Will you download the contact tracing app?

spookwoman

FionnK86 wrote: »

Signed up this morning and shared with my family whatsapp. Brother shared it on his facebook after that.

Buddy of his said he wouldn't let HSE have his data, same genius who posted his new mobile number after losing his old one on the beer in town sunday.

Might want to tell him to get in touch with his doc, hospital etc cause if he's sought medical treatment they will have his details.

hmmm

KyussB wrote: »

So yea, while this is no doubt going to get a ton of immediate scrutiny, it's still early days and imo it doesn't look good. Not touching it with a barge pole.

There is already a disputed security disclosure about the framework - which doesn't seem to be settled yet:
https://nvd.nist.gov/vuln/detail/CVE-2020-13702

Way too early to consider this privacy safe.

These are very minor issues in the greater scheme of things. If you're worried that someone may be trying to track you through the method described in CVE-2020-13702 you should really get rid of your phone. The in-built location technology on the operating system will already reveal your location to anyone who is really interested in tracking you, and there is also cell triangulation of the phone itself even if you disable this. Let's not even start on the 5G death rays.

If you're an international drug smuggler, or a KGB spy, I probably wouldn't install this. If you're someone worried that the HSE might know you were meeting the lads down the pub on Friday, you're really not that important.

GarIT

KyussB wrote: »

The first two paragraphs are certainly true - you would have to be following someone, and that's the situation I'm considering here - potentially you could be reliably following them from a very far distance, which is still a big privacy concern in a lot of ways.

Rather than being a bug, though - it seems like a design fault, that I'm not sure how they would fix.

"Very far distance". Up to 800m with an antenna the size of your house, powered by a big generator, only if you are in an area with no trees, no buildings, no WiFi, no cordless phones, no headphones, no smart watches. And the app restricts the phones Bluetooth transmitter to a shorter range/low power reducing it even further. If you can achieve 10 meters in any location where you couldn't just follow someone with your eyes you'd be breaking world records.

ixoy

KyussB wrote: »

Well look at my other posts - I've researched the tech, and figured out a likely flaw that makes it trackable - and separately found an active/disputed CVE on the framework it uses - in pretty much no time...

Do you think that none of the many experienced, highly-qualified engineers working on these projects haven't seen and considered these?

KathleenGrant

I downloaded it. Sure I have absolutely no filter and tell even random strangers stuff about myself all the time.
I also am a very ordinary person living a mundane life, who has no money or assets and is not involved in shady dealings of any kind. Tracking me and my movements would cure insomnia.

GarIT

KyussB wrote: »

A wireless comm degree? Sure you do...random anaonymous internet person...I have a PhD in astrobiology-slash-wirelss-comm-rocket-surgery myself! /s

I didn't say I had a wireless comms degree. I said I studied wireless comms as part of my CS degree. In Maynooth, the place with the big wireless comms research centre.

Yes sure I posted about what I'm studying 5 years ago and included IT in my bloody username in preparation to argue with you on this day

Bridge93

Its such a shame that the tech scientists and programmers at Apple and Google were't aware of the obvious GDPR breaches and hacking capabilities of the app that are so severe they make the app unsafe and unusable from the start.

Or maybe they know better than a few anonymous Boards accounts, some of whom have a posting history of rejecting everything related to covid so far. All tech has work ons. But these are small considerations in the grand scheme of things. I feel confident that a bunch of lads in Russia arent following me sitting on my couch working and would rather do my bit to further help with the suppression of this virus

MrMusician18

KyussB wrote: »

So, I've read up on it a bit more and it appears to use the exposure API:
https://en.wikipedia.org/wiki/Exposure_Notification

This is brand new tech guys - and it's only had 2-3 months worth of public security scrutiny, which is a very very short time period. It's common in software, for stuff to be around for decades, and then suddenly critical security issues are found that people missed for that whole period of time...

So yea, while this is no doubt going to get a ton of immediate scrutiny, it's still early days and imo it doesn't look good. Not touching it with a barge pole.

There is already a disputed security disclosure about the framework - which doesn't seem to be settled yet:
https://nvd.nist.gov/vuln/detail/CVE-2020-13702

Way too early to consider this privacy safe.

What aspect of your privacy do you think this will impinge on?

Android and IOS are relatively new, do you shun both those as well?

KyussB

GarIT wrote: »

That is singal strength in a lab, with no other signals around, with a huge antenna and powerful transmitter. They have a whole building for it in MU. And tech might change, but I keep up to date and physics doesn't change often.

The contact tracing API that Apple and Google developed used by the app does not transmit on full power.

Anything that has been claimed to be done can be done much easier using WiFi, or Bluetooth without the app being involved. Your Bluetooth and WiFi send out unique identifiers that don't change and have a longer range.

The poster is talking about using equipment on the scale of a mobile phone mast which has much less function that just using a mobile phone mast.

GarIT wrote: »

"Very far distance". Up to 800m with an antenna the size of your house, powered by a big generator, only if you are in an area with no trees, no buildings, no WiFi, no cordless phones, no headphones, no smart watches. And the app restricts the phones Bluetooth transmitter to a shorter range/low power reducing it even further. If you can achieve 10 meters in any location where you couldn't just follow someone with your eyes you'd be breaking world records.

You're talking nonsense - here are some lads getting 700m open air with a drone and a basic antennae:
https://www.youtube.com/watch?v=w4PbxVwg83M

Nijmegen

I'm finding some social media posts about not installing the app very amusing, given what's involved in signing up to a social media platform and the tracking they do on you across devices.

The Nal

Nijmegen wrote: »

I'm finding some social media posts about not installing the app very amusing, given what's involved in signing up to a social media platform and the tracking they do on you across devices.

There are a lot of halfwits out there who don't seem to realise than most apps know your location and google know about every step you take.

KyussB

plodder wrote: »

No seriously, you can't assume a design fault when you identify a "flaw" that is easier to exploit some other way, especially when that other way is not easy at all, eg following someone around the place all day.

As regards the tech being new, what did you expect concerning a virus that hardly anyone knew about seven months ago?

Security vulnerabilities aren't classed relative to the existence of other security vulnerabilities. If you're already easily trackable due to other means, it doesn't make a new means of tracking any less of a vulnerability - that's not how it works.

Potentially being able to reliably follow someone at a large distance is a privacy/security issue.

ACitizenErased

Just passed the 300k mark on iOS, thats quite impressive

Interested Observer

KyussB wrote: »

It doesn't necessarily have to cost that much - and e.g. a private detective lets say, would probably fork out a lot of money for tech like that. Sure look at the expenses police forces and private security contractors fork out on similar stuff.

I'm not saying any of this is definite or practical yet - but I certainly have little in faith in what I've seen of if so far.

You were the poster the other week making up stuff about your employer spying on you when you WFH weren't you? Just be honest, no matter what this app is/does you'd be on here whinging about it, making up all sorts of crazy implausible scenarios and providing absolutely nothing in the way of evidence.

ACitizenErased

ACitizenErased wrote: »

Just passed the 300k mark on iOS, thats quite impressive

On a quick tot up on my abacus of people in the country over the age of 15 I make it over 13% have downloaded it.
Less than 24 hours in.

KyussB

ixoy wrote: »

Do you think that none of the many experienced, highly-qualified engineers working on these projects haven't seen and considered these?

Do you know a single bit of software without a security vulnerability?

owlbethere

I couldn't give a rats arse about data and privacy etc. OK, some degree I do but not in relation to the COVID app. I view it as an important tool in tackling the virus. There's no second chances with this virus. For me what scares me the most about the virus is the long tail illness and the potential for being incapacitated for a few months. So I'm for everything that will help in tackling the virus.

plodder

GarIT wrote: »

"Very far distance". Up to 800m with an antenna the size of your house, powered by a big generator, only if you are in an area with no trees, no buildings, no WiFi, no cordless phones, no headphones, no smart watches. And the app restricts the phones Bluetooth transmitter to a shorter range/low power reducing it even further. If you can achieve 10 meters in any location where you couldn't just follow someone with your eyes you'd be breaking world records.

You could probably use one of these maybe. Just switch a few of the wires around, it'll work for bluetooth then ... defo .. wouldn't look at all suspicious either ..

KyussB

Bridge93 wrote: »

Its such a shame that the tech scientists and programmers at Apple and Google were't aware of the obvious GDPR breaches and hacking capabilities of the app that are so severe they make the app unsafe and unusable from the start.

Or maybe they know better than a few anonymous Boards accounts, some of whom have a posting history of rejecting everything related to covid so far. All tech has work ons. But these are small considerations in the grand scheme of things. I feel confident that a bunch of lads in Russia arent following me sitting on my couch working and would rather do my bit to further help with the suppression of this virus

That's directly lying about past posting history - cite that.

El Weirdo

ACitizenErased wrote: »

Just passed the 300k mark on iOS, thats quite impressive

I think that's 300k for both platforms.

GarIT

KyussB wrote: »

You're talking nonsense - here are some lads getting 700m open air with a drone and a basic antennae:
https://www.youtube.com/watch?v=w4PbxVwg83M

Do you think there are trees or buildings between them and the sky, or a load of WiFi and bluetooth up in those mountains?

And as I said sure you might be able to track someone if you have an unobstructed view of them while out in the countryside, but your eyes can do that too.

spookwoman

The Nal wrote: »

There are a lot of halfwits out there who don't seem to realise than most apps know your location and google know about every step you take.

and triangulation using cell phone towers and the gps on phones using just a phone signal.

ixoy

KyussB wrote: »

Do you know a single bit of software without a security vulnerability?

Hi Elliot Alderson!
What's your point exactly - install no software because there's potentially a CVE in one of the libraries that might be exploitable under certain - often hard to do at any real practicable level - circumstances?
And sure the CVE mightn't have been discovered yet.. best to be sure and install nothing?

GarIT

Strawberry Milkshake wrote: »

On a quick tot up on my abacus of people in the country over the age of 15 I make it over 13% have downloaded it.
Less than 24 hours in.

25% is the estimated point where we can be confident it has saved lives, were getting there!

KyussB

Interested Observer wrote: »

You were the poster the other week making up stuff about your employer spying on you when you WFH weren't you? Just be honest, no matter what this app is/does you'd be on here whinging about it, making up all sorts of crazy implausible scenarios and providing absolutely nothing in the way of evidence.

I never said anything about my own employer. You mean the thread where e.g. a manger was directly asked to look at installing tracking software on WFH computers?...

Yea, I value privacy and civil liberties - not a crime, that... - whereas a lot of posters seem to have major problems with any suggestion of protecting privacy, or of criticizing things that can be used to breach privacy.

I've directly provided evidence of a disputed breach in security in the framework this app uses.

ACitizenErased

KyussB wrote: »

I never said anything about my own employer. You mean the thread where e.g. a manger was directly asked to look at installing tracking software on WFH computers?...

Yea, I value privacy and civil liberties - not a crime, that... - whereas a lot of posters seem to have major problems with any suggestion of protecting privacy, or of criticizing things that can be used to breach privacy.

I’m not really sure why you’re on about privacy when all the data is literally stored on your own device.

fly_agaric

KyussB wrote: »

Potentially being able to reliably follow someone at a large distance is a privacy/security issue....Do you know a single bit of software without a security vulnerability?

You are being an absolutist hammering away at this.
They've done as well IMO as they can to protect privacy.
If app works as advertised and is adopted widely, it may help maintain a more normal situation here while Covid-19 is still out there, so it is going to be worth it for most people (excl. general tinfoil hatters or privacy fundamentalists that will still post their tuppence on social media and are probably using FAANG apps/devices/services that suck up lots of their data somewhere in their lives).

harr

The Nal wrote: »

There are a lot of halfwits out there who don't seem to realise than most apps know your location and google know about every step you take.

I had a neighbour tell me this morning he isn’t going to download it and give all his info to HSE and google .. same man posts everthing he does on Facebook. I asked him to open his google maps timeline and his jaw nearly hit the floor. It told him every Journey he had taken in the last 6 months. Including the ones to the bookies and chipper his missus didn’t know about.

Bridge93

KyussB wrote: »

Security vulnerabilities aren't classed relative to the existence of other security vulnerabilities. If you're already easily trackable due to other means, it doesn't make a new means of tracking any less of a vulnerability - that's not how it works.

Potentially being able to reliably follow someone at a large distance is a privacy/security issue.

Whether its a privacy issue or not (I do think there is an element of risk as there always is with new tech), for somebody to say they wont download this app with the practical societal benefits it will hopefully bring due to the 'security' issues, yet have no issue with the internet, facebook, twitter, instagram or whatever which are more risky given the obvious displaying of personal info makes no sense to me.

If somebody is on none of these and shares no info anywhere fine. But those on my facebook opting out of this while posting pictures of their children and holidays are idiots

GarIT

ACitizenErased wrote: »

I’m not really sure why you’re on about privacy when all the data is literally stored on your own device.

He thinks if you follow someone around you might be able to find their location.

Personally I'd hope if you are following someone you would know their location already.