Apple and Google tweak key bits of contact-tracing privacy plan Apple and Google have revealed a little more about their plans to support COVID-19 contact-tracing apps and changed up some of their security plans. In an updated FAQ document released late last Friday, the companies explain their plans to employ a "privacy-preserving identifier - basically, a string of random numbers that …
"It's included in Google Play services which are distributed directly from Google. "
And you can bet suddenly nothing works if you haven't installed this latest piece of spyware.
Basically one more data collecting service for Google. *Major* collecting service: Health data, wifi-data, bluetooth data and all paired with id and GPS-coordinates. A goldmine, literally. Not even GDPR can stop that spying as it's "health monitoring" now.
Application showing the data could as well query it directly from Google as it *will be there*. With IMEI or advertiser-id.
So Google is going to have to its hand up the health databases skirt. There's a lot of reassuring noises in the communication, a lot of making it seem like user privacy is paramount, but Google made a mistake in communicating that they will approve apps that correspond to their criteria of privacy.
There's a lot of wiggle room there.
But we'll see how it goes down. I didn't have a problem with the centralized approach, but at least now we know the direction apps should take.
Looking forward to reading about the API functions, and if there are any hidden ones.
It does seem that these sorts of proposals are getting closer attention* than the tradition anit-social media and advertising networks have done in the past let alone existing "think of the children" telecoms surveillance. Maybe some of this attention will start to spill over into other areas.
* Maybe one factor is that this is being proposed at national and, indeed, global scale so it's a lot harder to hide than one at a time individual primary care trust data slurping contracts.
"There's a lot of reassuring noises in the communication, a lot of making it seem like user privacy is paramount, but Google made a mistake in communicating that they will approve apps that correspond to their criteria of privacy."
That's pure show from Google. All the actual data collection is *part of Android* itself. Even more spying on top of old spying.
Applications then get an API which they can use to ask Google what it has been collecting. No more than UI for a service which runs as well without UI. And collects everything directly to Google servers, of course. You don't even *need* an application to make a query to Google search engine, a browser could do that as well.
At that point application level privacy is totally meaningless smoke screen, "IDs" and IMEI associated with it is already stored to Google. And mapped to advertiser-id. Totally trivial when OS does it all. And it will.
Google of course knows this, that's why its pure show.
While anything like this sort of app carries potential risks, the risks from governmental abuse are far lower than the possibility that Apple, or even Google, might misuse it or pass it onto some other organisation.
The problem is that US "medical insurance" looks to be one of the most profitable scams in history and it desperately wants to spread to the developed world. Any help could help them make Billions!
"...the possibility that Apple, or even Google, might misuse it or pass it onto some other organisation."
Possibility? Google is literally living by selling everything it collects. *Everything* they or *any* Android is collecting, for any reason, is for sale with Google.0 privacy and Google boasts it: "Privacy is dead" by CEO. Literally. Them assholes.
Apple isn't so obvious, harder to tell.
But for Google it's a goldmine for many reasons:
1) 'this and this person *has* Covid-19' (Anonymity is a joke within Android: There isn't any, by design) This knowledge alone is worth billions.
2) collect all the Bluetooth-IDs paired with GPS locations.
3) collect all the Wifi-IDs, paired with GPS locations.
And the best part? It's now totally legal!
A buttload of *more data to sell*, from billions of people! No wonder Google wants it immediately, preferrably yesterday.
Of course any three letter organization is USA has full access to everything Google collects, as usual. "How to leak, not only your health data, also everyone around you ,health data to anyone who wants to know and has money to buy it (and NSA)".
I already see any health insurance claim rejected due the 'pre-existing condition', i.e. Covid-19.
And the best part? Android does it all under the hood, user has no control whatsoever on anything. Except removing the battery. Absolute power to spy users, by Google.
All such schemes are dependent on widespread testing just to get started. HMG's testing target is 100k per day by the end of this month. It seems from current progress that the number actually delivered is a fraction of the claimed capacity and I expect that if the claimed capacity is 100k they'll declare the target met even if reality continues to fall well short.
However, let's assume the delivered tests actually meets that target. The current policy is that frontline staff and their households are entitled to a test. The number of households is estimated at above10 million. I wonder if anyone has worked out that even if only the staff let alone other household members are to be tested this is going to take well above 3 months. To test the existing households within a reasonable period of time the target is about an order of magnitude short. If lockdown is eased the number of qualifying households is going to increase so the testing capacity is going to have to increase further.
Now let's assume that this scheme is under way. It depends on the testing regime picking up a large proportion of existing and new infections. Without this there is inadequate data to start the system and most positive contacts will be missed. This means that the existing UK testing capacity is unlikely to be able to bootstrap the system in any useful manner.
Let's further assume that the system is up and running on an adquate footing. What happens when the positive contacts start to flood in? We must assume that a proportion, probably a majority of reports will be false positives. How should those receiving a warning react? Are they to assume the worst and go into self-isolation? What's the economic and personal impact of such unnecessary periods of self-isolation? The reports are going to have to be followed up with tests to avoid this and the testing system will have to be able to cope with this as well or TPTB will need to be prepared to switch testing strategy from frontline household members to putative contacts.
It seems likely that such a system is going to depend a testing system adequate to bootstrap it effectively and, unless the infection rate is low enough when it's introduced, a testing system adequate to not be overwhelmed by testing those with positive contact reports. It's certainly not going to be a means of easing to load on testing, nor on getting infection rates down from current levels.
"The new shifting identifier will make it more difficult for those tracking Bluetooth signals to associate the keys with specific users."
Ehheh, really??
Android is generating those keys internally and at the same time sending them to mothership. *Every* key will be paired with IMEI already at the phone. And sent to Google, of course. Just like every personal detail the phone has.
And, as it's a Google service doing it all under the hood, there's literally nothing you can do to stop that: It's part of Android and you *need* to have Android running. The "secure app" they boast everywhere? It's basically a UI for a service OS is running: Nothing more: Service will run regardless of the app and app security is irrelevant as it's only an UI. Spying to Google happens without app as well.
And, as it's a Google service, Doze *is not* stopping it: it runs all the time, collecting not only location(GPS), but everyone nearby via Bluetooth *and* all the Wifis. So Google finally gets "legal reason" to collect every Wifi it can find with gps-coordinates. Spying which gave it bad rap when they did it with Google Maps cars. Suddenly it's OK "because covid-19".
Literal data mining goldmine, gifted to Google/Apple by idiots who have no idea how it actually works.
Also yet another data slurping privacy destroying "feature" baked into OS. Same thing with Apple, of course. I can already bet it won't be an update you can skip: iI's pushed with force and you aren't asked.
Google is obviously using Microsoft as guidance how to abuse your users to the hilt. F**k them.
" that leaves data on the device until users call in sick"
No such thing as "data on the device". At least not in Android: Google has access to *everything* and will use that access every 0.5 seconds. And there's no way you can stop it. You can't stop or prevent OS (i.e. Google) access to any data in the phone.
You might have *a copy of data* locally but *everything* is sent to Google. Literally.
Who is the idiot who believes "application" can hide something from *OS*? Are they morons? Or do they believe that Google doesn't abuse data worth of billions?
If they do, they *are* morons.
"The companies also clarified that data will never reach a public health authority - or Apple and Google - until a person tests positive for COVID-19 and opts in."
Yea, sure. Android exists solely for spying users and this is blatant bullshit. *Any* data OS collects will be sent immediately to Google. Who's the moron who actually believes this?
Apple the same, of course but less resale, as far as I know.
"Which knowing how well government IT project usually go should be ready for rolling out around 2025."
Lots of government IT projects do really badly, but some are actually quite effective. The online car tax form is very quick and efficient, as is the passport application form. The EU settled status app actually worked very well considering what it was doing and the number of applications it received. (These are just the ones I have experience with.)
I don't know in which camp this one will fall. I hope for everyone's sake it's one of the successes.
Hmm. Might be time to pick up an unlocked Xperia XA2 off eBay and slap Sailfish on it.
I have an old Nokia that runs Symbian 6 which I'd switch to For The Duration, but the battery life is abysmal - like a couple of hours - and I don't know if I can get a new battery for it.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
