Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Monday April 13 2020, @05:58PM   Printer-friendly
from the proximity:-opposite-sides-of-the-same-wall dept.

Ross Anderson, a researcher at the Security Group at the University of Cambridge Computer Laboratory, has written about contact tracing in the real world enumerating in detail some of the many shortcomings with and false assumptions about contact tracing as means of fighting a pandemic.

There are also real systems being built by governments. Singapore has already deployed and open-sourced one that uses contact tracing based on bluetooth beacons. Most of the academic and tech industry proposals follow this strategy, as the “obvious” way to tell who’s been within a few metres of you and for how long. The UK’s National Health Service is working on one too, and I’m one of a group of people being consulted on the privacy and security.

But contact tracing in the real world is not quite as many of the academic and industry proposals assume.

First, it isn’t anonymous. Covid-19 is a notifiable disease so a doctor who diagnoses you must inform the public health authorities, and if they have the bandwidth they call you and ask who you’ve been in contact with. They then call your contacts in turn. It’s not about consent or anonymity, so much as being persuasive and having a good bedside manner.

He is not alone in pointing out that claims of being able to anonymize personal data have largely been proven to be bunk. The rules we set in place now will be with us for a long time and have far-reaching effects. The need to be given an appropriate level of consideration.

Security researcher Bruce Schneier posted his concerns on the same contract tracing story.

Previously:
(2020-04-11) Apple and Google are Launching a Joint COVID-19 Tracing Tool for IOS and Android
(2020-04-08) Senators Raise Privacy Questions About Google's COVID-19 Tracker
(2014-10-16) How Nigeria Stopped Ebola


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by DrkShadow on Monday April 13 2020, @07:26PM (8 children)

    by DrkShadow (1404) on Monday April 13 2020, @07:26PM (#982167)

    1. Your phone broadcasts a beacon. It changes every 30s to 30m, your individual choice, and is generated by a (long) pre-generated key. Like a generated OTP.
    2. Other phones listen and record _all_ of the beacons that they see.
    3. You're diagnosed. Your voluntarily surrender your private key.
    4. The "authorities" upload all of your keys between time A and time B to an online database.
    5. Users' phones search by 3 characters of a random subset of hashes seen, and get a list of any matching hashes that have been confirmed infected. (This list will be small)
    6. If there is a _full_ match in any hash, then you have come into contact with someone who was infected.

    Your anonymity ends if you have a confirmed contact _and_ you contact the authorities. You can instead opt to isolate for two weeks to alleviate the symptoms naturally. You could also (have another person) submit a list of hashes of your own, if you turn out to be infected, perhaps by QR code. (The trolling part.) Trolling would be difficult -- if tens of thousands of hash submissions come from a single IP, then ignore them; if they come from multiple IPs, then it's harder. You could require private-key submission with a list of matching hashes, would would prevent much trolling, but perhaps private keys could be iterated through (use a 64-bit random number as an IV?)

    Your location is not traceable, not even by group-speak. You're never revealing exactly what hashes you've been in contact with. There will be many hash matches, and the vast majority of them are meaningless.

    ---
    By the numbers exampled above, I would estimate that you would get about three hash-matches for every search the app performed, given a 64-bit hash. Check the full three hashes against your list, twice a day, and you know if you've been exposed.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by Immerman on Monday April 13 2020, @08:39PM

    by Immerman (3985) on Monday April 13 2020, @08:39PM (#982213)

    5) would be a problem - if you only search for a subset of hashes you have encountered, then you'll only be alerted to confirmed infections within that subset. You have to search for *every* hash you've encountered to be able to tell if any of them are confirmed infected. And you don't want to wait until the random sampling eventually covers the full list, since you're likely to be contagious relatively soon after being exposed.

    I'm also not clear on what hashes are supposed to add to the procedure rather than just using the original beacon IDs.

    If you're looking at preserving the privacy of the masses, it would seem the natural thing to do would just download a comprehensive list of every infected beacon released in the last day and compare against your own contact history. The initial download of everyone confirmed infected in the last few weeks might take a little while, but once you're only looking at new contacts - assuming a new beacon every 5 minutes, and 64 bits per beacon, 1000 new cases would only be a 2.3MB download, uncompressed (and you could probably get some really awesome compression since the beacon order doesn't matter - even just sorting the data first makes it far more amenable to compression).

    Of course if things get bad and you're looking at 100,000 new cases in a day, it gets a little sluggish. But if everyone is doing it, caching can reduce infrastructure requirements dramatically. You could also dramatically reduce the data load with only minor loss in privacy by encoding regional data in the beacons - e.g. dedicate 12 bits to indicate which of the 3000+ U.S. counties(or equivalents) you're currently in, so that people only need to download the infected beacon list for the counties they've actually been in recently.

  • (Score: 2, Informative) by barbara hudson on Monday April 13 2020, @09:47PM (6 children)

    by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Monday April 13 2020, @09:47PM (#982246) Journal
    Take all the necessary precautions and you won't be worried about coming into contact with someone else. N95 mask, eye protection, gloves and hand sanitizer, stay away from others, and make sure that everyone else you come into close contact does the same.

    In a household have only one person as the "designated survivor " - going out to take care of walking the dogs, shopping, etc, and as long as they take all the precautions all should be good. Bonus points because all the hand washing means nobody is getting a cold any more.

    --
    SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
    • (Score: -1, Flamebait) by Anonymous Coward on Monday April 13 2020, @10:07PM (4 children)

      by Anonymous Coward on Monday April 13 2020, @10:07PM (#982256)

      I "apologized" to you TRANNY twisto https://soylentnews.org/comments.pl?cid=937346&sid=35327 [soylentnews.org] ? FUCK NO, not ever: That's NOT me but I DESTROYED YOU PUBLICLY on every level including proving you barb stalk me on THIS SITE https://soylentnews.org/comments.pl?noupdate=1&sid=33430&page=1&cid=889582#commentwrap [soylentnews.org] with more proof QUOTED FROM YOU DIRECTLY barbara (tom) hudson proving are a technical incompetent brain-damaged transsexual fool BULLSHIT ARTIST FUCKUP worthless creep that also failed on tech vs. me.

      My post LITERALLY also shows links to stopping hundreds of threats of MANY KINDS via hosts (since 99% of malicious threats online use hostnames - block them as I do in hosts (less overhead vs. ANYTHING else by FAR & pure kernelmode TCP/IP stack efficient no less)? Can't TOUCH you nor you it. That's ONLY a 1 year only as a sample and I'd done TONS MORE many hundreds more at slashdot before that and yes 99% use hostnames so hosts work against them harming you).

      So much for your usual lies barb and useless online troll chatterbox you has never done better work and I fairly challenged you to show you did. You have not.

      NOW: You RESORTING TO IMPERSONATING ME on your end only PROVES I really got to you barb/tom hudson tranny.

      So much so you are reduced to showing us your true scum bag self in fact. Thought YOU were going to SUE me? LMAO for what? FACTS ABOUT YOU??? LOL!

      * YOU WILL ALWAYS FAIL vs. me just as you FAILED @ being a MAN & since you couldn't GET ANY PUSSY you (lmao) DECIDED in your DRUG ADDLED BRAIN to SLICE OFF YOUR COCK & build your OWN pussy (only way you'd "get some", ever).... OMG!

      Only thing that "looks like SHIT" is you you FUCKED UP abomination of desolation freak.

      APK

      P.S.=> Hey FREAK? I'm going to PUBLICLY EMBARRASS YOUR ASS SO BAD on this site you will have to SLINK AROUND IN SHAME publicly but then, "your kind" (massive MASSIVE total losers in life) are USED to that, aren't you? You don't LIKE IT but I LOVE doing it, exposing you as the TRASH you are fucker... apk

      • (Score: 0) by Anonymous Coward on Monday April 13 2020, @10:13PM (3 children)

        by Anonymous Coward on Monday April 13 2020, @10:13PM (#982259)

        So you have multiple personality disorder now. Congrats, you're more mentally ill than the average tranny.

        • (Score: -1, Troll) by Anonymous Coward on Monday April 13 2020, @10:37PM (2 children)

          by Anonymous Coward on Monday April 13 2020, @10:37PM (#982270)

          barbara hudson I strongly suggest you give up or leave this site after APK annihilated you here on every possible level there is to expose you as the twisted abnormal lying error prone fake it you are skilled scum you are https://soylentnews.org/comments.pl?noupdate=1&sid=33430&page=1&cid=889582#commentwrap [soylentnews.org]

          • (Score: -1, Flamebait) by Anonymous Coward on Monday April 13 2020, @10:46PM (1 child)

            by Anonymous Coward on Monday April 13 2020, @10:46PM (#982275)

            Notice barbara hudson (tranny tom) won't go on its usual tons of posts suddenly? I do. "IT" has been silenced by fact in huge errors it made that it provided no less https://soylentnews.org/comments.pl?noupdate=1&sid=33430&page=1&cid=889582#commentwrap [soylentnews.org]

            • (Score: 0) by Anonymous Coward on Monday April 13 2020, @11:06PM

              by Anonymous Coward on Monday April 13 2020, @11:06PM (#982290)

              Seek professional help, APK.

    • (Score: -1, Flamebait) by Anonymous Coward on Monday April 13 2020, @11:03PM

      by Anonymous Coward on Monday April 13 2020, @11:03PM (#982288)

      I "apologized" to you TRANNY twisto https://soylentnews.org/comments.pl?cid=937346&sid=35327 [soylentnews.org] ? FUCK NO, not ever: That's NOT me but I DESTROYED YOU PUBLICLY on every level including proving you barb stalk me on THIS SITE https://soylentnews.org/comments.pl?noupdate=1&sid=33430&page=1&cid=889582#commentwrap [soylentnews.org] with more proof QUOTED FROM YOU DIRECTLY barbara (tom) hudson proving are a technical incompetent brain-damaged transsexual fool BULLSHIT ARTIST FUCKUP worthless creep that also failed on tech vs. me.

      My post LITERALLY also shows links to stopping hundreds of threats of MANY KINDS via hosts (since 99% of malicious threats online use hostnames - block them as I do in hosts (less overhead vs. ANYTHING else by FAR & pure kernelmode TCP/IP stack efficient no less)? Can't TOUCH you nor you it. That's ONLY a 1 year only as a sample and I'd done TONS MORE many hundreds more at slashdot before that and yes 99% use hostnames so hosts work against them harming you).

      So much for your usual lies barb and useless online troll chatterbox you has never done better work and I fairly challenged you to show you did. You have not.

      NOW: You RESORTING TO IMPERSONATING ME on your end only PROVES I really got to you barb/tom hudson tranny.

      So much so you are reduced to showing us your true scum bag self in fact. Thought YOU were going to SUE me? LMAO for what? FACTS ABOUT YOU??? LOL!

      * YOU WILL ALWAYS FAIL vs. me just as you FAILED @ being a MAN & since you couldn't GET ANY PUSSY you (lmao) DECIDED in your DRUG ADDLED BRAIN to SLICE OFF YOUR COCK & build your OWN pussy (only way you'd "get some", ever).... OMG!

      Only thing that "looks like SHIT" is you you FUCKED UP abomination of desolation freak.

      TO THE MORON technically WEAK whimp THAT OWNS THIS SITE: Do you REALLY *THINK* (beyond your abilities MORON vs. me) YOU CAN "HOLD ME OUT/DOWN"?

      You've tried to for DAYS just as /. did ONLY TO HAVE ME FUCKING SHOW EVERYONE YOU ARE A POWERLESS FUCK vs. me (& believe me - IF I wanted to? I could DROP THIS SITE OFFLINE in minutes, but it is MORE FUN to expose YOU & this shitbag LYING scum TRANZOID barbara hudson, publicly - QUESTION: HOW DO SHITBAGS like you ALL live with yourselves?)

      APK

      P.S.=> Hey FREAK? I'm going to PUBLICLY EMBARRASS YOUR ASS SO BAD on this site you will have to SLINK AROUND IN SHAME publicly but then, "your kind" (massive MASSIVE total losers in life) are USED to that, aren't you? You don't LIKE IT but I LOVE doing it, exposing you as the TRASH you are fucker... apk