So the Australian government is going to roll out Singapore's TraceTogether mobile phone app. 
Fucking idiots.
I decided to look into the details of the app: it's a privacy nightmare. Fortunately the app is open-source, but that's about the only positive thing I have to say about. I certainly won't be installing it on my phone, that I leave at home most of the time anyway because I don't like carrying a mobile with me everywhere I go and never have. I don't use phone apps. And that's before we even get to the privacy problems.
The Australian government says for the app to be effective that at least 40% of Australians need to use it.
In Singapore only 20% of people use it and they're more used to their government being privacy-intrusive. Add to that the fact that the Australian healthcare system has way higher privacy than that of most other democratic nations and you have a real problem on your hands. Confidentiality of health information is built-in fundamentally to our system. If we just compare directly to the UK as one example, in the UK if you register with a GP your medical records are sent to them whether you consent to it or not. But you also have to register with a GP in your area within a certain amount of time after moving to a new location. If you live in an area that you go and see a NHS GP they are REQUIRED to register you as a patient. Your medical records then get sent from the GP you used to be registered with whether you want them to be or not. This is because of their archaic funding model: NHS GPs are paid a flat-rate per patient on their books and they obviously don't want patients registered with multiple GP surgeries otherwise the State is paying double, triple, or even more for that patient's care! In Australia it's completely different - if you register with a doctor's surgery you can, if you choose and when you choose, have your medical records transferred. You get to actually see your doctor and start building trust before you decide if you want to entrust them with all your sensitive medical records. Even the government database "My Health Record" requires patient's consent before a GP can access their records.
The app was designed incredibly poorly. And that's to put it lightly. It should be an informative app that never leaks any user's identity to the central server at any time. Before I even read the report linked up above I already imagined how this could be easily achieved. That's not what it does. The central server, or as it's called in the study "central authority", stores everyone's identity. So what happens if it get hacked? The hacker will have a list of infected person's phone numbers, and a list of everyone they came into contact with, and all you need to do from there is a reverse-phone search for their identities.
You need to design it such that we assume the central server is compromised and cannot be trusted. Then as mentioned in the above link you have the clients generate their own locally and securely generated cryptographic randomised identities (not "hashed" from anything) - and when someone is diagnosed with Covid-19 they can choose, if they want to, to upload their cryptographic identities anonymously to the central server. Then other users should be informed that they've been in close contact with a known case: this should include approximate GPS location if available (locally from the client's phone) and the date and time of the contact. They should also be given a range of options as to how to respond, such as sharing with a nearby clinic that tests for CoVid-19, or, simply storing the information and not broadcasting it to anyone so you can go to a clinic yourself and show them that the app says you have been in contact with a CoVid-19 case in the last 21 days but without sharing any other sensitive information.
That's how it should be designed. But that's not how it's designed and I would not suggest anyone use it in its current form. In its current form it does ask consent from the confirmed case client of Covid-19 to share their status, but it does not ask any consent of the contacts to share their information with the central database. And the central database knows everyone's identity. Again, no privacy advocate in their right mind would endorse this app. Not until the central server is stripped of all information other than the cryptographic identities that are uploaded anonymously (i.e. over onion routing).
Well not all of them, but some of them certainly. Anorexia definitely weakens the immune system.
Fucking idiots.
I decided to look into the details of the app: it's a privacy nightmare. Fortunately the app is open-source, but that's about the only positive thing I have to say about. I certainly won't be installing it on my phone, that I leave at home most of the time anyway because I don't like carrying a mobile with me everywhere I go and never have. I don't use phone apps. And that's before we even get to the privacy problems.
The Australian government says for the app to be effective that at least 40% of Australians need to use it.
In Singapore only 20% of people use it and they're more used to their government being privacy-intrusive. Add to that the fact that the Australian healthcare system has way higher privacy than that of most other democratic nations and you have a real problem on your hands. Confidentiality of health information is built-in fundamentally to our system. If we just compare directly to the UK as one example, in the UK if you register with a GP your medical records are sent to them whether you consent to it or not. But you also have to register with a GP in your area within a certain amount of time after moving to a new location. If you live in an area that you go and see a NHS GP they are REQUIRED to register you as a patient. Your medical records then get sent from the GP you used to be registered with whether you want them to be or not. This is because of their archaic funding model: NHS GPs are paid a flat-rate per patient on their books and they obviously don't want patients registered with multiple GP surgeries otherwise the State is paying double, triple, or even more for that patient's care! In Australia it's completely different - if you register with a doctor's surgery you can, if you choose and when you choose, have your medical records transferred. You get to actually see your doctor and start building trust before you decide if you want to entrust them with all your sensitive medical records. Even the government database "My Health Record" requires patient's consent before a GP can access their records.The app was designed incredibly poorly. And that's to put it lightly. It should be an informative app that never leaks any user's identity to the central server at any time. Before I even read the report linked up above I already imagined how this could be easily achieved. That's not what it does. The central server, or as it's called in the study "central authority", stores everyone's identity. So what happens if it get hacked? The hacker will have a list of infected person's phone numbers, and a list of everyone they came into contact with, and all you need to do from there is a reverse-phone search for their identities.
You need to design it such that we assume the central server is compromised and cannot be trusted. Then as mentioned in the above link you have the clients generate their own locally and securely generated cryptographic randomised identities (not "hashed" from anything) - and when someone is diagnosed with Covid-19 they can choose, if they want to, to upload their cryptographic identities anonymously to the central server. Then other users should be informed that they've been in close contact with a known case: this should include approximate GPS location if available (locally from the client's phone) and the date and time of the contact. They should also be given a range of options as to how to respond, such as sharing with a nearby clinic that tests for CoVid-19, or, simply storing the information and not broadcasting it to anyone so you can go to a clinic yourself and show them that the app says you have been in contact with a CoVid-19 case in the last 21 days but without sharing any other sensitive information.
That's how it should be designed. But that's not how it's designed and I would not suggest anyone use it in its current form. In its current form it does ask consent from the confirmed case client of Covid-19 to share their status, but it does not ask any consent of the contacts to share their information with the central database. And the central database knows everyone's identity. Again, no privacy advocate in their right mind would endorse this app. Not until the central server is stripped of all information other than the cryptographic identities that are uploaded anonymously (i.e. over onion routing).
(04-15-2020, 04:49 PM)Gawdzilla Sama Wrote: Actually they tend to being anorexic.
Well not all of them, but some of them certainly. Anorexia definitely weakens the immune system.
