This is more of a technical question than an invitation to a political argument. :) But with all the talk over the last couple of days about the government FORCING their tracking app onto everyone's phone (since recanted) I was wondering how they would accomplish such a feat. Could they technically install an app on our phones without us knowing about it or will they force us to do it ourselves by using threats?
Cheers
@witsa: I think that's where the voluntary should come in - if yr comfortable. I don't object to you opting in :)
@witsa: sounds like how PRISM program supposedly targeted surveillance but turns out to be blanket surveillance
how did korean gov sending random texts to suspected contact tracing within community for quarantine mandate, even without this bluetooth app installed
@dcep: contact tracing is an important tool in the fight against covid. There are good and bad ways to implement this so it's actually really important to have an open conversation regarding how it needs to happen. I don't know the answer but it's going to be some compromise between how much data we expose and how much privacy we obtain.
I will say if the government did implement a PRISM-like surveillance system, this wouldn't be the first step - the first step would be to just make the tech giants and telcos release their data they already have on us, probably in a covert manner.
They wouldn't need this app. This app is the complete opposite approach to surveillance. It's just an offline log that you only submit when you have the virus. It's really taking the minimum level of data the government needs to do contact tracing.
And you don't need to trust the government when they say the app will only take the data it says it's taking. It's open-source which is the software equivalent of being completely transparent and audit-able. And no doubt, given it's profile, it'll be independently audited by many people and organisations.
Unsure about the cases you're mentioning in Korea but under the proposed system, if you did get a random text telling you to get tested, I would imagine HOW you came to get that sms would be completely traceable from when you signed up for the app to the contact with the affected person which led to you being notified. That's the entire point of contact tracing.
@witsa: I have no issues and will probably download it. Information on my movements at the moment is pretty boring, as I recently had to let my mistress go because of the economic downturn…
But, the question I have at the moment is, when this all sorts out and I dump the app, will there be anything remaining on my phone that gives the gov information about my movements?
@saltypete: I would assume that it'd be like any app from the Apple or Google Play store - you uninstall it and it's gone.
My assumption probably isn't worth a lot though. However, this would be the type of thing that IT security or privacy advocates would jump on when examining the open source code.
I'll just go back to using my old slider phone.
Nothing is worth surrendering such power to any government.
Gumtree sales of old 3310s will be through the roof.
I placed a few under the hoist post go keep it level. I'll just pull them out.
They've only been there for 2 years so I shouldn't even have to charge it.
Send one up my way. They don't make them like that any more!
I agree. That is not a world I want to live in. I worry about the gov getting hooked on all that information and either not letting go, or obsessing about how they can reintroduce asap…
Nothing?
What if there was a virus spreading with similar contagion but a 99% death rate. Would you opt in then?
If so, then you just believe that the relatively low number of people who will die from covid-19 is worth it for you not to have your Bluetooth data sent to the government.
If ifs and buts…
This is the shame of it, if the majority of people got onboard this would significantly improve contact tracing. But many people value their location privacy over the lives and livelihoods of others.
And it doesn't even record location. Paranoia everywhere.
@bmerigan: You could fairly easily cobble location data together using fixed bluetooth addresses.
Match it up with existing cellular data for some very nice precise information on who associates with whom.
@smalltime0: Covering the populated areas of Aus with bluetooth beacons 15m apart would be a pretty significant hardware rollout.
Wow significant down votes, but I don't see how this statement is wrong. FWIW in some countries I would highly value my location data. In this country, on this question, I'd favour measures to protect lives over my location privacy.
@[Deactivated]: You really labour your life saving martyr efforts and telling everyone. How many times now?
Ah the whataboutism, you'd have done well in Stalinist Russia.
tinfoil hat required here.
For my phone. Yeah.
So you're not using Google Maps or Facebook currently? Or you're happy with this data in the hand of a corporation but not the government?
We trust Apple and Google with our data more than the governemnt.
You could combine the slider phone with your tin foil hat
Honest question: don't understand the concern.
https://www.technologyreview.com/2020/03/06/905459/coronavir…
what can someone do with anonymous tracking data?
I don't know who you are -> Where are you right now? And where did you go last night? You can trust me, I won't tell anyone else.
https://www.theguardian.com/world/live/2020/apr/18/australia…
Don't trust it, review the code yourself or get your everyday ozBargainer too - refer to 711 Fuel Thread.
If you don't compile it yourself there is no way to know the source code is actually the same though.
@R-Man: Well you can compile it. But the version actually installed on your phone will be the app store version that you didn't compile.
@trapper: Then send out simple instructions to compile… For those who don't trust Google / Apple to verify the package.
This is pretty much how most ozbargain helicopters around Australia for 711 fuel prices. :)
For those who don't trust Google / Apple to verify the package.
Google/Apple have no way to verify the source code matches the binary even if they wanted to.
@khell: I'm an app developer man, I know what code signing is.
Code signing lets you verify WHO compiled the code, not WHAT code was compiled.
@trapper: Deterministic compiling is what you'd do.
If they specify a version of GCC (or something similarly easy to get it) and set the deterministic flag, it should be bitwise identical.
@trapper: Sure they can, if they care enough they can reverse engineer it. And having the source code makes that easier.
@[Deactivated]: LOL what, this is also getting negged. People can reverse engineer apps to understand what is going on, this is what security researches have been doing with the Singapore app. I've also done this for a number of apps. If they use advanced obfuscation techniques I would be suspicious.
@trapper: Unsurprisingly there is no real attempt to obfuscate the code, reverse engineering the apps for analysis is not proving difficult.
Honestly, we have 2.6k active infections and falling fast. It is simply too far an overreach to surrender this to the government.
Don't trust it, review the code yourself or get your everyday ozBargainer too - refer to 711 Fuel Thread.
Yes? What did we do in that thread?
@Freighter: Nothing Mr freighter. Nothing…..
Thanks though. Was a comment we had some techies in the forum
How do they do contact tracing if it's anonymous? It's not anonymous.
It's like having someone's credit card number without Name, Expiration date, security code, pin.
I'd still deem it as anonymous.
Go down the Authorization / Authentication token blockchain path
One of many examples - https://medium.com/@maksymtrilenko/blockchain-as-a-tool-for-…
They cant access your data, unless you say, "Yes I Authorise you to review my past 14 days of sitting at home."
They cant access your data, unless you say, "Yes…
Not quite, the app collects other people's data, they're not required to give permission.
@[Deactivated]: the details are sketchy at best.
My comments were how I would design it to maintain anonymity if that's what everyone's concern are
Not sure collecting- Device a77f5cdfa2934df3954a5c7c7da5df1f was in contact with 8527147fe1f5426f9dd545de4b27ee00 @ 12:15pm - is really that bad… but I'm probably over simplifying
@blehgg: Well if they don't know who owns device 8527147fe1f5426f9dd545de4b27ee00 is, what's the point?
@[Deactivated]: Sorry was trying to simplify it for those who aren't familiar with Blockchain tech
Tried to do a simple decentralised example - see below
https://www.ozbargain.com.au/node/531722#comment-8590381
They don't need to know who those IDs are. You just gotta tell the other Ids you've been in contact with.
@blehgg: Sorry with you, the blockchain sends an alert to device <insert ID> and when it receives it, it alerts the owner?.
So long as the owner can't be decoded, then I'm for it.
Whole point of using a dapp blockchain is that it is verifiable and tractable.
It's not so much about anonymity. It's more the majority of the data collected won't be sent to the server.
It's only when someone has covid they can opt to send their data.
The government than decrypts it and notifies you if you happen to be in that affected users list.
So the government only has the data about you under the following cases
- you have covid and choose to share the data or
- you have been near someone with covid in which case the government will know when that contact occurred
How is the data anonymous when the whole idea is that you become informed when someone you've had contact with becomes infected? By definition, the data is HIGHLY personal.
In the Korean one, its op in.
The Korean one is anonymous…
When you get infected - you go to hospital. WHEN you're infected, they trace based on what devices it's been in contact with.
That's not anonymous. As soon as the data is traceable back to a single device/user it is not anonymous, by definition.
@Seraphin7: Maybe it's just me ~ I think it's a great idea what South Korea has implemented and it's probably a more culturally acceptable thing over there - for the greater good etc etc.
Let's say 20% of Australia use the APP while COVID is still raging on. Being able to reliably trace the infections is worth the temporary invasion on my privacy. But again it's just my personal opinion.
Someone knowing where you are right now? What you did last night?
- Do I have anything to hide? nope. - don't care that you know I've been in isolation.
Do I want to know - "Your device has been in contact with an infection in the last 24 hours" -
Won't tell you who or which device you've been in contact with but yes - I'd like to know and go get tested, quarantine and not infect anyone else.
But again, it's my personal preference, and I'm not enforcing my views on anyone else. You guys do you.
Internet cookies and social media has enough information on me already…
@brendanm: It wasn't meant to sound like either. It was meant to mirror your comment of being pointless.
How does the government enforce you to have a voluntary app on your phone forever…
As one of the people who are concerned, it would be nice if you added something of real concern cause I'm legitimately interested.
@blehgg: They were talking about "forcing" it, somehow. If people don't use the app, they'll probably force apple/Google to hand over people's location data. "Just while covid is a problem", yet it will never be revoked, like all the other broad laws made up for a specific purpose.
I suppose you didn't opt out of myhealthrecord?
@brendanm: 1) You did read the limited details they did release right about the app right?
- Wouldn't trust it till the code comes out but still…
2) Forcing it is stupid Triple M sensationalizing it and will never happen. Don't jump on the conspiracy trains.
- listen to the Triple M interview which you're referring - the whole "forcing it" is coming from the radio host…
https://www.triplem.com.au/story/scott-morrison-tells-triple…
- the whole google thing is BS and wouldn't be technically feasible IMO
3) MyHealthRecord - tbh none of your business but I did my research and read up as much as I could and did opt out. I didn't listen to heresay…
@EightImmortals: But those same people can make comments like "they'll probably force apple/Google to hand over people's location data."
Its like trump saying "I'm not a doctor but zinc - they add in the zinc and i hear its really powerful"
Do you really think the technical community would let something like this slide if there were privacy concerns assuming its open source?
@EightImmortals: The Freedom of movement and the Freedom from interference with privacy, etc, are a fundamental human rights.
They may ask people to download the app, but can't lawfully force them to do it.
@whooah1979: Mind pointing out where these alleged rights are enshrined in Australia's constitution?
@blehgg: You know that at least in the us, they can force Google/apple to hand over your location data? Someone made a post about this just the other day, some poor guy was riding his bike past where a crime was committed, so he was made a suspect, had to pay for a lawyer etc. He had nothing to do with the crime.
So you opted out of myhealthrecord, you don't trust the government to keep your medical data safe, but you trust them to keep your location data, and who you come into contact with, safe?
@blehgg: Allegedly. Pretty pointless if it doesn't isn't it. They also say it's anonymous, which is impossible. So you actually believe any words that come out of the mouths of pollies?
@brendanm: two words - Open Source
I've had enough :) I just wanted to see what everyone's concerns where - as an educated discussion.
@blehgg: Yeah, that's not yet been released, so they can say whatever they like. Again, how would it be possible to be anonymous if they are wanting to alert people that they've been near people who have tested positive? Or how would they know who the people are who have been near the person who has tested positive.
@brendanm: Not exactly how they've designed it - read above for how they've done it which is a bit lazier and less secure.
Anonymous Hypothetical method
1) Brendan downloads the app - Brendan gets generated Transaction Address ABC1234 <— No Name / No Phone Number provided - you just get this ID
2) X other people get the APP
— BCD234 (Anonymous 2)
— CDF345 (Anonymous 3)
— DFG456 (Anonymous 4)
3) ABC123 is within 1.5 metres for 15 minutes with BCD234 - (bluetooth or whatever)
4) ABC123 adds Address BCD234 to their own phones contact log and vice vesa or BCD234 phone.
with timestamp - e.g. 18/04/2020 0900 AEST
5) This repeat for every anonymous user you have been in contact with for the last 14 days. (Every Address over this period is deleted off your own phone)
5) ABC123 gets COVID and goes to the doctors.
6) You get the APP out ~ Report infection via your phone button - requires a third anonymous authorisation ID of the doc.
- Again you could be an A%%hole and just not do anything.
7) This transaction is sent out to every other user in your interaction list via secured decentralised transactions
8) BCD234 goes to doc to get tested - (repeat send out of his list etc).
7) This transaction is sent out to every other user in your interaction list via secured decentralised transactions
How does this work unless phone numbers or similar were collected?
@Quantumcat: Transactions are stored in a distributed ledger. Your app can polls this for alerts. Just go read block chain or dapp :) there's plenty of 101 videos out there.
Similar tech as how you'd send a bitcoin around - alot of different uses for tokens
And the government stores nothing.
@blehgg: Do you mean basically that the list of infected people is uploaded somewhere and the phone checks to see if they were ever in contact with any of them? Someone suggested that on this thread already I think. There's no need for blockchain with this.
This can't be how they plan to implement it since I read you will be asked to hand over the data the app has collected, if you test positive. If it is as above then all they need is the infected person's ID, to upload it. Which they could get by being in Bluetooth range of them.
@blehgg: As an aside. Is there a mechanism to stop a hacker from wandering around collecting addresses then just flagging them all as infected?
I assume there would be some kind of key based mechanism to prevent him from pretending to be another user, but pretending to be himself an infected case might be harder to stop.
it's my personal preference
That's fine. You'll never get an argument from me on that basis.
BUT, this thread is about FORCING apps onto your phone … and your question was about ANONYMOUS data.
@Seraphin7: Yea apologies to OP, I hijacked the thread for my personal curiosity of why people were so against the app.
Or at least the concept - considering the app aint even out yet and all the information we do have is from the news and politicians
@blehgg: So if I am taking care to socially distance and practice proper hygiene. Then even if I do happen to have been near someone who tests positive I will not be infected.
So what happens when the app decides otherwise and I am declared officially 'exposed'.
Will I then be legally required to quarantine until my test results come back… ?
@trapper: I have a young family and people I care about, so I personally would. Again its up to the individual user for this use case.
Again - this puts the power back to the people to do the right things - just like social distancing etc.
If your app tells you, you've somehow spent more than 15 mins with someone who's just reported infected -
1) you can ignore it (even now - if you get COVID symptoms - there's no way to force you to go get tested or stay at home)
2) you can go to the docs and get tested and quarantine.
There's no way to trace you regardless. so to answer you - no not legally
Can you tell who made any of these transactions?
https://etherscan.io/address/0x38cc2604f90685db63dc659e43b7f…
There's no way to trace you regardless. so to answer you - no not legally
Well it was just on the news tonight that the govt will be phoning up all the people who have been near a positive case.
I wonder how they will do that with no way to trace you?
The Korean one is anonymous…
How is it anonymous?
The AusGov app is based on the Singaporean app, which isn't anonymous.
Maintain a central black list of infected people (just their anonymous identifier).
Once a day my device contacts central list and compares my list of my contacts with the black list of infected people.
If a match is found my phone tells me the bad news.
There are still security issues with this design, but my identity has been kept anonymous.
Yeah, that's not anonymous. You are literally describing personally identifiable data.
The fact that you/you contacts don't have access to personal data does not mean it's anonymous. In your example (and in any example that is vaguely feasible) whoever has access to the central database has access to that personal data.
@Seraphin7: I'm curious how you find this "not anonymous" [could you please explain further?]
Here's an example of a ETH ledger
https://etherscan.io/address/0x38cc2604f90685db63dc659e43b7f…
The ledgers are public by nature - the address are too. The disconnect is between logical address vs user.
It's like the government asking everyone which suburb they live and what their favourite color. Without who they are, its anonymous but you'd still get the data.
By definition - it's without name…
@blehgg: It's not anonymous in that you upload all the data from your phone to some central database, along with everyone else … then when someone's record gets the "Corona Positive" flag on it, all persons who had relevant contact with the positive person are flagged in some way (including that they get some message back to them that some contact has tested positive) … all very specific to the individual.
To extend on your example, anonymous data (in a very simplified sense) would report that x% of people living in a particular suburb identify "red" as their favourite colour. It's no longer anonymous when you (having voted red) get a text message back a week later that someone else who you've had contact with in the last week has also identified red as their favourite colour. That demonstrates that the data stored includes the fact that YOU have indicated red and it has matched that data with other specific individuals (who presumably have been similarly notified).
including that they get some message back to them that some contact has tested positive
Again the logical address is disconnected from a person identity - the message is trigger when your device queries the open ledger.
Again texting someone is a very different concept and is linked to a user and that's not what is being promoted by me and I'm largely against the texting part.
It's not like getting a text message back. It's like you vote the favourite colors and going to a Survey results website which lists the results….again.
There's nothing identifiable that you voted red - but no such data was stored.
What was stored was "Voter 132424 - voted red." You went in with a ski mask while voting. You know you are voter 132424….
Edit: Doesn't matter cause the didn't design it this way - but conceptually I don't understand why you are deeming abstraction of identity - not Anonymous…
@blehgg: Because however much you "abstract the identity" it is traceable back to a single person through your phone number. The system simply won't work with anonymous data … it has to send information back to specific individuals based on the information they and others have provided.
If you take my phone number and use all sort of "anonymisers" … but then can get back to my phone number with "reverse-anonymisers" … the data is not anonymous. So long as you have the "encryption key" (which the system must have in able to work) it ain't anonymous.
@Seraphin7: But the tech I've suggested doesn't take your phone number… I kinda give up trying to explain :)
I find no substantial concern in your arguments and you've kinda ignored my points…
Go read up on stuff like Monero.
You've taken a very Hollywood take on all of this but I can see why this is hard sell for the less tech savie and the general public…
@Seraphin7: Mate, generating unique IDs randomly isn't very hard. It's a solved problem.
There's no need to actually contact each person individually. You just make a list with an ID of each infected person. The ID is unique and random, so no way to connect it to anybody. You download the list every day (or how ever often) and look through your own list to determine if you've seen that ID. If you have, you get notified.
The only thing the government has is a list of each infected person (which they'll probably have anyway as they just got tested). The only time you upload any data is if you're infected, and even then just the unique ID.
EDIT: Major caveat, this is assuming it's designed sanely. You could definitely design it in a way that isn't this and not have have anonymity, but we'll get the source code, so we should know the design.
@Zephyrus: Well it was just on the news tonight that the govt will be able to get the details of everyone who has been near a positive case and will be phoning them all up.
So I guess that's the end of this whole 'is it really anonymous' argument.
@trapper: Yeah, this is sorta concerning. They said they would open source it and back tracked.
I'm definitely not downloading it now. Gives me a half a mind to write my own app.
Other users don’t know the identity of the temporary ids they receive. This is the sense in which it’s anonymous. Only the government can decrypt these IDs and associate it back to a phone number.
When someone is found to have contracted COVID-19 this same contact chaining needs to happen. If anything this is less invasive than public health officials doing more interviews and needing to make public announcements to find people.
the government can decrypt these IDs and associate it back to a phone number.
And that is precisely the problem.
@Seraphin7: But the government already needs to know this information for contact tracing. If we have wide adoption this will just make it more efficient and accurate. The speed with which this can push out alerts could help reduce transition rates.
@[Deactivated]: The government doesn't NEED to know this information at all.
If you choose to participate, then that is of course something you can choose to do as a free citizen.
Others will choose not to provide the government and all its various agencies with the list of people they choose to associate with (or just happen to share a public space with).
@Seraphin7: No it does need your contact history for contact tracing. Yes you can not install the all, yes you can misinform or refuse to tell this to public health officials. But doing so harms the Government's ability to keep the virus suppressed, and therefore ability to save lives and livelihoods.
Everyone will balance what they care about more. I don't care giving my location history to Government, so for me it's an easy choice, I'd rather save lives.
@TheRealCher: If you're comfortable with the government getting a list of everyone you've spent more than 15 minutes with in the case where you get covid and
If you're comfortable with the government knowing you've been in contact with someone who've had covid
Then you should install the app.
That's the only data you're giving out and the code is open source so pretty difficult to get around that. If you don't contract covid and you don't across anyone with covid, no data will be sent to the government.
For me, I'm comfortable with them having this info.