Will you download the contact tracing app?

gabeeg

plodder wrote: »

It's not an exact science because Bluetooth wasn't designed to measure distance, but walls will cause the signal to be attenuated, as if you were a longer distance away and that is what you want.

I know they are constantly updating the data they have about individual phones as they do vary. I think it's likely that some false positives will occur.

I think it would be better to at least install the app and not provide your phone number if you are concerned about this. If you get an exposure notification you can decide what to do about it then, without any danger of people knocking on your door.

Good shout. Thanks

plodder

KyussB wrote: »

That certainly makes it harder alright. It's still usable to track, and there is potential to be able to time the switches (even though a 10 min random variance is a lot), but if there aren't too many other devices around, it should be quite trackable.

"Quite trackable".

Sure, you could walk around the place with your headphones and detector equipment and follow people around recording their random ids as they change every 15 minutes. But, I think you would attract attention ... to say the least

which is to say it is completely impractical and not really trackable at all.

harr wrote:

I was just thinking that this morning, what’s stopping a group of teenagers downloading it messing about with it , if even a group of ten people were acting the bollox with it in a small town it would leave a lot of the population of that town thinking they were exposed.

You need to enter a special code before you can notify that you were exposed and you only get this from a GP or someone else in the HSE.

Higgins5473

GarIT wrote: »

They were lying about tech and making up some mad cap theories. I studied wireless communications as part of my degree.

Which bit was the lie and which bit was the mad cao theory and what knowledge do you have that says otherwise? What you did in a degree in wireless coms, even if you finished last month has probably changed since.

“ The latest Bluetooth version, Bluetooth 5 allows low-energy transmissions offering data range for more range. The theoretically proven range for Bluetooth 5 for a maximum of around 800 feet which is up to four times the range of Bluetooth 4.2 LE.”

That’s not far off what he said in his first paragraph

micks_address

harr wrote: »

I was just thinking that this morning, what’s stopping a group of teenagers downloading it messing about with it , if even a group of ten people were acting the bollox with it in a small town it would leave a lot of the population of that town thinking they were exposed.

You need a code from HSE to enter in app if you test positive... Kids wouldn't have code's...so the app shouldn't have false positives

NegativeCreep

ACitizenErased wrote: »

No, the app comes into use when you’re contacted by the contact tracing team

I’m being very dumb today. Maybe I need more coffee. But how does it know if I’ve come into contact with someone with COVID then? Are they relying on the self reported symptoms you can put in once a day?

KyussB

listermint wrote: »

In fairness youve no interest in whats technically possible. Lets discuss was remotely possible, with the equipment, skills, need, why bother... all of the above.

The latter is a discussion of what's technically possible...

listermint

ELM327 wrote: »

Both are equally true.
:rolleyes::rolleyes:

You go nowhere but are afraid of the government tracing your movements.


Both are equally true. .. ? right.

NegativeCreep

NegativeCreep wrote: »

I’m being very dumb today. Maybe I need more coffee. But how does it know if I’ve come into contact with someone with COVID then? Are they relying on the self reported symptoms you can put in once a day?

Never mind. I see you get a unique code from the HSE and that allows you to share your close contacts found by the phone

listermint

KyussB wrote: »

The latter is a discussion of what's technically possible...

Can you infer multiple reasons for lets face it, going to substantial investment in time and money to achieve whats technically possible.

Stark

NegativeCreep wrote: »

I’m being very dumb today. Maybe I need more coffee. But how does it know if I’ve come into contact with someone with COVID then? Are they relying on the self reported symptoms you can put in once a day?

The HSE will give the person who tested positive for Covid a code to enter into their app. That will allow the app to upload the IDs it generated over the past 14 days. Other apps (including yours) can then download those IDs from the server and check them against IDs it's recorded as seen. If there's a match, it will notify you.

ACitizenErased

NegativeCreep wrote: »

I’m being very dumb today. Maybe I need more coffee. But how does it know if I’ve come into contact with someone with COVID then? Are they relying on the self reported symptoms you can put in once a day?

No. You test positive. The contact tracing team contact you as always. Do you have the app? Yes. They give you the access code which you enter on the contact tracing tab on the app. The app stores all people you’ve been in contact with for more than 15 mins within 2 metres for the last two weeks. Data is uploaded and people are anonymously notified.

ELM327

listermint wrote: »

Probably should have just put that in your

" I WONT BE DOWNLOADING THE APP"

opening post, but sure that wouldnt get responses i suppose.


Although in your condition surely interesting to get easy access to all the stats. I would have thought... but sure look.

Don't see why my post has been altered and capitalized by you.
I suppose, sensationalism doesnt work well when you accurately attribute quotes

KyussB

plodder wrote: »

"Quite trackable".

Sure, you could walk around the place with your headphones and detector equipment and follow people around recording their random ids as they change every 15 minutes. But, I think you would attract attention ... to say the least

which is to say it is completely impractical and not really trackable at all.

Well, it seems like the switchvoer is vulnerable to a timing attack. Not everyones id will switch at the same time, so there is a window (I don't know how short) to detect switchovers for a specific person.

If there's a technical means of doing this that gets verified, it won't be long before a practical/discreet solution is developed for doing this.

plodder

NegativeCreep wrote: »

I’m being very dumb today. Maybe I need more coffee. But how does it know if I’ve come into contact with someone with COVID then? Are they relying on the self reported symptoms you can put in once a day?

No. Everyone's phone creates these random ids every 10-20 minutes and is listening out for other people's ids. If you are in contact with someone for more then 15 minutes, your phone records their id (at that time) on your phone for 14 days.

If someone reports that they have the virus, they are allowed to upload all of the ids that they came in contact with for the last 14 days. Everyone's phone checks the list of uploaded ids every day to see if it matches one that you have stored. If there is a match that means you will get an exposure notification. But it doesn't tell you anything else about, who, where or when it happened.

KyussB

GarIT wrote: »

They were lying about tech and making up some mad cap theories. I studied wireless communications as part of my degree.

Missed this post: What, precisely, did I say that was a lie?

A wireless comm degree? Sure you do...random anaonymous internet person...I have a PhD in astrobiology-slash-wirelss-comm-rocket-surgery myself! /s

techdiver

Riflecreek wrote: »

Downloaded it this morning. Have to laugh at the self absorbed clowns worried about their "privacy". Muppets.

The same people who will post the conspiracies about the dangers of this app on, wait for it..... Facebook!

plodder

KyussB wrote: »

Well, it seems like the switchvoer is vulnerable to a timing attack. Not everyones id will switch at the same time, so there is a window (I don't know how short) to detect switchovers for a specific person.

You may be able to detect a switch-over for a person, but so what? They had one random id before and now they have a different one. What does it get you? Nothing.

You would literally have to follow the person around to track them every time it changes .... but you would be following them around, which doesn't require bluetooth.

If there are flaws in this system it will be due to bugs in software, but bugs can be fixed quickly.

Pistachio19

Oh well, after posting last night that my device doesn't support it, and getting advice to update phone, which I did, I tried it this morning again and still no joy. Finally discovered while listening to Today FM earlier that my ancient iphone5 is too old for the app :-(

Arrival

Downloaded it, seems fairly decent and straightforward

KyussB

listermint wrote: »

Can you infer multiple reasons for lets face it, going to substantial investment in time and money to achieve whats technically possible.

It doesn't necessarily have to cost that much - and e.g. a private detective lets say, would probably fork out a lot of money for tech like that. Sure look at the expenses police forces and private security contractors fork out on similar stuff.

I'm not saying any of this is definite or practical yet - but I certainly have little in faith in what I've seen of if so far.

FionnK86

Signed up this morning and shared with my family whatsapp. Brother shared it on his facebook after that.

Buddy of his said he wouldn't let HSE have his data, same genius who posted his new mobile number after losing his old one on the beer in town sunday.

KyussB

plodder wrote: »

You may be able to detect a switch-over for a person, but so what? They had one random id before and now they have a different one. What does it get you? Nothing.

You would literally have to follow the person around to track them every time it changes .... but you would be following them around, which doesn't require bluetooth.

If there are flaws in this system it will be due to bugs in software, but bugs can be fixed quickly.

The first two paragraphs are certainly true - you would have to be following someone, and that's the situation I'm considering here - potentially you could be reliably following them from a very far distance, which is still a big privacy concern in a lot of ways.

Rather than being a bug, though - it seems like a design fault, that I'm not sure how they would fix.

So, which one of us with get a notification first?

My monies on Beasty. I hear they get around a bit.

KyussB

So, I've read up on it a bit more and it appears to use the exposure API:
https://en.wikipedia.org/wiki/Exposure_Notification

This is brand new tech guys - and it's only had 2-3 months worth of public security scrutiny, which is a very very short time period. It's common in software, for stuff to be around for decades, and then suddenly critical security issues are found that people missed for that whole period of time...

So yea, while this is no doubt going to get a ton of immediate scrutiny, it's still early days and imo it doesn't look good. Not touching it with a barge pole.

There is already a disputed security disclosure about the framework - which doesn't seem to be settled yet:
https://nvd.nist.gov/vuln/detail/CVE-2020-13702

Way too early to consider this privacy safe.

circadian

ELM327 wrote: »

I will not be downloading this.

Excellent contribution. Well done you.

KyussB wrote: »

Ya privacy is so passé these days.

So judging by how this works, if any private person can identify your unique id, they can track where you are in person by pinging your phone - possibly requiring a bit of extra tech to do this, for range and directionality, but nothing as complicated as e.g. the stingray networks for mobile phones.

So it seems rather like it's only a matter of time before someone writes an app for that, in short order.

So much conjecture, so little fact. If you knew anything about this then you'd know two things.


1. Doing anything like you suggested would be expensive both financially and time wise.


2. On the point of cost, the cost to benefit ratio of the anonymised data available from somehow successfully doing what you suggested is absolutely not worth the investment.


If you really want to gather information on people just set up an open WiFi hotspot and start packet capturing everything that comes in from people who leave their settings to "connect to all open networks" or whatever.

Gael23 wrote: »

No, huge invasion of privacy and amazes me how it can possibly be GDPR compliant

Oh, hi there Gael23. Remember I asked a few days ago if you had a technical opinion on how it was a huge invasion of privacy? Just to jog your memory here is the post in question;

circadian wrote: »

Feel free to give us your technical explanation of this. Source code is freely available on Github if you so wish to take a look.

KyussB wrote: »

That certainly makes it harder alright. It's still usable to track, and there is potential to be able to time the switches (even though a 10 min random variance is a lot), but if there aren't too many other devices around, it should be quite trackable.

Feel free to demonstrate a proof of concept of this, considering you're so certain that this is an easy possibility.

ELM327 wrote: »

So the government will know everywhere i've been? And with who?


This is brought in under the guise of health but in a few years will be standard and used against you.

The app doesn't use location services, so no the government won't know everywhere you've been. If you have the app installed and are confirmed to be a case then you can still opt-out of using the tracing code the HSE provide you with to start the tracing. Even then, when you are alerted through the app that you were in contact with a case, there is absolutely no personally identifying information until you contact the HSE.

Higgins5473 wrote: »

Coming from someone who doesn’t particularly care about my personal data and has no notions about what the government are going to do with it, this ‘tinfoil hat’ response stuff is getting ridiculously tiresome, particularly when the post you were replying just seemed to detailing tech and not some mad cap theories.

The comments in question show a complete misunderstanding of the technology.

KyussB wrote: »

The latter is a discussion of what's technically possible...

Again, please feel free to go into detail about how this is possible. I'm sure the developers would be delighted to be informed of any security vulnerabilities on their product.


Nothing is 100% secure, this is a fact. However, what you're suggesting isn't worth it. Also, what personal data does this app store that is of concern?

Keyzer

irishguy1983 wrote: »

Have not looked into this too much but does the privacy argument really hold up? Like are FB, google, not tracking my every movement anyway? Does it make a difference?

That was my point...

GarIT

Higgins5473 wrote: »

Which bit was the lie and which bit was the mad cao theory and what knowledge do you have that says otherwise? What you did in a degree in wireless coms, even if you finished last month has probably changed since.

“ The latest Bluetooth version, Bluetooth 5 allows low-energy transmissions offering data range for more range. The theoretically proven range for Bluetooth 5 for a maximum of around 800 feet which is up to four times the range of Bluetooth 4.2 LE.”

That’s not far off what he said in his first paragraph

That is singal strength in a lab, with no other signals around, with a huge antenna and powerful transmitter. They have a whole building for it in MU. And tech might change, but I keep up to date and physics doesn't change often.

The contact tracing API that Apple and Google developed used by the app does not transmit on full power.

Anything that has been claimed to be done can be done much easier using WiFi, or Bluetooth without the app being involved. Your Bluetooth and WiFi send out unique identifiers that don't change and have a longer range.

The poster is talking about using equipment on the scale of a mobile phone mast which has much less function that just using a mobile phone mast.

plodder

KyussB wrote: »

The first two paragraphs are certainly true - you would have to be following someone, and that's the situation I'm considering here - potentially you could be reliably following them from a very far distance, which is still a big privacy concern in a lot of ways.

Rather than being a bug, though - it seems like a design fault, that I'm not sure how they would fix.

No seriously, you can't assume a design fault when you identify a "flaw" that is easier to exploit some other way, especially when that other way is not easy at all, eg following someone around the place all day.

As regards the tech being new, what did you expect concerning a virus that hardly anyone knew about seven months ago?

KyussB

circadian wrote: »

So much conjecture, so little fact. If you knew anything about this then you'd know two things.


1. Doing anything like you suggested would be expensive both financially and time wise.


2. On the point of cost, the cost to benefit ratio of the anonymised data available from somehow successfully doing what you suggested is absolutely not worth the investment.


If you really want to gather information on people just set up an open WiFi hotspot and start packet capturing everything that comes in from people who leave their settings to "connect to all open networks" or whatever.
...
Feel free to demonstrate a proof of concept of this, considering you're so certain that this is an easy possibility.
...
Again, please feel free to go into detail about how this is possible. I'm sure the developers would be delighted to be informed of any security vulnerabilities on their product.


Nothing is 100% secure, this is a fact. However, what you're suggesting isn't worth it. Also, what personal data does this app store that is of concern?

Well look at my other posts - I've researched the tech, and figured out a likely flaw that makes it trackable - and separately found an active/disputed CVE on the framework it uses - in pretty much no time...

There are many who have use for such potential flaws where expense doesn't matter - and we haven't established that it would be burdensome/expensive either - if these vulnerabilities are real, it doesn't seem like the basic hardware should cost that much to me...

I've got a job, thanks. Anyone who wants an easy bug bounty can do the POC - I've seen enough to steer clear.

KathleenGrant

Get Real wrote: »

Another misunderstanding of GDPR.

Also, from boards alone, you're voluntarily giving information on 2 medical conditions, that you did your LC in 2010. You have a Sivek investment fund. You did ordinary Level Maths. You were due to go on holiday last month and you're a Vodafone customer.

Is that you Sherlock Holmes?