The never-ending saga of COVID-19 tracking apps.
UK finds itself almost alone with centralized virus contact-tracing app that probably wonât work well, asks for your location, may be illegal
Comment Britain is sleepwalking into another coronavirus disaster by failing to listen to global consensus and expert analysis with the release of the NHS COVID-19 contact-tracking app.
6 Likes
Contact-tracing is basically CRM so we think weâve got it sorted, says Salesforce
2 Likes
UK COVID-19 contact-tracing app data may be kept for âresearchâ after crisis ends, MPs told
Britons will not be able to ask NHS admins to delete their COVID-19 contact-tracking data from government servers, digital arm NHSXâs chief exec Matthew Gould admitted to MPs this afternoon.
2 Likes
India makes contact-tracing app compulsory in viral hot zones despite most local phones not being smart
4 Likes
Apple and Google will ban location-tracking by apps using their new coronavirus contract-tracing API, newly renamed ExposureNotification.
In a set of guidelines [PDF] for the API released today, the companies said that developers will not be able to access or even seek permission to access location data using the app.
2 Likes
I am fucking infuriated they chose to go this route with it when most of the rest of the EU is going with the decentralised approach. So we all want to do the right thing but in order to do so we have to keep a silo of non-deletable, easily deanonymised data to be used for whatever data scraping they wish to do in the future? Yeah, no⌠the privacy debt just continues to mount up.
Open rights group are currently seeking funding to go through the courts to demand things like data protection impact assessmentsâŚ
4 Likes
Interestingly, German health minister Spahn made a U-turn on that after favouring the centralised approach after quickly mounting public pressure. Iâm really glad they did.
However, Iâm still at odds with the tech and physics behind it, anyway.
If you know anyone working as an engineer with Bluetooth, could you alert them to this topic? Or just pass them the info @Aciantis gave in this topic and ask on their opinion?
4 Likes
I certainly would if i did or if i happen to in the future.
2 Likes
I havenât kept track, but I seem to remember that between the Digital Economy Bill and tbe Data Protection Act, British citizenâs data is pretty pretty much an open book already?
2 Likes
Related:
1 Like
The sensible approach would be to get the scientists / epidemiologists at the NHS to tell Google and Apple OS developers what anonymous data they actually need for modelling disease spread - eg information on how many contacts each person has on an average day, and how long the contact lasts, approximate distance - that data could be worked out on the phone by the operating system and provided to the government monitoring app pre-anonymised, rather than trusting the government to do it for us. If the reports that the U.K. âNHSâ app requires the program to be open in the foreground to operate are true, then itâs dead in the water.
1 Like
1 Like
Successive governments have just whittled away any protections citizens may have had through laws like that and the investigatory powers act squatting over all our browsing history but GCHQ have just illegally circumvented all that anyway with their fibre optic beam splitters and whatnot vacuuming up anything not locked down. Iâm just waiting to see how this app doesnât fall afoul of the, so far, weak-sauce GDPR since weâre still technically in the EU.
5 Likes
India acknowledges, but brushes aside, features-not-bugs in Aarogya Setyu virus contact-tracing app
The Indian government has acknowledged âpotential security issuesâ in the Aarogya Setyu contact-tracing app which its opposition labels as a âsurveillance system with no oversight,â but says the code issues are not that big a deal.
2 Likes
The Sun are reporting that the âNHSâ app uses the Core Bluetooth API in a way that allows the phone to transmit while the app is in the background - so either the Warner brothers have reverse engineered the iPhone or Apple have relaxed their rules
1 Like
Australian contact-tracing app sent no data to contact-tracers for at least ten days after hurried launch
Australiaâs âCOVIDSafeâ contact-tracing app was rushed to market in the knowledge it would perform poorly on some devices and without agreements in place to let actual contact-tracers use the data it collects. As a result, no collected data has been used in at least 10 days since its launch.
Meanwhile, security researchers have alleged the app has serious flaws â one of which can broadcast the names of devices running the app â and one has criticised Australiaâs government for not offering a formal method to point out such problems.
1 Like
Source code published for the âNHSâ app
3 Likes
Open rights group have been diving into the recently released impact assessment and, unsurprisingly, it doesnât give you a whole lot of confidence. Much like all government IT projects.
According to a (paywalled) FT article it turns out theyâre also building a decentralised app due to internal pressure over privacy. It really is the herd immunity clusterfuck all over again: going our own way when all the evidence suggests we shouldnât.
4 Likes
Need some weekend reading? How about the source code for UK, Australiaâs coronavirus contact-tracing apps
The NHSX, a technology group within the UK governmentâs National Health Service, has released the source code for its Android and iOS COVID-19 coronavirus contact-tracing apps in an effort to allay privacy concerns and improve the code.
Developers who have examined the blueprints have not been entirely mollified, and have called out several potential problems.
For example, the apps, which are supposed to be pro-privacy, use Google Analytics and the Firebase Analytics framework, configured in a way to allow personalized web advertisements. Also, they generate a private key thatâs not private because it gets created on a remote server rather than on the userâs device. And they link to insecure HTTP resources.
1 Like
