It's a sad day
when Google and Apple are trusted more than the Government.
Apple and Google have officially released their Exposure Notification API, a joint technology project to allows public health organizations to build mobile apps capable of efficient and anonymous coronavirus contact tracing via Bluetooth. The basic idea is that you run one of these apps on your phone, and the software uses the …
This post has been deleted by its author
however, the world gets weirder by the year. Whats next ? FBI or NSA being identified as t.rr.r.sts ?
Already known to have indulged in criminal activity. That is, if anyone else did it. I await the release of M$ Linux with the APT package manager and RPM packages, requiring alien, scripted in PowerShell. Local cats and dogs already live together in harmony
Google and Apple are not being trusted per se, DP3T is.
Also it's perfectly fine to accept a solution that is correct/best-effort, even when it is from a source one doesn't normally trust.
Just a shame that the Tories can't be arsed to do the right thing in the UK and we will no doubt be forced to use a broken app that invades our privacy.
I still trust Apple over Google - at least it generates most of its income from things that do NOT aggressively violate privacy to grab people's data. I suspect that they're also the reason they seem to use DP-3T as protocol (the transmission of randomised data suggests this), but I would not trust Google to not "accidentally*" store that data for much longer.
* That is "accidentally" as in "accidentally" installing a full WiFi recording facility including backend to hold the collected data during their Streetview exercise..
Yes, accidentally indeed.
"No data goes to Apple or Google"
I have no way of knowing if that is true, but I do know that if I am on a recent version of Android and I want to enable bluetooth to use one of these apps, then in order to do so, thanks to recent "improvements in security" and to "protect me from apps being able to track me silently" I now have to first enable fine location services and gps, and leave them running all the time in order for BLE to work.
This means location services are available for Google and other apps to use as they please unless I take the trouble to go and specifically deny access individually. I am sure that is accidental too.
Apparently part of the issue with location services and Bluetooth BLE, is the increasing use of Bluetooth beacons. If BLE could be enabled without location services being on, it would still mean some apps could find your location via the beacons. Therefore Google pushed BLE into location services, so turn location off, you also turn BLE off.
Not saying this was the right choice, but I can sort of understand the rational.
Personally I'd much rather have more granular control of a device, and be able to explicitly switch on/off regular Bluetooth, BLE, GPS etc all separately, and also deny, by default, any apps from accessing those services, and only enable it on a per app, per function basis. But I suspect this goes directly against what Google are trying to do with Android!
I get that, but if the aim is to alert the user to misuse, as is the stated aim, then the first step they adopted, which was to make the user allow location *permission* if they wanted to use wifi scanning or bluetooth (because it affects both) made sense.
However what does not make sense is the current situation on the latest Android version where not only do you have to give the permission, you have to actually turn on location services, and enable gps and leave them on continuously if you want to be able to scan wifi or use bluetooth BLE.
For instance, I use Davx and it has a feature to only sync to a local caldav calendar when connected to my local network. It used to work. However, since the Android upgrade, that will no longer work unless I give permission (fair) for location services, and enable gps and location services and leave them on all the time.
Playing devils advocate, that gives Android a handy way to "accidentally" map every combination of the signal strength of visible access points and beacons to an actual gps location. With the NHS app that could be a considerable harvesting of data.
"if I am on a recent version of Android and I want to enable bluetooth to use one of these apps, then in order to do so ... I now have to first enable fine location services and gps"
That's a recent version of Android. You will need the latest. Apple explicitly _doesn't_ allow apps using this API to use location services (which includes gps). I don't know exactly what Google does, so I expect them to do the same. Most likely they just didn't separate permissions fine enough.
Will my data be monetized by Google or Apple?
No, there will be no monetization from this project by Apple or Google. Consistent with well- established privacy principles, both companies are minimizing data used by the system and relying on users’ devices to process information.
I see that winged pigs can now make use of Heathrow and Gatwick for practice.
Now that I can understand. And we have a magnificent example, don't we, NHS ?
I do prefer that the two major players get their teams on this issue and iron out a common solution. I like that they say that no data goes back either of them, but I'll wait until the experts demonstrate that that is true.
In any case, I do believe that Google & Apple (Googapple ?) are less of a risk than some local company who got the job because the CEO goes golfing with the minister's brother.
Plus, at least the techs in both companies know exactly what their platform can do and how to call on it most efficiently. Knowing how to program an app for a mobile platform does not mean you know how to do the job using the least amount of power possible.
So good on Googapple. Let's just keep in mind the age-old adage : trust, but verify.
Shame in a way it's a closed API (although I very much understand why that's the case).
As someone, or more likely a team, could knock up a UK Open Sourced version, using the API, and with none of the centralised crap. Fully peer reviewed etc.
This could then get promoted by all the various privacy groups etc that are currently lambasting the NHS version.
Won't happen though, as they'd need access to the API, and cooperation from the NHS for the testing positive side of things.
Apple allows one national health provider per country to publish an app using the API. So NHS Scotland Could write one. To keep people safe, and to piss off Boris Johnson. Don’t know what would be higher priority. Would work everywhere in the U.K. obviously.
I think the intention is to require that human beings who are politically accountable be in the chain of responsibility for sending out the positive diagnosis alerts. Otherwise the 4chan script kiddies would spam the heck out of it, reducing its value back to zero as people uninstall.
It's hard to think of a worse idea. It just won't work. The way out of these is not to trust people to advertise their status (how would they even know) and to go go into hiding instantly if they get a notification (what happens of it comes when they are 200 miles away from home) while simultaneously handing governments the biggest surveillance opportunity in history.
Anyway, it uses bluetooth, so it has by definition failed already. Let's entrust the lives of thousands to a technology which after twenty years can't transfer a file reliably, shall we?
No part of this requires you to trust people to advertise their status, or to trust that everybody go into hiding if they get a notification.
Taking the UK as an example, Apple and Google have provided only an API because the NHS is supposed to supply the app. The NHS then feeds in the individual diagnoses. So: this system asks you to trust the NHS's ability to tell who has COVID and who doesn't.
As to your other concern, exactly the same observations apply as to social distancing in general. The objective is that enough people will act sensibly that the rate of spread will be sufficiently reduced that the health services can cope with the quantity of people who nevertheless fall sick.
What happens if you have come into contact with someone who later tests positive and should be self isolating but your bluetooth registers a contact with someone new?
I don't think anyone has said this and it's important because the implications are huge from a policing perspective depending on how the government proceeds. Will they introduce fines? Forced quarantine? Will this new contact be informed they need to self isolate as well? I really don't like where this is all going.
The specification paper for DP-3T on GitHub, isn't totally clear on this.
it is clear that once someone declares they are infected, their app will forward their current id to the central system/DB and then generate a new id.
What is not clear is whether this new id is temporary ie. valid for 3 weeks of self-isolation. or what. and whether other devices can on seeing this id. immediately identify it as being a live CoViD19 carrier and thus avoid immediately.
I would hope that some more detail does exist on this important aspect of the app.
"Well, I'm sure the government can find out who it is by getting the assigned phone number off the phone."
The app can find it if it has permissions. If that is passed on to the government, then we'll find out. I mean the NHSX plan is that they hire 21,000 people who track down anyone who got close to someone infected by questioning that person.
> should be self isolating but your bluetooth registers a contact with someone new
It is bound to happen, unless you self-isolate on a desert island. In an city apartment bluetooth is able to go through the walls and all your immediate neighbors and their visitors, despite not seeing you, will keep "contacting" you, isolation or not.
But on the other hand I guess it doesn't really matter, since the app only knows two statuses, "healthy" and "sick", so as long as you don't pull the "I've got Covid-19 myself" lever, you are deemed just another healthy citizen, even if you've potentially become sick and infectious.
False positive and false negative numbers will most likely be huge, but hey, we've been doing something!
"What happens if you have come into contact with someone who later tests positive and should be self isolating but your bluetooth registers a contact with someone new?"
You should be self isolating - nobody can force you obviously.
Other users coming near you will be told _when you register yourself as infected_.
We would hope that _either_ you are lucky and didn't get infected, or you went into lockdown and therefore nobody was near enough to you. In the end if X was infected and got close to 20 people and 14 people are warned (because not everyone has the app) and one decides to carry on, that's still 13 people not infecting anyone.
That's 13 people out of the workforce for up to two weeks (depending on how quickly they can get tested), from contact with just one person who tested positive. It will result in effectively a permanent lock down of everyone using the app, and at some point the money to pay to them keep self isolating over and over again, will run out.
And there we have it, the word ‘smart’ finally revealing its true meaning in a phone, and unsurprisingly its Orwellian
I guess I wont be updating my phone then and it is actually going to be abandoned.
I don't really care what any of you muppets think about this covid19 thing, but my third eye is buzzing like a mofo
Wasn’t it IBM who created something historically to help catalogue mass murder?
If I turn GPS and Bluetooth on on my phone I lose half my battery life. I have mobile data on either, because turning it off quadruples time between charges. Any system which requires voluntary action at both ends of a link which many people don't have and many don't use is doomed to failure.
"I've never used bluetooth. It's disabled on my phone, so the app isn't going anywhere."
Yeah, that's what I thought too....
I had never turned on Bluetooth on my iPhone either and have it locked down as much as possible and no third-party apps installed either.
But installing LibMobileDevice on a MacBook Pro to view logs of my iphone in real-time shows that Bluetooth is very much alive and active on my iPhone.
From the captured logs I can see:
"default <redacted time stamp> rapportd Bluetooth address changed: <redacted>"
"default <redacted time stamp> bluetoothd Unregistered session <redacted>"
and this one....
"default <redacted time stamp> bluetoothd Current spy scan clients: <private>"
And these logs were taken a week ago running IOS 13.4.1
I'm not sure what to make of that last log and the unfortunate wording: "spy scan clients" though?
Quote: "I guess I wont be updating my phone then"
You don't mention what phone OS you have.
If it's Android, then the update is via Google Play Services, so is automatic on Android 5.0+ (with Googles' stuff installed of course), Google Play Services also does silent auto-updates, so ignores the Play Stores setting for automatic app updates.
You'd have to disable data for Google Play Services (which may well break other things), or never use data or WiFi on that phone again, or do something else to block the silent updates.
Plus of course you'd have to never buy a new Android or Apple phone again, as any new ones will have this new API baked in anyway eventually.
It's an API. It gives you the option of installing an app that uses that API. If you don't want to help out with contact tracing, don't help out.
If you're already walking around with a GPS-enabled, radio-transmitting camera and microphone in your pocket then deciding that using those features to try to help reduce the spread of a once-in-a-hundred-years virus is the line you won't cross feels somewhat askew from a logical decision process.
"And if there's a match indicating the user was in the vicinity of someone with a positive diagnosis, the user will – if settings allow – be notified and advised on what to do next."
I am still not sure that this proximity sensing will work well enough. The number of false negatives might be staggering. A little video demonstration, I will eat my hat and be amazed of this fluctuation in signal strength can be smoothed out by algorithms to the point of usefulness.
Imagine these random strings are preserved instead of discarded as vaguely promised (the above reference to the Streetview affair is a good example of just how much certain parties can be trusted in that respect), so you now know the holder of device 6635341 and/or those who were in proximity has had a run in with Covid19.
That information is an absolute goldmine to advertisers, and pharma has a LOT more money to pay for ads - you now know which device to push ads to (no need to know the owner, although any other use of the adslinger's services could give that away due to match on device ID. That's why I would not trust an ad slinger with that data. Nor a government, but for different reasons..
You don't know anything about the holder of device 6635431. You know something about the holder of a phone that at one point generated a random number. And _only_ if that person tested positive. So first we are down from 66 million people to a few ten thousand, _and_ there is nothing that lets you identify them.
I am curious as to how any of these tracking / tracing apps are meant to account for primary school (or lower) aged children. Most of these children probably won't have their own device so isn't this a rather large chunk of the population (who are potentially very good at spreading the virus) that are going to be missed?
The WHO has many studies that show that children are almost immune to the illness and very unlikely to infect anyone even if they do catch it.
Child to child transmission is almost zero
Child to adult transmission is almost zero
The above two reasons is why schools are open in many countries
Adult to child transmission is very low
In the UK 1% of all over 90's have already died from it
30% of all those who have died from it were over-weight and had Type II Diabetes
Death from Covid-19 is very age and illness related.
The figures are all published, but they don't make Tabloid headlines and don't keep Union reps in the faces of employers.
Unless you are a pensioner with underlying health conditions, the most dangerous part of your working day will still be the travel to and from!
I wouldn't trivialise this - it has emerged that there are plenty factors out there that can trigger the more dangerous aspects of Covid19, and re-infection apparently comes with a whole new gamut of problems.
As far as I can tell right now, the core issue seems to be changes in blood coagulation factors which leads to clotting, with all the associated issues. That's summarising, of course, but it appears to better explain the breath of problems that occur when an infection is not well tolerated.
You're better off not getting it, even if you think you're not in the groups at risk, also because it then turns you into a carrier..
In your article: "Apple and Google insist that no data will be shared with public health authority apps, apart from two exceptions. "
I think this is very misleading. The first bit of information you mention is stored on the phone, the second bit is stored on Apple's or Google's servers and delivered to all the phones that are enrolled, but none if it is directly available to the application and none is available to public health authorities. The only thing that becomes available to the application is the fact that the phone running the application was too close to another phone running the application, whose owner declared themselves to be infected.
So there is nothing that is directly or indirectly accessible to anyone.
"Child to adult transmission is almost zero" - Caver_Dave
Might be, might not be. No one yet knows for sure. Google to find false or premature claims in this area like this one debunked here: https://fullfact.org/health/children-transmitting-coronavirus/
Or this report in Nature: https://www.nature.com/articles/d41586-020-01354-0
Awful to see some notorious but influential journalists cherry picking statistics to fit their agenda and trying to infect the population. Bit like Covid-19 and possibly just as lethal.
None of it really matters anyway because, in the UK and for now at least, the feature, while present, is "Not availabe in your region" so is greyed out unusable. If the NHS get their act together and arrange for an app to take advantage of it I suspect that may change.
If it's a standardised API why only allow one app per region? All apps should be compatible. Moving from one region to another should make no difference to functionality. Each app should beacon a unique 'infected database lookup url' that any other app receiving contact indications from, should be able to interrogate for infected contacts. Moving between the UK, scotland, france, germany should all work seamlessly, as the UK app will tell the French app go to https://nhs.gov/covidEndPoint to lookup potential contacts, and the french app will tell the UK app to go to https://wherever.fr/etc to do the same. Multiple apps in each country could do similar.
I installed iOS 13.5 yesterday and looked at the inactive switch to turn it on. How long will it be before the US releases an app to make use of this?
Or are they going to pass that off to the states like they have with everything else, so that Trump can claim he isn't to blame for anything that goes wrong? Surely requiring 50 separate efforts (and therefore ignoring the 10 or 20 million people who commute across state lines every day) isn't going to be a problem...
Biting the hand that feeds IT © 1998–2020