which is itself a truncation of a strong primitive. The truncati
Re: (Score:3)
I bet someone will figure out how to de-anonymize and localize the data based on other information. We need *laws* to prevent misuse of information. Technical hurdles just mean some smart people waste a lot of effort and get to the same result.
You haven't looked at the API. There _is_ no data to be de-anonymized. Do you think Apple and Google haven't hired people with a bit more brains in their skulls than you have?
Re: (Score:3)
But they don't need to just be smarter than me. They need to be smarter than the people OTHER groups will hire to try to get at the (very valuable) information.
There must be some data - I presume the goal is to let people know if they have been near someone who was exposed. Maybe it really is just a single bit? Is nothing sent to a central database? Maybe - but then it will be very difficult to understand how the system is working. People will receive alerts with no way to know why they got them.
At
Of course... (Score:3)
If we gave the governement location data, that would give them too much power, leave the location data to the large advertising companies.
This is Big Data's wet dream (Score:2, Insightful)
They don't need the app to use GPS localization: Google and Apple already collect that data in a myriad other ways. What they'll have on top of that is the ability track actual human networking - a much finer way to find out who is where and interacts with whom.
The damn virus just gave them a justification implement that additional piece of Orwellian software.
Re: (Score:2)
* And the only way to get around it is to not install covid-19 apps that make use of the API
* or install them and when they ask to use the API say no
* or to install the apps, give them permission, and then not worry when a randomly generated ID gets copied onto nearby phones also running the app, and have that data uploaded only if the phone owner claims to have contracted covid-19, and then for your device to see if its generated ID is in the list that have been uploaded (rather than your random ID being p
Re: (Score:2)
Computerphile video about it (Score:3, Interesting)
https://www.youtube.com/watch?... [youtube.com]
Re: (Score:2)
It's easy to beat up on the big guys... (Score:3)
It's easy to beat up on the big guys; well figuratively speaking, we all know we're dweebs if we're real slashdotters.
Yes, I've though about this a lot...
A bluetooth model that doesn't transmit ANY information out to Apple & Google (A & G) and only logs on your device the presence of other passing bluetooth devices (serial number exchange only) seems like an entirely workable and relatively safe system. The initial registration and the potential "Oh no! I have been diagnosed with the novel corona virus!" are the ONLY things that need be transmitted to the server, EVER. No need for GPS or any other form of location system, just collect bluetooth connects-disconnects on your device for a month in a circular queue. Compare your list with the list of "sick serial numbers" that are broadcast or the app can pull it occasionally. If you've had exposure... it's up to YOU to respond; though the "sick serial" device will know that they connected with you from their device's "circular monthly queue of connects".
This may not be the way A & G have set it up; a user activating the "Oh no! I have been diagnosed with the novel corona virus!" alert may potentially upload their "bluetooth interaction log". This would then give A & G the sick persons interaction list... this is a potential privacy incursion; A & G really should define exactly how their system is set up. This isn't needed by A & G; trusting the user to get checked out should be good enough and is certainly better than nothing.
A & G may have done the correct thing; there is no magic bullet with tech but this potentially does seem to be about as good as it gets.
Re: (Score:1)
Sounds like a great way to force everyone to upgrade their phones if you ask me. Most phones already have GPS. The thing that is not required is associating any of this with any personal information. Transmitting randomly generated sick serial numbers to a central server where they can measure distance based on location data is not less invasive than an always on bluetooth beacon that literally anyone can listen to. The GPS based central server has the added functionality of being able to tell you if
Just uninstall the app (Score:1)
I understand the concerns about privacy invasion, but if you are concerned about being traced after the pandemic is over, just uninstall the app. The only huge problem for me would be if the government made it compulsory to have the app on your phone like some oppressive countries have done with other apps and root certificate authorities.
To the people saying this will enrich Apple's and Google's data about you and who you interact with, they already know anything this would tell them and more.
Re: (Score:2)
Re: (Score:1)
Which country is that?
Comment removed (Score:3, Informative)
Re: Bruce Schneier had a great take. (Score:5, Insightful)
Does anybody think this will do something useful?
Ya, a bunch of medical doctors and epidemiologists.
Re: (Score:1)
His objections are because he thinks false positives and false negatives will make it worthless, but that's just silly.
If there is a false negative someone might get coronavirus but not know it, but eventually they will pass it on to someone who isn't a false negative. It doesn't have to be perfect to be immensely useful.
False positives are also not such a big deal. For a start the health authority app can simply require approval before a positive is recorded, which would require a test. So not just random
Re: (Score:2)
False positives are also not such a big deal. For a start the health authority app can simply require approval before a positive is recorded, which would require a test. So not just random people tapping "I have coronavirus" to get off work for a few weeks. And even if mistakes are made the consequence is only that some people have to isolate for a while, not have the whole country on lockdown.
Simple solution: Every positive test gets a unique random 12 digit number. There is a database of the numbers, with no additional information. To confirm that you are infected, you type in the 12 digit number. Each number can be used once only.
Re: (Score:2)
Sorry, can't trust them. (Score:2)
Re: (Score:2)
It's a moot point really since I don't have a smartphone
So what the hell are you doing on this site? Are you living in a cave?
Re: (Score:2)
Apple & Google are scared... (Score:3)
Re: (Score:2)
The Chinese & Korean manufacturers already have alternatives
They have privacy focused alternatives for iPhone and Android phones? What alternative universe are they living in?
distances do provide almost exact location (Score:1)
Give the me source code, please (Score:3)
Simpler way (Score:2)
I don't understand the concern, there should be an easy way to do this:
If you had Covid-19, your phone emits an "I have" or "I had" the virus Beacon, no identifying information, no central server, no database of identities, nothing a curious government could exploit.
Everyone else runs an app that looks for those signals, the app records the time and location where YOU were when you got the beacon. Certainly logging your personal location where you saw a beacon wouldn't raise privacy concerns since you are t
The stupid is strong today. (Score:2)
There are published APIs. Anyone can see what they are doing. The people who created them are known. And all these smashdotters here are insulting them - with not a trace of evidence.
"How do we know they are not secretly collecting data" - we know that because they are billion dollar companies that would end up in court doing it. And it would come
Only Big Tech gets to track you and misuse data (Score:1)