It is obvious that we need better legislation to deal with all the new possibilities that technologies have opened.
The installation of this app, even done with good intent, open a lot of questions on what should be possible or not to be done by government and corporations.
When you get a device with pre-installed, uninstallable, or auto-installed apps. What are the rules?
> "By enabling this service, you can be quickly notified if you’ve likely been exposed to the virus by another MassNotify user, allowing you to reduce risk to your loved ones, seek medical attention, and slow the spread in your community."
In this case it seems that the same goal could have been better achieved by SMS that do not depend on the brand of your phone. The dependency on proprietary app stores and OSs seems a risk for the continuation of a free and reliable communications.
The only thing that is impossible to achieve without an app is to allow the user to select contacts to whom send a notification. Corporations like Google, and Apple know the list of all your contacts. So, it seems that the intention of the app is to reduce friction and send notifications as easy and effortlessly as possible to avoid that procrastination causes people to delay the warning.
But, instead of the silent install the government could have spend money in advertisement campaigns to assure a correct amount of installations. It costs money, but, people pay taxes so the government can engage on this type of initiative at a scale. This could have been a very good alternative, even if it means increasing the budged. Medical emergencies are worth the investing.
> In this case it seems that the same goal could have been better achieved by SMS that do not depend on the brand of your phone. The dependency on proprietary app stores and OSs seems a risk for the continuation of a free and reliable communications.
While installing an app without users consent can be as questionable as you want, the point about these apps are not the notifications itself but about the contact tracing which is achieved through the bluetooth functionality.
also, sending sms messages has other privacy concerns that the tracing apps have tried to avoid from the very beginning. having a person phone number can lead to eventually identify that person while that internal trace id it might use, won't.
This sounds worse to me? Rather than violation of a relatively small privacy (phone number), you instead get timestamp social graph interactions in the physical world. This seems like fat more extreme an invasion than the former.
The whole protocol was designed very cleverly from the start to avoid all the privacy blocks that might inhibit people from using it [1], because the main drawback in this is that it's completely useless unless you have a critical mass of users that actually use it.
It is very difficult to explain to people that are not curious about the technology and all they hear is 'tracing = tracking = no privacy'.
I imagine this is why this app has been silently pushed, but in my mind just having it available and active on phones does not help you that much if the same users are also not aware and actively reporting their infections. So you will have a very small group that consciously install it and when they get infected they report; a lot larger group will get a notification that they have been close to an infected individual. I suppose they hope that by showing those notifications then people that subsequently get tested positive will be curious enough to find out how they should report in, etc. It's risky especially seeing this backlash about silent installations...
>It is very difficult to explain to people that are not curious about the technology and all they hear is 'tracing = tracking = no privacy'.
But this is literally true. This is an app pushed to people remotely without their consent or even knowledge. People cannot trust the claim that there is no privacy gotcha involved in this, especially when previous attempts seem to have opened the log of this information to all installed apps:
Is there something special about it being an app? Because the contact tracing framework that the app uses was already pushed to people remotely without their consent or knowledge - as well as the contents of every update ever to Google Services Framework. And in the big scheme of shady shit that Android does without the user's consent or knowledge, that's a pretty benign, privacy-respecting one.
Read up on how the contact tracing apps work. They do not upload your data to the cloud. Phones broadcast a rolling random identifier, other phones collect received identifiers, and only on confirmed infection does the person's phone upload its last two weeks of broadcast IDs to the cloud, where other phones can grab them and cross-check.
Having someone's phone number allows you (via the phone company) to trace their location at any time, forever. That is much worse.
Edit: Surely we can come up with a more approachable explanation for less technical folks, though? Here's an attempt:
"Contact tracing respects your privacy and does not send your location to the cloud.
Instead, your phone makes up a new random name every 15 minutes and broadcasts it to nearby phones. It remembers the last two weeks of names it used, as well as the last two weeks of names it heard from other phones.
When someone catches COVID-19, they register it in the app. Their phone then uploads the last two weeks' worth of names it used to the cloud, where other phones can download the data. The names aren't connected to their identity, all they represent is someone who caught COVID-19.
If your phone finds a match between a name it has recently heard and the online database, it sends you a notification. After 2 weeks the data is erased, so you are only notified if you were near an infected person in the past 2 weeks.
Since the random names change every 15 minutes, nobody can track you or know that you are the same person as last time they saw your phone. The data is only stored locally, so after it is deleted two weeks later, there is no way to go back and recover it."
How's that?
(Edited because without the intro sentence it sounded like I was trying to imply the parent didn't get it; that wasn't my intent.
Still too complicated. I saw a comic version once, working through an actual example with some example IDs and it used phrases like "sends to the hospital" or "asks the hospital" etc. instead of downloading from the cloud.
Very non-technical people are not familiar with the basic concepts involved.
"Makes up a new random name and broadcasts it to nearby phones" is something they'd struggle with if they never heard or thought about random number generators, don't understand Bluetooth etc.
Also don't underestimate learned helplessness. Many will stop reading if it looks technical because they "can't understand that sort of thing. " Many such people never ever read such lengthy step by step technical documentation. It seems to them as a quantum physics experimental setup description sounds to the average programmer.
Learned helplessness is so real. My partner works at a help desk, and I constantly hear stories of older folks just mentally shutting down as soon as she has them open the start menu or a settings menu.
I even see it in myself, a super curious neophile software/hardware hacker. Sometimes I'll come across some particularly arcane API docs and it's like my brain just goes "tl;dr" to the whole thing and tries to immediately find a way to avoid interfacing with it.
That mental switch of "ah this is overwhelming, eyes glaze over" is all too easy to trip, even if you push through it and it really is not that bad after the fact.
It's also an ego-threatening thing. Often the older folks or otherwise nontechnical people are socially higher status and being lectured about something that they may not understand sounds dangerous to them or they take it as being challenged by them, especially if the person explaining it is lower social status, younger, "just a kid" etc.
It's easier for them to just refuse to participate and dismiss the topic as irrelevant, than to take up the game and then perhaps be seen as "dumb".
And this state of affairs is actually quite unnatural. The natural course of things over the millennia was that older people are more experienced and can give direction and advice to the young ones. Sure, this is still true in some "soft" topics, but the generational gap in understanding how the modern world works has never been so large.
When someone has lived 70+ years and done fine for most of those years. What is the use for them to learn what an "icon" on the "desktop" is, and why should they care about "browsers"?
This very much feels like justification for victim blaming.
Because the world changes. You don't change, you get left behind, sometimes in very important ways. (For example, my wife's licensing board now sends the renewal stuff only by e-mail, not snail mail. There are a few old-school people who have to get someone else to get the form for them.)
I prefer token over name, otherwise I think it's decent.
Here's my crack at it for fun:
Exposure Notification apps are a privacy preserving technology to help prevent the spread of COVID-19.
They don't collect or log any location data which is what makes them private.
Instead, a phone equipped with the app will continuously log and broadcast random tokens that change every 15 minutes.
Nearby phones with the app will take note of the token and the signal strength, while broadcasting a token of their own.
Each day the app downloads a public list of tokens that have been shared by people who have tested positive for COVID-19.
If your phone has been around a number of these tokens, it will notify you to get tested and self-isolate.
If you test positive for COVID-19 yourself, your doctor will give you a key to enter into the app. Entering the key will upload your tokens to the public list.
While exposure notification apps do preserve privacy, they are limited in effectiveness without widespread adoption. Additionally they are not a suitable replacement for traditional contact tracing.
Ahh apologies. It's not the wording of your paragraph, I understood both very well, they are well written.
It's a more fundamental understanding of stuff that's hard by those who are most at risk. The old, the vulnerable etc.
It's the old digital divide idea. My neighbor doesn't have any internet connected devices, for example. But she would benefit much more from the app than 40 of her mask wearing, young, self isolating, working from home fellow city inhabitants.
I didn't want to imply you didn't understand it; I was trying to come up with a more accessible explanation that might help others do so and help drive adoption.
You're right that it's not easy to explain, but surely we can come up with something that gets the idea across? :)
Well what do we expect? We've been shoving privacy down peoples throats for years.
You can't now expect them to be rational and trust us with: "don't worry we know privacy is bad, but THIS privacy breach is okay. Again trust us this is because of covid, we're the good guys."
> only on confirmed infection does the person's phone upload its last two weeks of broadcast IDs to the cloud
Alternatively phrased: “only upon government request does the person’s phone upload…” with the implied promise that such request will only come as a result of a CV-19+ test result.
Right. They can change things with the next silent update anyway. In Germany they also started requiring turning on the GPS while using it. Initially it wasn't necessary and only Bluetooth was needed. Who knows what they modify all the time. I have no spare capacity to follow these developments and when they decide to stop caring about privacy and go rogue in the name of harm prevention.
The apps used around Europe, including Germany's Corona-Warn-App, do NOT use GPS. It only asks for location permissions since it utilizes the exposure notification API that indirectly tracks your "location" relative to other users (i.e. the ID exchange)
I fail to see the difference. You say it doesn't use GPS, but then continue to say that it uses location data (and thus, I assume, GPS). So which is it? Or are you saying that the app doesn't receive the user location data, only Google does?
On android, a lot of APIs that have nothing to do with GPS (such as watching wifi networks, looking for devices on the same network, etc.) actually need the "location data" permission.
This is misleading, but it is made so because one could potentially use data harvested through those APIs to infer your location (for example, if an app has a map of wifi networks, knowing which networks are around allows it to infer your position)
Neither the App nor Google use location data. However, Google still prompts your for these permissions because, in their mind, the swapping of rotating IDs presents an indirect way of tracking somebody's location (although that data is solely stays on the device and is never transferred, unless a positive person decides to upload the list of IDs there were in contact with)
Even if it is perfectly safe with no potential for abuse, I deserve to make the decision to opt-in, not have it silently downloaded and installed. If the government thinks I am too stupid to understand how safe it is or that I should just trust them more, that is totally on them. They either need to communicate well or fix the trust issues.
> having a person phone number can lead to eventually identify that person while that internal trace id it might use, won't.
What? Many many bad people seem to somehow have my number. Practically daily I get an SMSs saying "I've been transferred $5000 to the please login to confirm your transaction .." or some such. I block but they keep on coming. Now, I think I'd rather the person who was responsible for these SMSs to have my phone number than a freaking app running on my phone, especially an app that was basically snuck on without consent.
Would it not be possible to send everyone currently in the state an SMS? I personally would be okay with the government having access to this type of PSA.
I'm not sure I get your point. The notifications are sent when system detects you were in contact with a person that tested positive, so mass messages don't make that much sense.
Unless you are referring to using the sms as a marketing way to encourage people to install the application...
“ When you get a device with pre-installed, uninstallable, or auto-installed apps.”
We’ve never had televisions in the house, but I finally broke down and bought a television so my kids could watch Disney+ on the big TV. The first television I purchased was a Samsung, and it came with these apps that I could not uninstall, did not what, and in fact used storage space that I couldn’t do anything about. I put it back in the box and took it back to the store, and got an LG. Very frustrating experience.
If people don't want to install the app, then that should be the end of it. The government's inability to convince people to install the application should not justify the application being installing it anyway. Just the contrary.
I'm not from NL, but I am someone that did not install the COVID tracing app that our government provided (for voluntary installation).
My reason was that I was not convinced by the PR that it is actually privacy safe. Just repeating "it uses a safe API, trust us/Google/Apple" was not enough for me.
The subcontractor that made the app did dump some source code on GitHub saying "see, we have nothing to hide". However it was very obviously not the same code as the app published on the Play store (for start, it had a different version number), it had a cleared out commit log, etc. Questions about that went unanswered as far as I know.
I try my best to prevent COVID spread, wear a mask, got vaccinated as soon as possible, etc. I think it's more likely that the thing with the app was just developers not wanting to bother too much with things they were not paid for than anything nefarious going on. However it raised enough red flags for me that I was not comfortable installing the app on my phone.
> While Android users can, in theory, opt to turn off Google Play Services, users of the Covid-19 contact-tracing app in Ireland cannot turn the surveillance off if they want the contact-tracing app to work. This means the collection and use of this data is unavoidable for people who wish to use the app.
> The data shared includes long-term, unchangeable identifiers of the phone users, including their phone’s IP address, WiFi MAC address, International Mobile Equipment Identity (IMEI) number, SIM serial number, phone number and Gmail address, as well as fine-grained data from other, potentially sensitive apps, such as banking, dating or health apps. This is data which, when considered together, has the potential to draw a very detailed map of our lives and activities.
This story was posted to HN last year, and received a tiny fraction of the upvotes of the story promoting the Irish / Google / Apple app's privacy features. Which would explain why you are downvoted, despite having been proven correct well over a year ago.
> users can, in theory, opt to turn off Google Play Services, users of the Covid-19 contact-tracing app in Ireland cannot turn the surveillance off if they want the contact-trac ing app to work. This means the collection and use of this data is unavoidable for people who wish to use the app.
I would find it quite amusing if someone submitted a gdpr complaint saying that unnecessary data collection is not optional.
Still, the point I was making is that Google absolutely lied about what their app was sending; and people who distrust them are more than justified to. The privacy virtues of the Irish app in particular were the subject of much lauding - when it was shortly after :proven: to be bullshit, that story got less than 1% of the traction.
If someone has stock Android with Google Play Services disabled, the app won't work. The instructions to install the app don't mention installing a replacement, they tell users to enable Google Play Services.
It's smart. The result of using these apps is that lots of people have to quarantine, even though these policies have not resulted in any impact on the virus in any way, and even though there can be test false positives (which is officially denied, so there is no way to appeal any positive test result). Why would people want to sign up for that?
If you think legislation is the answer, I’ve got a bridge to sell you. Who do you think writes the legislation and hands it to X representative? How niave...
HN crowd has fallen pretty far. Used to be WE build the things that make our lives better and now the top comment is calling for some ethemeral they to come up with legislation?
That’s BS. And, antithetical to any builder/havker ethic.
> This defeatist attitude toward legislating is self-perpetuating. We can at least hold our representatives accountable.
What can we do? I have no confidence that Congress will act in my best interest. Congress has some "partisan deadlock" but somehow I feel confident Intel's payday will go through without a bumpy ride
> U.S. senators propose 25% tax credit for semiconductor manufacturing (reuters.com)
We can't even get a modest broadband Internet infrastructure bill passed.
> Widespread fiber-to-the-home deployment would make a bigger difference for more Internet users than Starlink. President Joe Biden pledged to lower prices and deploy "future-proof" broadband to all Americans, but he's already scaled back his plan in the face of opposition from Republicans and incumbent ISPs. AT&T has been lobbying against nationwide fiber and funding for municipal networks, and AT&T CEO John Stankey expressed confidence last week that Congress will steer legislation in the direction that AT&T favors.
> Biden's pitch to build "future-proof" broadband technology is also facing opposition from broadband providers who don't want to build fiber-to-the-home networks in rural areas. Just before Biden announced his plan, AT&T said it opposes subsidizing fiber-to-the-home deployment across the US, arguing that rural people don't need fiber and should be satisfied with Internet service that provides only 10Mbps upload speeds.
I admit I got your comment a bit confused with another talking about local government. But the solution I think is in the same direction - start local. The few hundred people in congress aren't self-sufficient. They need support from the rest of the party machines to get campaign money and turn money into votes. Changing what the parties will support at the local level changes who gets the big money and who gets elected.
Shorter version though: campaign finance reform, oppose voter suppression, and ranked-choice voting.
Ok those other things I mentioned were still pretty daunting I guess. But corporations are still not interested in having their actions called out. Relatively low-budget operations like https://popular.info/ get good results in shifting behavior of big companies. (Note you can skip the signup page, just click "Let me read it first").
That was viable when computers were a tiny part of the world, but not when our power to change things became to great to be ignored.
Even back in the day when you could convince a public payphone to work for free by whistling the right way, that kind of interference in a public communications channel was enough for the powers that be to get worried. Now? Now phones are effectively universal, and every government can afford to pay developers to insert obfuscated backdoors in open source code, while the richest could do the same with the hardware from the silicon wafer up to the finished product. And they do, because they want to keep their power.
Just as you go to war with the army you have rather than the army you want, if you seek to improve our security and freedom you have to use the political power structures that exist rather than the ones you want to exist.
Or how about people just use GNU instead of GAFAM crapware? Turn "silently installing things in the background" off by default and maintain user control over all their hardware.
It's not like Richard Stallman hasn't been warning of this sort of thing happening for decades - the GNU project exists for a reason, and we should use their code for general purpose computing.
I think covid has shown that when the world is faced with a pandemic, not everyone agrees on what's common sense is in terms of how to respond as a society/government.
The difficulty of taking a government-sponsored and government-accessible substantial privacy risk (at a minimum) is something that some will find utterly unacceptable and others will think might be concerning or unacceptable in general but is righteously justified in this specific situation.
The first group’s common sense says “don’t install”; the second group’s common sense says “install via subterfuge if necessary”.
The installation of this app, even done with good intent, open a lot of questions on what should be possible or not to be done by government and corporations.
When you get a device with pre-installed, uninstallable, or auto-installed apps. What are the rules?
> "By enabling this service, you can be quickly notified if you’ve likely been exposed to the virus by another MassNotify user, allowing you to reduce risk to your loved ones, seek medical attention, and slow the spread in your community."
In this case it seems that the same goal could have been better achieved by SMS that do not depend on the brand of your phone. The dependency on proprietary app stores and OSs seems a risk for the continuation of a free and reliable communications.
The only thing that is impossible to achieve without an app is to allow the user to select contacts to whom send a notification. Corporations like Google, and Apple know the list of all your contacts. So, it seems that the intention of the app is to reduce friction and send notifications as easy and effortlessly as possible to avoid that procrastination causes people to delay the warning.
But, instead of the silent install the government could have spend money in advertisement campaigns to assure a correct amount of installations. It costs money, but, people pay taxes so the government can engage on this type of initiative at a scale. This could have been a very good alternative, even if it means increasing the budged. Medical emergencies are worth the investing.