Will you download the contact tracing app?

KyussB

GarIT wrote: »

Do you think there are trees or buildings between them and the sky, or a load of WiFi and bluetooth up in those mountains?

And as I said sure you might be able to track someone if you have an unobstructed view of them while out in the countryside, but your eyes can do that too.

My posts already said it would be less practical in e.g. the middle of a city - you were treating such long distance tracking like an impossibility, and saying ridiculous shit like it would require a gigantic mast - and you are wrong, and I've provded direct evidence that you are wrong.

Now you start shifting goalposts...

Admit when you're wrong instead of wasting my time.

Higgins5473

GarIT wrote: »

Do you think there are trees or buildings between them and the sky, or a load of WiFi and bluetooth up in those mountains?

And as I said sure you might be able to track someone if you have an unobstructed view of them while out in the countryside, but your eyes can do that too.

What about the bit where you say “with an antenna the size of your house, powered by a big generator”

Just downloaded it.

KyussB

ixoy wrote: »

Hi Elliot Alderson!
What's your point exactly - install no software because there's potentially a CVE in one of the libraries that might be exploitable under certain - often hard to do at any real practicable level - circumstances?
And sure the CVE mightn't have been discovered yet.. best to be sure and install nothing?

The point is, you were citing 'highly experience engineers' as if they are infallible - yet the entire software industry is proof that no matter how good the engineers are, there are always security vulnerabilities - neatly dismissing your point.

SimonTemplar

I typically keep my location and bluetooth switched off to save battery especially location. My phone is 6 years old so battery life isn't great with those switch on. That makes using the app problematic although for the sake of public health and my own health, I could probably carry a power bank with me.

Reading how it works, it seems to notify the user if they have been in contact with a confirmed case for at least 15 minutes. I wonder if that is not strict enough. A person who later becomes a confirmed case could be standing close to me in a queue or on public transport for just a few minutes and I might pick it up if they cough without covering their face.

Pauliedragon

2smiggy wrote: »

same for me, on Huawei phone. Just google 'covid tracker ireland app download' and go to goosed.ie on the search results. there is a direct link to the app in there

Tried that goosed app still no good. Huawei phone here aswell. I wonder if it's anything to do with a lot of negative stuff from several parts of the world about Huawei lately.

The Nal

harr wrote: »

I had a neighbour tell me this morning he isn’t going to download it and give all his info to HSE and google .. same man posts everthing he does on Facebook. I asked him to open his google maps timeline and his jaw nearly hit the floor. It told him every Journey he had taken in the last 6 months. Including the ones to the bookies and chipper his missus didn’t know about.

haha! Nothing like a cheeky chippy!

Its astonishing to me that people don't know about this sort of stuff.

Are they all just thickos?

GarIT

Higgins5473 wrote: »

What about the bit where you say “with an antenna the size of your house, powered by a big generator”

I am surprised they managed 600m with such a small antenna.

As signal range increases logorathmically, they would need a significantly bigger and higher powered antenna to reach the claimed 800m or 1km.

GarIT

Pauliedragon wrote: »

Tried that goosed app still no good. Huawei phone here aswell. I wonder if it's anything to do with a lot of negative stuff from several parts of the world about Huawei lately.

The Google play services app needs to be up to date too.

plodder

KyussB wrote: »

Security vulnerabilities aren't classed relative to the existence of other security vulnerabilities.

Yes you do compare alleged vulnerabilities against capabilities that people already have.

It's a way of comparing the severity or impact. Eg most people accept the risk that someone could be secretly following them around all day, tracking their every movement.

In this case, most people already know that Bluetooth broadcasts your phone id for other people to pick up. This system is more secure and privacy conscious than that. Therefore, it makes no sense to object to this system if you already use bluetooth on your phone.

GarIT

plodder wrote: »

Yes you do compare alleged vulnerabilities against capabilities that people already have.

It's a way of comparing the severity or impact. Eg most people accept the risk that someone could be secretly following them around all day, tracking their every movement.

In this case, most people already know that Bluetooth broadcasts your phone id for other people to pick up. This system is more secure and privacy conscious than that. Therefore, it makes no sense to object to this system if you already use bluetooth on your phone.

And/or WiFi.

KyussB

ACitizenErased wrote: »

I’m not really sure why you’re on about privacy when all the data is literally stored on your own device.

Read what I've posted. The unique id the app transmits, has a very high likelihood of being vulnerable to physical remote tracking, despite it changing every 10-20 minutes - and there are other disputed vulnerabilities for achieving the same effect through other more persistent means - and in the right circumstances it may be possible to do this from a large distance, without necessarily requiring excessive expense.

I'm not claiming it's the worst tracking a phone does or can do - but it's more than a bit tiresome that people rush to dismiss something that is still a major potential privacy issue in its own right.

GarIT

SimonTemplar wrote: »

I typically keep my location and bluetooth switched off to save battery especially location. My phone is 6 years old so battery life isn't great with those switch on. That makes using the app problematic although for the sake of public health and my own health, I could probably carry a power bank with me.

Reading how it works, it seems to notify the user if they have been in contact with a confirmed case for at least 15 minutes. I wonder if that is not strict enough. A person who later becomes a confirmed case could be standing close to me in a queue or on public transport for just a few minutes and I might pick it up if they cough without covering their face.

It doesn't use location.

I agree on the second point.

MrMusician18

KyussB wrote: »

I never said anything about my own employer. You mean the thread where e.g. a manger was directly asked to look at installing tracking software on WFH computers?...

Yea, I value privacy and civil liberties - not a crime, that... - whereas a lot of posters seem to have major problems with any suggestion of protecting privacy, or of criticizing things that can be used to breach privacy.

I've directly provided evidence of a disputed breach in security in the framework this app uses.

The issue here is that you say this is a threat to privacy, which quite frankly, is entirely spurious.

To be honest, civil liberties advocates have long held this country back, and now they are undermining public health. There was a clown from ICCL on radio 1 this morning saying other countries have moved away from apps because they are not effective, neglecting to mention why they are not effective - it needs high rates of adoption for it to work. So he was saying you shouldn't download this because it doesn't work because no one will download it.

ixoy

KyussB wrote: »

The point is, you were citing 'highly experience engineers' as if they are infallible - yet the entire software industry is proof that no matter how good the engineers are, there are always security vulnerabilities - neatly dismissing your point.

Not neatly dismissing my point - do you refuse to use any app then for fear of a exploit? Do you refuse to use GPS or Bluetooth always? Do you scan every line of open source code to check for the risk? Do you carry a portable Faraday cage?

circadian

KyussB wrote: »

Well look at my other posts - I've researched the tech, and figured out a likely flaw that makes it trackable - and separately found an active/disputed CVE on the framework it uses - in pretty much no time...

There are many who have use for such potential flaws where expense doesn't matter - and we haven't established that it would be burdensome/expensive either - if these vulnerabilities are real, it doesn't seem like the basic hardware should cost that much to me...

I've got a job, thanks. Anyone who wants an easy bug bounty can do the POC - I've seen enough to steer clear.

Unless by researched you mean "I've had a quick google around and I'm now using some snippets of information to reinforce my point and double down without doing any actual research/testing or proof work"

Van.Bosch

KyussB wrote: »

Read what I've posted. The unique id the app transmits, has a very high likelihood of being vulnerable to physical remote tracking, despite it changing every 10-20 minutes - and there are other disputed vulnerabilities for achieving the same effect through other more persistent means - and in the right circumstances it may be possible to do this from a large distance, without necessarily requiring excessive expense.

I'm not claiming it's the worst tracking a phone does or can do - but it's more than a bit tiresome that people rush to dismiss something that is still a major potential privacy issue in its own right.

Even if it does that - it has the potential to detect close contacts and thus positive Covid cases earlier. That can prevent further spread and save lives - why not do it?

KyussB

Bridge93 wrote: »

Whether its a privacy issue or not (I do think there is an element of risk as there always is with new tech), for somebody to say they wont download this app with the practical societal benefits it will hopefully bring due to the 'security' issues, yet have no issue with the internet, facebook, twitter, instagram or whatever which are more risky given the obvious displaying of personal info makes no sense to me.

If somebody is on none of these and shares no info anywhere fine. But those on my facebook opting out of this while posting pictures of their children and holidays are idiots

Who said I don't have issues with any of those companies?

It's the tired argument that, because you can't practically avoid privacy invasions, you should accept and not criticize NEW privacy invasions.

A similar variant is that because you can't avoid exploitation in e.g. the supply chain of products you buy or companies you do business with, you should not criticize abuses or exploitation and should just accept it.

It only comes from people devoid of the most basic critical thinking.

ACitizenErased

Wait until he hears that using Boards can give up your IP address....

MrMusician18

KyussB wrote: »

Who said I don't have issues with any of those companies?

It's the tired argument that, because you can't practically avoid privacy invasions, you should accept and not criticize NEW privacy invasions.

A similar variant is that because you can't avoid exploitation in e.g. the supply chain of products you buy or companies you do business with, you should not criticize abuses or exploitation and should just accept it.

It only comes from people devoid of the most basic critical thinking.

So you're happy to allow private companies the keys to your privacy so they can sell you stuff, yet are unhappy to let the Irish government use minimal information your location for the purposes of protecting public health?

2smiggy

Pauliedragon wrote: »

Tried that goosed app still no good. Huawei phone here aswell. I wonder if it's anything to do with a lot of negative stuff from several parts of the world about Huawei lately.

not through the goosed app, just try searching for it in chrome browser on your phone and click on the link from there. Not sure why it would not appear for me in the play store. Strange really

ExMachina1000

Downloaded it just for a look. Dont like it at all. Deleted straight away

KyussB

plodder wrote: »

Yes you do compare alleged vulnerabilities against capabilities that people already have.

It's a way of comparing the severity or impact. Eg most people accept the risk that someone could be secretly following them around all day, tracking their every movement.

In this case, most people already know that Bluetooth broadcasts your phone id for other people to pick up. This system is more secure and privacy conscious than that. Therefore, it makes no sense to object to this system if you already use bluetooth on your phone.

In software, that is not how vulnerabilities are rated. I don't use bluetooth, where I can help it.

El Weirdo

MrMusician18 wrote: »

So you're happy to allow private companies the keys to your privacy so they can sell you stuff, yet are unhappy to let the Irish government use minimal information your location for the purposes of protecting public health?

You're not even letting "the government" know your location. If you have been in close contact with someone who later tests positive, then you can choose whether to let the HSE have the minimal information stored on your phone.

Van.Bosch

ExMachina1000 wrote: »

Downloaded it just for a look. Dont like it at all. Deleted straight away

So if you get Covid and pass it on to someone close who gets it bad. Will you be happy you passed up a chance to have had it flagged earlier so you could have stayed away?

MrMusician18

KyussB wrote: »

In software, that is not how vulnerabilities are rated. I don't use bluetooth, where I can help it.

How do you actually know the Bluetooth radio is actually turned off?

Are you trusting Google, apple to report the state of the radio correctly? What makes them so much more trustworthy?

GarIT

ExMachina1000 wrote: »

Downloaded it just for a look. Dont like it at all. Deleted straight away

You're not required to like it. It's not a game or anything that's supposed to be fun.

Smegging hell

Pauliedragon wrote: »

Tried that goosed app still no good. Huawei phone here aswell. I wonder if it's anything to do with a lot of negative stuff from several parts of the world about Huawei lately.

Same, not working for me either on Huawei.

circadian

ExMachina1000 wrote: »

Downloaded it just for a look. Dont like it at all. Deleted straight away

What didn't you like about it? Care to provide a review of your experience?

KyussB

MrMusician18 wrote: »

The issue here is that you say this is a threat to privacy, which quite frankly, is entirely spurious.

To be honest, civil liberties advocates have long held this country back, and now they are undermining public health. There was a clown from ICCL on radio 1 this morning saying other countries have moved away from apps because they are not effective, neglecting to mention why they are not effective - it needs high rates of adoption for it to work. So he was saying you shouldn't download this because it doesn't work because no one will download it.

It's not spurious at all, I have even been able to link to a disclosure of exactly the kind of security vulnerability I've been taking issue with (separate to the one I've sussed) - which, while disputed, is similar and would be worse and is classed at the maximum severity rating.

The existence of other prevalent tracking means, doesn't make a new one any less severe...


I, more than any other poster on the forum, was pointing out the insanity of the governments approach to the coronavirus - and that we should have shut down the airports far sooner - and that we should have locked down far sooner.

So spare me the 'public health' shite - this app only helps when the cats already been let out of the bag due to negligent policymaking - and the government have specifically cited civil liberties as the reason for such negligence.