Apple and Google Pledge To Shut Down Coronavirus Tracker When Pandemic Ends (theverge.com) 63
An anonymous reader quotes a report from The Verge: On Friday, Apple and Google revised their ambitious automatic contact-tracing proposal, just two weeks after the system was first announced. An Apple representative said the changes were the result of feedback both companies had received about the specifications and how they might be improved. The companies also released a "Frequently Asked Questions" page, which rehashes much of the information already made public. On a call accompanying the announcement, representatives from each company pledged for the first time to disable the service after the outbreak had been sufficiently contained. Such a decision would have to be made on a region-by-region basis, and it's unclear how public health authorities would reach such a determination. However, the engineers stated definitively that the APIs were not intended to be maintained indefinitely.
Under the new encryption specification, daily tracing keys will now be randomly generated rather than mathematically derived from a user's private key. Crucially, the daily tracing key is shared with the central database if a user decides to report their positive diagnosis. As part of the change, the daily key is now referred to as the "temporary tracing key," and the long-term tracing key included in the original specification is no longer present. The new encryption specification also establishes specific protections around the metadata associated with the system's Bluetooth transmissions. Along with the random codes, devices will also broadcast their base power level (used in calculating proximity) and which version of the tool they are running. The companies are also changing the language they use to describe the project. The protocols were initially announced as a contact-tracing system, it is now referred to as an "exposure notification" system. The companies say the name change reflects that the new system should be "in service of broader contact tracing efforts by public health authorities."
Under the new encryption specification, daily tracing keys will now be randomly generated rather than mathematically derived from a user's private key. Crucially, the daily tracing key is shared with the central database if a user decides to report their positive diagnosis. As part of the change, the daily key is now referred to as the "temporary tracing key," and the long-term tracing key included in the original specification is no longer present. The new encryption specification also establishes specific protections around the metadata associated with the system's Bluetooth transmissions. Along with the random codes, devices will also broadcast their base power level (used in calculating proximity) and which version of the tool they are running. The companies are also changing the language they use to describe the project. The protocols were initially announced as a contact-tracing system, it is now referred to as an "exposure notification" system. The companies say the name change reflects that the new system should be "in service of broader contact tracing efforts by public health authorities."
Re: Queue Slashdot posts (Score:2)
This article is about lying megacorps who grab every bit of PII they can get to resell to advertisers and governments. Entirely different.
If you're going to insult people for their beliefs it would make you look a lot less stupid if you actually
Re: (Score:1)
"Next you get modded +5 informative send I'll be -1 troll..."
Let's hope so.
Re: (Score:2)
If you're going to insult people for their beliefs
I'm not insulting people for their beliefs. I'm reflecting on the state of the Slashdot comments section. If you feel insulted that's on you. In the meantime *scrolls down*, hey look I was right.
Next you get modded +5 informative send I'll be -1 troll
Wow you really don't know Slashdot at all. Self defeating posts like this never get +ve votes. If anything you're likely to get the upvote.
Re: (Score:2)
the conspiracies are out in the open. big corps with power and money grubbing scum in their pockets (our gov).
if we find out half those under age 50 has had the disease already we don't even need this system.
Re: (Score:2)
Even New York they're only estimating 14%
Re: (Score:2)
they did harsher lockdown than many places (and properly so). The ramping up of antibody test kits will settle the matter.
Re: (Score:2)
Yeah, boooo privacy, and down with transparency and decency. Why can't everyone just give all their money to the big corps, live in constant surveillance, and just be happy that they get to breathe.
Re: (Score:2)
Yep proved the point.
Re: (Score:1)
Re: (Score:2)
If you're going to troll
I'm not trolling. I'm reflecting on the state of Slashdot. And scrolling down ... man I hate being right.
"pledge" (Score:5, Insightful)
How about a legally-binding contract with a penalty that would turn their respective companies into a parking lot?
Re: (Score:3)
How about a legally-binding contract with a penalty that would turn their respective companies into a parking lot?
How about if their office and manufacturing spaces (and all associated costs) were turned into affordable housing, and homeless shelters instead?
Re: (Score:3)
That would be the gold standard, but in this day and age, we should be willing to settle for the minimum, because we won't even get that.
Re: (Score:3)
That's wouldn't matter. We've always been at war with Eastasia! The pandemic won't be over until they say it's over, and how can we know it's over until there's a mandatory 100% tracking of people?
The consortium behind ID2020 [id2020.org] wants their app mandatory on every phone in the world, and the pharma consortium including Eli Lilly and Roche Bio want a forced sale of vaccine to every person in the world. Lots of money to be made here on all sides. Normally big pharma isn't so interested in vaccines, because th
Re:"pledge"? Define "ends" (Score:3)
You are overthinking this. Do you think this pandemic is ever going to end?
Actually, even if Covid-19 somehow did "end", with incompetents like Trump and the GOT in charge, there'll be another, and another, and as many more as required. Not like Trump and Barr are EVER going to run out of enemies. (Note: To break all technical security simply expose "target" to possible disease carrier. Then ALL "suspicious" contacts are decrypted.)
You don't have to be stupid to join the Gang Of Trump. Take Governor Kemp of
Re: (Score:1)
Public masturbation of 5254161 (Score:2)
Z^-1
Re: (Score:3)
How about a legally-binding contract with a penalty that would turn their respective companies into a parking lot?
Public statements of this sort made by publicly-traded corporations effectively are legally binding. Lying would be a violation of federal laws regulating truthfulness of statements that could affect the share price.
Sure, replaced with non-cv tracker (Score:1)
They will just track everything.
Re: (Score:3)
Except there's no tracking involved. GPS isn't used nor stored nore uploaded.
It's a zero knowledge method of determining if you met someone at a particular point in time without needing to know the exact time, or place. In fact, place is unimportant in the algorithm because it doesn't care. All that's being determined is a web of people someone might have met independent of time and place (you record time because you want to isol
Re: (Score:2)
Great! Are they going to release the source code for download? Give it to the Apache Foundation or EFF to compile and distribute.
I see (Score:3)
I guess it is the same day that the war on terror ends, the war on drugs and also a blue moon.
Re: (Score:2)
One of these things is not like the other two.
There is an average of 1 blue moon per year.
Re: (Score:2)
I guess it is the same day that the war on terror ends, the war on drugs and also a blue moon.
A blue moon happens more often than you think.
What's the point, at this point? (Score:2)
Re: (Score:2)
Re: (Score:2)
The known cases in California are under 0.1%. It might be 5% among the people who are running around in public every day, but I doubt it is anywhere close to 1% overall. Similarly, right now, in Santa Clara County (one of California's hot spots), there are 1987 known cases. Again, that's a tenth of one percent.
Even the estimates in NYC are only about 14-ish percent among people who aren't staying locked
Re: (Score:1)
This is being sold to Joe public based a some perceived usefulness. This usefulness is, as usual, not really measurable.
If it makes you feel safer, it must be increasing your safety. Wrong.
Don't believe it. (Score:1)
The Patriot Act was to expire in 2011. It is in at least part still active. Why should we trust either corporations or corporate owned politicians when they say they will voluntarily give up power over us??
subject (Score:1)
#2: Google ("Alphabet") removed "Don't Be Evil" from their company's guiding principles
Motto of the EVIL google (Score:2)
I'd mod you up if I could. I think the google's current motto is "All your attention are belong to us." I think I figured that out the last time I had dinner with a Googler... Several years back.
Wanna bet? (Score:1)
How it works... (Score:5, Informative)
From what I understand...
Your device is switched into low power bluetooth (2m / 6' / low energy) mode.
Your device communicates with any other similarly configured devices (other people) exchanging the bluetooth MAC (serial number) information and timestamps the pair/unpair event in a database on your device.
If user-B finds that they have CoViD-19, they flag this on their device, this uploads their MAC (serial number) only to a remote server.
That remote server collates all the MACs (serial numbers) and pushes that delta list to all the devices. (May be geofenced?)
Your device scans the delta list of infected MACs and compares it agains your devices database looking for any matches.
If no match is found... great
If a match is found... your device generates a simple risk graph based on the amount of time paired with the infected user and displays this information (risk, contact time and duration) on the users device. You need to action any events; only your device knows that there has been an exposure (database match).
Cleanup:The device's database can flush events over a certain period (say four weeks) as we don't care beyond that, no?
This is what I gather based on a short BBC radio (podcast) article... I could be way off the mark in detail but that's the big-picture idea... they may be more invasive than this and I can see people poisoning the system with alerts unless there's some sort of authentication. Food for thought...
https://www.bbc.co.uk/sounds/p... [bbc.co.uk]
Starts at 14:08
Re: (Score:2)
Couldn't give you the informative mod because you're looking in the wrong direction.
If "they" want to track you, then they simply make sure you come close to a "possible carrier" within the deletion time interval. Of course those approaches can be faked, but your data is decrypted and send upstream anyway. Then the data can be compromised at any weak link. It doesn't matter if one link of the security chain is arbitrarily strong. The data will naturally be breached at the weakest link.
Re: (Score:2)
If "they" want to track you, then they simply make sure you come close to a "possible carrier" within the deletion time interval.
If "they" want to track. you, they don't need this system at all. GPS and cell tower triangulation already provide all of the data needed.
The whole purpose of this system is to provide an alternative that doesn't reveal actual locations, or actual user identities.
Re: (Score:2)
You can't possibly be that sincerely ignorant. Do you know what BlueTooth is? Can you imagine the implications of having the list of every person who passed within BlueTooth range? Why would it matter at all where those meetings happened?
Of course the amusing reality is that an actual conspirator is going to leave his smartphone at home whenever he's actually out conspiring. Ditto the malicious person who is trying to spread a disease in an untraceable way.
Re: (Score:2)
You can't possibly be that sincerely ignorant.
I'm not ignorant, you are. You don't understand the proposed system.
Can you imagine the implications of having the list of every person who passed within BlueTooth range?
The system doesn't produce that list. Anywhere, at any point. Not on your device, not in others' devices, not in any centralized system.
Re: (Score:2)
Do you understand how a disease spreads? Each and EVERY person who comes close to you might give or receive the virus. The BlueTooth data MUST record ALL of that contact data, at least for every person who is carrying a compatible device OR THE TRACING IS ACCOMPLISHING NOTHING.
The only remaining question is how to expose the data. I merely suggested the obvious breach of using the system exactly the way it is designed to abuse it. A "tainted" person passes within BlueTooth range of the "target" person, and
Re: (Score:2)
Do you understand how a disease spreads? Each and EVERY person who comes close to you might give or receive the virus. The BlueTooth data MUST record ALL of that contact data, at least for every person who is carrying a compatible device OR THE TRACING IS ACCOMPLISHING NOTHING.
It achieves the goal, without gathering any identifiable information. Seriously, just read the specification. It's not complicated.
Public masturbation of 191260 (Score:2)
Z^-2
Re: (Score:3)
Your device communicates with any other similarly configured devices (other people) exchanging the bluetooth MAC (serial number) information and timestamps the pair/unpair event in a database on your device.
Not MAC addresses.
Every day, your device chooses a new, random AES key. Every 10 minutes, it encrypts a counter with this AES key to produce an ID. It's this ID that your device broadcasts, and your device logs similar broadcasts it receives from other devices. In order to avoid enabling tracking your device via MAC address, your BT MAC address also changes randomly every 10 minutes, in lockstep with the changing of the broadcast value. But the MAC address is not part of the system and is not recorded
This is just what a state would (Score:2)
Odd how wam bam thank you and the app is all done and ready to go.
Most likely something they wrote for China and China is just allowing Google and Apple to sell it in the US because they have an inside track(so to
and by shut down they really mean this (Score:2, Insightful)
Re: (Score:3)
they are going to hide the servers that collect and mine data from the users, freedom & privacy once surrendered is never regained without a battle
Uh huh. And I'm sure no one will notice that all of the devices are still sending out BLE beacons...
Bullshit (Score:2)
After this "crisis" is over, there will be another and another and another, until there is nothing but a crisis. These things are *easy* to start, but hard to ever get rid of. And it's not just Apple tracking apps...
I have a better idea (Score:2)
I pledge to install the app. Pinky swear, cross my heart and all that.
Re: (Score:2)
I pledge allegiance to the app...
No, how about I don't install the app, and I don't promise to either.
Does the app ask for my phone's ID? If so, it isn't designed to report to me, it is designed to report on me.
Does the app ask to read my contact list? I don't have permission from all these people to share their contact history, and it would only take one dissenter to render it unethical to install the app. If there is anybody in my contact list who I haven't asked for permission, then it is unethical to in
Re: (Score:3)
If it becomes a requirement to install that app, I'll have a phone to carry that app. If it becomes a requirement to have this app to go shopping, I will have a shopping phone from now on. It's one more token to haul about when going for groceries, that's pretty much it.
Re: (Score:2)
Wow, comments like this make me glad to be an American.
If you even have to consider the possibility that the app will be a "requirement" to install, you already have worse problems than this pandemic.
Meaningless promises (Score:2)
Suckers (Score:2)
All the dystopian functionality is already available to apps on your mobile that you download and use every day. Any app you already use may already be exhibiting the unwanted behaviour being complained about. The concerns are real enough but in the case of a public health app that saves lives with transparency and a kill switch that you control I do not understand the problem. Criminals and terrorists seem to have cottoned on to this years ago. Why do you think they use burner phones or avoid using mobiles
New serrvice idea (Score:2)
I am thinking of starting an obfuscation service which involves taking cell phones to randomly selected destinations and back just to confuse the tracking.
{^_-}
yea sure (Score:2)
They will just rename it and shove it in the background, it will never be removed