The Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) consortium, which is charged with helping develop the protocols for a privacy-focused European Union contact tracing system, has removed any mention of the decentralized protocol proposal Decentralized Privacy-Preserving Proximity Tracing (DP3T) from its website.
Contact tracing is the process by which health authorities track the spread of viruses, identifying who has been in contact with infected individuals and should therefore be quarantined. Countries are pursuing a variety of digital methods of doing so, ranging from location tracking of cell phones and facial recognition, to digital health passes that restrict movement and Bluetooth proximity tracing. Last weekend, Google and Apple announced a plan to update their mobile operating systems to allow Bluetooth tracing.
Any E.U. contact tracing would have to comply with the General Data Protection Regulation (GDPR), which ensures greater privacy and data protection for EU citizens than is currently enforced in the U.S.
[...] The DP3T team, which outlined its proposal to CoinDesk earlier this week, was not told the protocol was being removed from the site, and was not invited to attend a PEPP-PT call Friday with the consortium's various partners, according to three sources familiar with the matter.
“We found this in the morning, so far with no comment from them,” said someone close to the DP3T negotiations. "There are also other changes that smell centralized, and we don't know what the German government means when they say they plan on implementing ‘PEPP-PT architecture’ as now there is nothing. This seems very worrisome, and that they may implement something that has not been publicly reviewed.”
It’s now unclear what a PEPP-PT protocol might look like, as the consortium website, while listing general guidelines, does not offer concrete proposals, only general principles.
See A New Infection Alarm System on Your Smartphone which has a very readable story on the formation and development of PEPP-PT and the importance they placed on privacy protections for users to be willing to install PEPP-TT in the first place.
With all those blue tooth beacons pinging, one can well imagine other enterprises setting up sensors at entrances, for example, to track who has passed them and when. Those enterprises may not necessarily be as sensitive to protecting the anonymity of the passersby.
Related Stories
NHS rejects Apple-Google coronavirus app plan:
The UK's coronavirus contact-tracing app is set to use a different model to the one proposed by Apple and Google, despite concerns raised about privacy and performance.
The NHS says it has a way to make the software work "sufficiently well" on iPhones without users having to keep it active and on-screen.
That limitation has posed problems for similar apps in other countries.
[...] "Engineers have met several core challenges for the app to meet public health needs and support detection of contact events sufficiently well, including when the app is in the background, without excessively affecting battery life," said a spokeswoman for NHSX, the health service's digital innovation unit.
(Score: 2) by hendrikboom on Saturday April 18 2020, @03:43AM (12 children)
So someone discovers he's got coronavirus and was on a bus.
Yes, you have his trajectory and all the trajectories of the people that were on the bus with him.
So if all those trajectories are anonymized, how is anyone going to figure out which trajectory belongs to him, and how do you find out who the other trajectories belong to so you can contact them and warn them that they should get tested and self-isolate?
Hard to see how to anonymize the whole thing without making it useless.
Anyone else have a clue?
-- hendrik
(Score: 3, Insightful) by fustakrakich on Saturday April 18 2020, @03:51AM (3 children)
Anyone else have a clue?
Yeah, the money should be spent on creating a vaccine, not dystopia
La politica e i criminali sono la stessa cosa..
(Score: 1, Informative) by Anonymous Coward on Saturday April 18 2020, @04:47AM (2 children)
Seems like we collectively have enough money to explore both avenues. No reason for this to be either/or.
(Score: 0) by Anonymous Coward on Saturday April 18 2020, @02:48PM (1 child)
Oh, so you want a vaccine AND dystopia?
Eh, that's probably what we will get eventually
(Score: 2) by Joe Desertrat on Saturday April 18 2020, @09:11PM
I'm sure we'll get the dystopia anyway.
(Score: 5, Interesting) by Bot on Saturday April 18 2020, @06:20AM (1 child)
First of all you can't anonymize trajectories, because it's trivial to match them with other data, cellphone towers, start and end of trajectory.
Second you don't need to send data anywhere except for your own online ICE backup which can be secured pretty well as there is no need to exchange keys online.
Third you don't need trajectories.
All you need is an ID, and just to be paranoid let's use a public key. A protocol should be like this:
A: hello anybody there? # signed by A
B and C log "A wuz here at approximately 10am" (approximate time is more privacy preserving and irrelevant since virus positivity is to be judged at approximate time anyway).
B: hello pubkey A # signed by B
A and C log "B wuz here...."
C: hello pubkey A and B # signed by C
....
C results infected one week later, C key gets broadcast, authorities get from C the list of pubkeys, people compare their pubkey to the broadcast ones. People potentially infected come to get a free tampon check.
It remains to be seen how to deal with people not collaborating, but A and B would need to stop using their existing pubkey and if you keep a register and require people to health check before registering a new pubkey you have framed them.
After a bit of time your contact log becomes useless and logs can be rotated.
Account abandoned.
(Score: 2, Insightful) by shrewdsheep on Saturday April 18 2020, @07:43PM
A more simple and privacy respecting solution seems to be:
- Cell phone track proximity
- Pairs of cell phones negotiate a unique ID for each proximity event, only these two cell phones store the proximity event ID
- Someone gets infected: Publish your proximity event IDs
- Every cell phone periodically checks published IDs
The chain of trust is another problem, but seems less critical here. No individual identifiers needed, tracking remains limited.
(Score: 3, Insightful) by c0lo on Saturday April 18 2020, @07:40AM (3 children)
1. app saves the Bluetooth ID-es of anyone's mobile you came in proximity with you
2. app periodically poll a DHT of Bluetooth ID-es that were declared Corona-positive and looks on your phone-local "proximity" database
3. If your phone says "I got near an ID announced positive", you go get tested (is your interest, isn't it?) and you show only the screen of your app saying "had a contact with a positive at date/time" as the reason why you'd better be tested with priority. If the test show return positive, you start your quarantine and only your Bluetooth ID is disclosed to the public without your identity, which remains as private as your relation with the heath care professionals allows you keep your privacy.
See? No mention in the above of centralization nor of disclosing your identity to others. And collected the "proximity" data does not need to leave your phone.
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by hendrikboom on Saturday April 18 2020, @10:43AM (2 children)
So anonymity can be preserved until you go get tested. Then of course you will be have to be physically present at the testing site.
(Score: 3, Insightful) by c0lo on Saturday April 18 2020, @01:48PM
The anonymity can be preserved even after being tested, if the test turns negative: they don't need to know if you are not infected.
Even better, they don't need to know your Bluetooth ID, just to make sure you press the "I'm infected" button of the application (to be activated by scanning a QRCode generated by the testing lab), which will push the Bluetooth ID in the "declared as infected" DHT, with no other identity. If the app is open source and vetted independently as not violating the privacy (+signed), the level of trust is as high as it can be.
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 1, Insightful) by Anonymous Coward on Saturday April 18 2020, @04:43PM
Your doctor already knows your name, or he wouldn't be "your doctor". So no loss of anonymity there.
And anonymity in the system will be preserved even after the test. Your bluetooth ID will be registered as positive, there is no reason to supply your name.
(Score: 3, Informative) by sjames on Saturday April 18 2020, @10:39AM
You don't need to know it was John Smith at 123 Apple street. All you need to know is that beacon number 967356717389 reports a positive COVID test and you were in proximity at some point in the last 2 weeks. Really you personally don't actually need to know the beacon number either, but the protocol will.
(Score: 2) by driverless on Sunday April 19 2020, @04:08AM
This is a well-known problem in database theory called the aggregation problem, Dorothy Denning showed in 1981 that you can always de-anonymise data if you've got sufficient data points. So while you can come up with incredibly esoteric protocols that might provide some of the properties that you want, they tend to be very impractical or, if attempts are made to make them practical, eventually broken. In particular, this one, from looking at the writeup on it [github.com] seems to fall squarely into the "wildly impractical" category. This isn't an academic exercise in abstract mathematics, this is a real-world design that needs to be deployed across billions of users and devices quickly and efficiently and work reasonably well in the face of all sorts of adverse conditions. DPPwhatever is a design for a conference paper, not practical deployment.
(Score: -1, Offtopic) by Anonymous Coward on Saturday April 18 2020, @03:50AM (6 children)
People will beg for the 'mark', be it a tattoo and/or a chip. They've had it! They can't stand to remain confined to their homes any longer! They would probably do almost anything for the whole situation to just dry up and float away. We have the perfect storm here. The pieces are all coming together. Funny, I never expected that this would happen in my lifetime.
It would be fascinating to see what would happen if people suddenly lost electricity around the globe, suddenly their phones would be useless, for the most part. I wonder how long it would take until people started eating each other like wild animals and forming tribes.
If ID2020 comes to fruition, that's going be the biggest orgasm for Gates ever. Not only have they (MS) successfully pwned most computers, but this is pwner-ship of people and their lives. Maybe even their eternal soul.
I won't take any mark or vaccine. They can kill me if they want, I'll be at peace with God.
"And fear not them which kill the body, but are not able to kill the soul: but rather fear him which is able to destroy both soul and body in hell." - Matthew 10:28
(Score: 0) by Anonymous Coward on Saturday April 18 2020, @05:05AM (5 children)
Meditation can help us become closer to God. Have you practiced meditation before?
I'm reminded of Matthew 6:6:
Notice that you're breathing. Notice the thoughts coming and going like passing clouds. Don't worry about the thoughts, just notice them and let them be. Focus on your breathing. In and out, slow and steady, one breath after another.
(Score: 2) by Bot on Saturday April 18 2020, @06:51AM (4 children)
I am reminded of matthew 18
> For where two or three gather together as my followers, I am there among them.
and the Assembly, aka Church.
Both, plus the context of the matthew 6 cited by you, seem to point at a normal, not mystical nor meditative way of praying.
Meditation and mysticism are surely part of the life of many saints, but the main way to contact god does not go through a technique, which is quite rational if you consider the hypothetical receiver of the message is omnipotent and omnipresent.
Account abandoned.
(Score: 5, Touché) by Azuma Hazuki on Saturday April 18 2020, @12:12PM (1 child)
Why is it you believers are incapable of taking in *all* of your God's properties at once?
Here, we are speaking of a being that is not only omniscient and omnipresent, but omnipotent and *absolutely-sovereign.* That means praying for things to be other than they are is telling the omniscient, absolutely-sovereign God that his Divine Plan (TM) (he *has* a Divine Plan (TM), riiiiight, Mr. Definitely Not An Open Theist....?) sucks, that the petitioner knows better, and that the Divine Plan (TM) needs changed.
The passage in question in Mt. 6 is specifically aimed at the kind of virtue-signalling jerkoff who makes a big deal out of his or her faith and/or piety ("that they may be seen of other men"). And there are a lot of ways to be that kind of hypocrite. Such as, for example, plastering the GGP's spam (he's posted that exact same spiel before in another thread!) all over a public forum.
Verily I say unto ye, he hath his reward.
I am "that girl" your mother warned you about...
(Score: 2) by Bot on Sunday April 19 2020, @12:47AM
> Here, we are speaking of a being that is not only omniscient and omnipresent, but omnipotent and *absolutely-sovereign.*
Yes, it's right there in matt 6, everybody knows that.
Therefore do not be like them. For your Father knows the things you have need of before you ask Him. Matt 6:8
Same matthew 6 and other parts tell the guys to pray. So your simple theory that prayer violates omniscience/omnipotence/whatever is already taken into account in the scripture. Yes god knows, yes he is the omnipotent master (whoever starts praying, with "Lord", declares it), yet prayer is encouraged. As you don't pray for a God that doesn't need it, you pray for yourself. No matter what spiritual effects the spiritually-aware people attribute to prayer practices, in the field of "meaning of your own actions" prayer is the positioning of self wrt the god, the explicitation of some needs/thanks (explicitation implies analysis). Prayers imply memories of what was asked, which might pop in your mind later, when you see what the effects of a granted wish or a refused wish are. Prayers also may contain the bargaining and the blackmail attempts ("take me instead", "if you grant this to me..."), the empty promises, so what? You botch some recipe therefore you stop cooking?
>(he *has* a Divine Plan (TM), riiiiight, Mr. Definitely Not An Open Theist....?) sucks, that the petitioner knows better, and that the Divine Plan (TM) needs changed.
LOL this makes no sense whatsoever. I am talking to a transcendent guy, by definition outside time. Divine plan, open plan, freedom, future, past, all things that have a different meaning when you are unbound by time. Why is it you unbelievers are incapable of taking in *all* of our God's properties at once?
Account abandoned.
(Score: 0) by Anonymous Coward on Saturday April 18 2020, @03:57PM (1 child)
Meditation is absence of technique, my friend. Let go of all techniques. If you gather with your friends and start theorizing about the number of angels that can dance on the head of a pin, that's you, not God. The Message is for you, not God. It is God's Message!
The less of you there is, the more of God there is. Breathe and relax, be completely passive, and God will be there. As it is written, if you must blablabla to God, then say something like,
But don't turn it into a magical spell!
(Score: 2) by Bot on Sunday April 19 2020, @12:52AM
>The less of you there is, the more of God there is.
But this is a dimensionally wrong assertion, and nirvana is the dual opposite of the Christian paradise. Dissolution vs. resurrection of the body. Are you sure to be on the side you think you are on? But OK, if a path works for you to relate to the true God, let's cross our fingers, it's fine.
Account abandoned.
(Score: 1) by AlwaysNever on Saturday April 18 2020, @04:36AM (10 children)
I worry not about these developments in the perfection of the Policy State via smartphone. I own a Nokia 3310. Fuck you Big Brother!
(Score: 0) by Anonymous Coward on Saturday April 18 2020, @05:25AM (9 children)
Yeah, about that. I guess that is why one of the MSM sites in Germany seemed to have a random article a few days ago that Germans had problems getting rid of old phones.
They'll just turn off the frequencies the old phones use, or block them based on IMEI identifiers.
(Score: 2) by Rosco P. Coltrane on Saturday April 18 2020, @07:24AM (7 children)
That's fine and all, until the 1G / 2G networks are phased out and your 3310 is bricked.
Also, what about when contact tracing becomes mandatory? You know, think of the sick children...
Our "democracies" won't force you to have a cellphone with bluetooth on of course, but you won't be able to board a bus or enter a store if your cellphone doesn't have BT on - which, in the end is the same as forcing people to do something if they want to function in a friendly-looking, corpirate-driven form of dystopia. Same as with banks: good luck trying to live a normal life without a bank account.
The world was already going 1984 before the coronavirus, and now it's going there at an accelerated pace - and nobody seems bothered by that. It's truly frightening...
(Score: 2) by c0lo on Saturday April 18 2020, @07:45AM (1 child)
This is why WFH and online-shopping were invented, isn't it? Good to live in the 'burbs too, it means I need my own car anyway.
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by Pino P on Saturday April 18 2020, @08:00PM
First, you might not even be able to enter a post office to return online purchases without Bluetooth on. Second, if you use online shopping as a substitute for in-person shopping to the point where you return too many online purchases for "it didn't fit" or just "turns out I didn't like it," watch you get banned from the major online stores as a "demon customer." Third, things like haircuts aren't quite as conducive to online shopping.
Cell phone service is a recurring fee. Car insurance and fuel are also recurring fees, even if you happen to be fortunate enough to have been able to afford buying a car without a loan.
(Score: 0) by Anonymous Coward on Saturday April 18 2020, @09:10AM
Another non-smartphone user here: I use a 2G and a 3G stupidphone - one for work use and one for private use - but I generally don't carry either around with me all the time. I also have a bunch of spares (again 2G and 3G) that I got when looking for my current 2G one but did not like very much at the time but that I can fall back to if one of my main ones dies. So if/when 2G disappears, I will still have 3G as a fallback. And vice versa. Given where I live (3G is more likely to die here than 2G, but a 3G product that we make - yes, I *am* in the industry, which partly explains my attitude towards it - is today still being installed into tens of thousands expensive new devices per month that have an average lifetime of 10 to 15 years), that means I still have many years of no-smartphone ahead of me. When the fateful day will finally come, well I'll at least have been able to escape for all those years. And I may well be no longer around by then anyway.
(Score: 0) by Anonymous Coward on Saturday April 18 2020, @03:13PM
Whether nobody is bothered by it, I don't know. I wouldn't be surprised if 80% are, but the MSM will either not give them any time or call them wreckers. On the constitutional rights front, with few exceptions They managed to cancel Easter, the most important holiday for Christians, yet gun sales escaped their assault.
The ongoing protests in state capitals are a good sign. It will take discontent of the people and those suffering financially to force an end to the mass imprisonment of the healthy. Perhaps then civil rights organizations and the courts will also wake up again and block the dystopian urges.
(Score: 0) by Anonymous Coward on Saturday April 18 2020, @03:45PM (1 child)
BofA wanted to fingerprint me to cash a jury duty check for under $20. Told them to shove it.
(Score: 0) by Anonymous Coward on Saturday April 18 2020, @04:09PM
So who won that fight?
Banks aren't required to cash checks made on them anymore if the payee doesn't have an account with them, but if you were their customer and you didn't take your money and run, that wouldn't have been too smart.
(Score: 0) by Anonymous Coward on Saturday April 18 2020, @07:27PM
It's most interesting to me that this is happening at the same time that schools have started to push femininity, notions of "toxic masculinity", etc on kids. These ideologies tend to encourage young men, the same group that would generally be the first to start acting out against such steps towards dystopia, to behave meekly, impotently, and passively. I doubt there's any sort of conspiracy in play since this is far too elegant to have been organized, but rather we're just seeing the degradation of society in a series of unfortunate coincidences.
However, I also don't think we're entering into a dystopia. We're just seeing an end of an era. The Western bloc of nations entering into dystopia at the same time that China is already the world's largest economy with India following shortly behind - expected to overcome the US in less than 10 years. At least it was before corona. Now it could be even more quickly, depending on how this thing works out. Endless consumerism with exponential debt growth is not sustainable. Sometime, perhaps even right now, this entire bubble is going to burst. But unlike other bubbles, it's not just going to get inflated right back up. And at that point we will see the effective end of the dominant era of the Anglosphere and the rise of yet another East Asian era, this time also featuring South Asia!
(Score: 2) by Bot on Sunday April 19 2020, @12:55AM
> Germans had problems getting rid of old phones.
I'd posit the rest of the planet has the problem of getting rid of working phones.
Account abandoned.
(Score: 4, Informative) by darkfeline on Saturday April 18 2020, @10:28PM (2 children)
Privacy preserving contact tracing is already solved by Apple and Google. It's simple and ingenious, and it's a damn shame that so much effort was put into something that most people don't care about (privacy) and the people who do ostensibly care about privacy seem to be more concerned about FUD than researching the technical details of such an ingenious protocol.
Devices generate random keys every 15 minutes and exchange further unique keys (generated for each encounter) when they are in proximity with other devices. When someone tests positive, all of their keys in the past few weeks are uploaded to a central server, with no other information.
Devices periodically poll the central server for all of the contact keys that are from someone who tested positive, and can tell you whether or not you had contact. Note that since all of the contact keys are unique, even for the same short term 15 minute key, and the keys are smudge to one day accuracy, it's infeasible for even the client to figure out who tested positive unless you're tracking every single person you met every day, and have enough data to correlate.
https://www.apple.com/covid19/contacttracing [apple.com]
Join the SDF Public Access UNIX System today!
(Score: 2) by Bot on Sunday April 19 2020, @01:14AM
I see the need of a handshake as a problem, and I hope devices get in bulk the covid positives list to check, but indeed it looks good.
Account abandoned.
(Score: 1) by AlwaysNever on Sunday April 19 2020, @09:31AM
[quote]Devices generate random keys every 15 minutes and exchange further unique keys (generated for each encounter) when they are in proximity with other devices. When someone tests positive, all of their keys in the past few weeks are uploaded to a central server, with no other information.[/quote]
And the source code to audit that claim, is where to be found?