Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Cellphones Encryption Google Software Apple Technology

Apple and Google Pledge To Shut Down Coronavirus Tracker When Pandemic Ends (theverge.com) 63

An anonymous reader quotes a report from The Verge: On Friday, Apple and Google revised their ambitious automatic contact-tracing proposal, just two weeks after the system was first announced. An Apple representative said the changes were the result of feedback both companies had received about the specifications and how they might be improved. The companies also released a "Frequently Asked Questions" page, which rehashes much of the information already made public. On a call accompanying the announcement, representatives from each company pledged for the first time to disable the service after the outbreak had been sufficiently contained. Such a decision would have to be made on a region-by-region basis, and it's unclear how public health authorities would reach such a determination. However, the engineers stated definitively that the APIs were not intended to be maintained indefinitely.

Under the new encryption specification, daily tracing keys will now be randomly generated rather than mathematically derived from a user's private key. Crucially, the daily tracing key is shared with the central database if a user decides to report their positive diagnosis. As part of the change, the daily key is now referred to as the "temporary tracing key," and the long-term tracing key included in the original specification is no longer present. The new encryption specification also establishes specific protections around the metadata associated with the system's Bluetooth transmissions. Along with the random codes, devices will also broadcast their base power level (used in calculating proximity) and which version of the tool they are running. The companies are also changing the language they use to describe the project. The protocols were initially announced as a contact-tracing system, it is now referred to as an "exposure notification" system. The companies say the name change reflects that the new system should be "in service of broader contact tracing efforts by public health authorities."

This discussion has been archived. No new comments can be posted.

Apple and Google Pledge To Shut Down Coronavirus Tracker When Pandemic Ends

Comments Filter:
  • "pledge" (Score:5, Insightful)

    by LenKagetsu ( 6196102 ) on Friday April 24, 2020 @05:00PM (#59986704)

    How about a legally-binding contract with a penalty that would turn their respective companies into a parking lot?

    • How about a legally-binding contract with a penalty that would turn their respective companies into a parking lot?

      How about if their office and manufacturing spaces (and all associated costs) were turned into affordable housing, and homeless shelters instead?

      • That would be the gold standard, but in this day and age, we should be willing to settle for the minimum, because we won't even get that.

    • by lgw ( 121541 )

      That's wouldn't matter. We've always been at war with Eastasia! The pandemic won't be over until they say it's over, and how can we know it's over until there's a mandatory 100% tracking of people?

      The consortium behind ID2020 [id2020.org] wants their app mandatory on every phone in the world, and the pharma consortium including Eli Lilly and Roche Bio want a forced sale of vaccine to every person in the world. Lots of money to be made here on all sides. Normally big pharma isn't so interested in vaccines, because th

    • You are overthinking this. Do you think this pandemic is ever going to end?

      Actually, even if Covid-19 somehow did "end", with incompetents like Trump and the GOT in charge, there'll be another, and another, and as many more as required. Not like Trump and Barr are EVER going to run out of enemies. (Note: To break all technical security simply expose "target" to possible disease carrier. Then ALL "suspicious" contacts are decrypted.)

      You don't have to be stupid to join the Gang Of Trump. Take Governor Kemp of

      • Actually the person scared witless was/is Gavin Newsom. Trump is pretty positive and an optimistic person. Funny how Trump is according to your post "to blame" for deaths related to a virus. I guess you have a high expectation of Government, just a question here. How many times has the Government of your preference stopped you getting the Flu? If you answered zero then you can see that the Government has very limited scope in preventing you from getting sick. Since the US is one of the best in terms of deat
    • How about a legally-binding contract with a penalty that would turn their respective companies into a parking lot?

      Public statements of this sort made by publicly-traded corporations effectively are legally binding. Lying would be a violation of federal laws regulating truthfulness of statements that could affect the share price.

  • Of course they won't track cv after cv is gone.

    They will just track everything.
    • by tlhIngan ( 30335 )

      Of course they won't track cv after cv is gone.

      They will just track everything.

      Except there's no tracking involved. GPS isn't used nor stored nore uploaded.

      It's a zero knowledge method of determining if you met someone at a particular point in time without needing to know the exact time, or place. In fact, place is unimportant in the algorithm because it doesn't care. All that's being determined is a web of people someone might have met independent of time and place (you record time because you want to isol

      • Great! Are they going to release the source code for download? Give it to the Apache Foundation or EFF to compile and distribute.

  • by nospam007 ( 722110 ) * on Friday April 24, 2020 @05:10PM (#59986752)

    I guess it is the same day that the war on terror ends, the war on drugs and also a blue moon.

    • One of these things is not like the other two.

      There is an average of 1 blue moon per year.

    • I guess it is the same day that the war on terror ends, the war on drugs and also a blue moon.

      A blue moon happens more often than you think.

  • Right now, it looks like COVID infection is around roughly 2-5% everywhere, and up to 25% in hotspots. A tracking utility to monitor the spread of it among individuals is worthless. That might have been valuable when infection rates were well below 1%, but as it is now, even with social distancing, interactions with the potential of spreading the disease have to number in the tens of millions per day, if not hundreds of millions.
    • by Toonol ( 1057698 )
      Plus (replying to myself), they wish to track confirmed cases, which are outnumbered 10:1 or more by unconfirmed cases. The majority of people infected with CV will never be tested, and this app would never trace their contacts.
    • by dgatwood ( 11270 )

      Right now, it looks like COVID infection is around roughly 2-5% everywhere, and up to 25% in hotspots.

      The known cases in California are under 0.1%. It might be 5% among the people who are running around in public every day, but I doubt it is anywhere close to 1% overall. Similarly, right now, in Santa Clara County (one of California's hot spots), there are 1987 known cases. Again, that's a tenth of one percent.

      Even the estimates in NYC are only about 14-ish percent among people who aren't staying locked

    • The point is that people are once again lining up to surrender their privacy to corporate thugs.

      This is being sold to Joe public based a some perceived usefulness. This usefulness is, as usual, not really measurable.

      If it makes you feel safer, it must be increasing your safety. Wrong.
  • The Patriot Act was to expire in 2011. It is in at least part still active. Why should we trust either corporations or corporate owned politicians when they say they will voluntarily give up power over us??

  • #1: COVID-19 is going to be circulating around the world for our lifetimes
    #2: Google ("Alphabet") removed "Don't Be Evil" from their company's guiding principles
    • I'd mod you up if I could. I think the google's current motto is "All your attention are belong to us." I think I figured that out the last time I had dinner with a Googler... Several years back.

  • Everyone who believes what Apple & Google say, raise your right hand LOL. Oh, there will be another virus, another outbreak another something that will "allow" them to continue to use this spying crap. And, you can bet if they can figure a way to make it into some sort of advertising generator, they will use it. Just think...you walk past a store with a tracker, it pings your phone with an ad. I've noticed if I have my NFC turned on, sometimes google pay will tell me if I stop at a store, if they accept
  • How it works... (Score:5, Informative)

    by ClarkMills ( 515300 ) on Friday April 24, 2020 @05:56PM (#59986940)

    From what I understand...

    Your device is switched into low power bluetooth (2m / 6' / low energy) mode.
    Your device communicates with any other similarly configured devices (other people) exchanging the bluetooth MAC (serial number) information and timestamps the pair/unpair event in a database on your device.
    If user-B finds that they have CoViD-19, they flag this on their device, this uploads their MAC (serial number) only to a remote server.
    That remote server collates all the MACs (serial numbers) and pushes that delta list to all the devices. (May be geofenced?)
    Your device scans the delta list of infected MACs and compares it agains your devices database looking for any matches.
    If no match is found... great
    If a match is found... your device generates a simple risk graph based on the amount of time paired with the infected user and displays this information (risk, contact time and duration) on the users device. You need to action any events; only your device knows that there has been an exposure (database match).
    Cleanup:The device's database can flush events over a certain period (say four weeks) as we don't care beyond that, no?

    This is what I gather based on a short BBC radio (podcast) article... I could be way off the mark in detail but that's the big-picture idea... they may be more invasive than this and I can see people poisoning the system with alerts unless there's some sort of authentication. Food for thought...

    https://www.bbc.co.uk/sounds/p... [bbc.co.uk]
    Starts at 14:08

    • by shanen ( 462549 )

      Couldn't give you the informative mod because you're looking in the wrong direction.

      If "they" want to track you, then they simply make sure you come close to a "possible carrier" within the deletion time interval. Of course those approaches can be faked, but your data is decrypted and send upstream anyway. Then the data can be compromised at any weak link. It doesn't matter if one link of the security chain is arbitrarily strong. The data will naturally be breached at the weakest link.

      • If "they" want to track you, then they simply make sure you come close to a "possible carrier" within the deletion time interval.

        If "they" want to track. you, they don't need this system at all. GPS and cell tower triangulation already provide all of the data needed.

        The whole purpose of this system is to provide an alternative that doesn't reveal actual locations, or actual user identities.

        • by shanen ( 462549 )

          You can't possibly be that sincerely ignorant. Do you know what BlueTooth is? Can you imagine the implications of having the list of every person who passed within BlueTooth range? Why would it matter at all where those meetings happened?

          Of course the amusing reality is that an actual conspirator is going to leave his smartphone at home whenever he's actually out conspiring. Ditto the malicious person who is trying to spread a disease in an untraceable way.

          • You can't possibly be that sincerely ignorant.

            I'm not ignorant, you are. You don't understand the proposed system.

            Can you imagine the implications of having the list of every person who passed within BlueTooth range?

            The system doesn't produce that list. Anywhere, at any point. Not on your device, not in others' devices, not in any centralized system.

            • by shanen ( 462549 )

              Do you understand how a disease spreads? Each and EVERY person who comes close to you might give or receive the virus. The BlueTooth data MUST record ALL of that contact data, at least for every person who is carrying a compatible device OR THE TRACING IS ACCOMPLISHING NOTHING.

              The only remaining question is how to expose the data. I merely suggested the obvious breach of using the system exactly the way it is designed to abuse it. A "tainted" person passes within BlueTooth range of the "target" person, and

              • Do you understand how a disease spreads? Each and EVERY person who comes close to you might give or receive the virus. The BlueTooth data MUST record ALL of that contact data, at least for every person who is carrying a compatible device OR THE TRACING IS ACCOMPLISHING NOTHING.

                It achieves the goal, without gathering any identifiable information. Seriously, just read the specification. It's not complicated.

    • Your device communicates with any other similarly configured devices (other people) exchanging the bluetooth MAC (serial number) information and timestamps the pair/unpair event in a database on your device.

      Not MAC addresses.

      Every day, your device chooses a new, random AES key. Every 10 minutes, it encrypts a counter with this AES key to produce an ID. It's this ID that your device broadcasts, and your device logs similar broadcasts it receives from other devices. In order to avoid enabling tracking your device via MAC address, your BT MAC address also changes randomly every 10 minutes, in lockstep with the changing of the broadcast value. But the MAC address is not part of the system and is not recorded

  • need to spy on it's citizens. There is nothing this app does that is not needed for long term interaction tracking by government. Hey lets go back 6 months and see if these 2 citizens came close. Remember close is good enough to get the investigation started. And start putting citizens in jail.

    Odd how wam bam thank you and the app is all done and ready to go.
    Most likely something they wrote for China and China is just allowing Google and Apple to sell it in the US because they have an inside track(so to
  • they are going to hide the servers that collect and mine data from the users, freedom & privacy once surrendered is never regained without a battle
    • they are going to hide the servers that collect and mine data from the users, freedom & privacy once surrendered is never regained without a battle

      Uh huh. And I'm sure no one will notice that all of the devices are still sending out BLE beacons...

  • After this "crisis" is over, there will be another and another and another, until there is nothing but a crisis. These things are *easy* to start, but hard to ever get rid of. And it's not just Apple tracking apps...

  • I pledge to install the app. Pinky swear, cross my heart and all that.

    • I pledge allegiance to the app...

      No, how about I don't install the app, and I don't promise to either.

      Does the app ask for my phone's ID? If so, it isn't designed to report to me, it is designed to report on me.

      Does the app ask to read my contact list? I don't have permission from all these people to share their contact history, and it would only take one dissenter to render it unethical to install the app. If there is anybody in my contact list who I haven't asked for permission, then it is unethical to in

      • If it becomes a requirement to install that app, I'll have a phone to carry that app. If it becomes a requirement to have this app to go shopping, I will have a shopping phone from now on. It's one more token to haul about when going for groceries, that's pretty much it.

        • Wow, comments like this make me glad to be an American.

          If you even have to consider the possibility that the app will be a "requirement" to install, you already have worse problems than this pandemic.

  • I don't believe them and no one who is intelligent does either.
  • All the dystopian functionality is already available to apps on your mobile that you download and use every day. Any app you already use may already be exhibiting the unwanted behaviour being complained about. The concerns are real enough but in the case of a public health app that saves lives with transparency and a kill switch that you control I do not understand the problem. Criminals and terrorists seem to have cottoned on to this years ago. Why do you think they use burner phones or avoid using mobiles

  • I am thinking of starting an obfuscation service which involves taking cell phones to randomly selected destinations and back just to confuse the tracking.
    {^_-}

  • They will just rename it and shove it in the background, it will never be removed

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...