> In this case it seems that the same goal could have been better achieved by SMS that do not depend on the brand of your phone. The dependency on proprietary app stores and OSs seems a risk for the continuation of a free and reliable communications.
While installing an app without users consent can be as questionable as you want, the point about these apps are not the notifications itself but about the contact tracing which is achieved through the bluetooth functionality.
also, sending sms messages has other privacy concerns that the tracing apps have tried to avoid from the very beginning. having a person phone number can lead to eventually identify that person while that internal trace id it might use, won't.
This sounds worse to me? Rather than violation of a relatively small privacy (phone number), you instead get timestamp social graph interactions in the physical world. This seems like fat more extreme an invasion than the former.
The whole protocol was designed very cleverly from the start to avoid all the privacy blocks that might inhibit people from using it [1], because the main drawback in this is that it's completely useless unless you have a critical mass of users that actually use it.
It is very difficult to explain to people that are not curious about the technology and all they hear is 'tracing = tracking = no privacy'.
I imagine this is why this app has been silently pushed, but in my mind just having it available and active on phones does not help you that much if the same users are also not aware and actively reporting their infections. So you will have a very small group that consciously install it and when they get infected they report; a lot larger group will get a notification that they have been close to an infected individual. I suppose they hope that by showing those notifications then people that subsequently get tested positive will be curious enough to find out how they should report in, etc. It's risky especially seeing this backlash about silent installations...
>It is very difficult to explain to people that are not curious about the technology and all they hear is 'tracing = tracking = no privacy'.
But this is literally true. This is an app pushed to people remotely without their consent or even knowledge. People cannot trust the claim that there is no privacy gotcha involved in this, especially when previous attempts seem to have opened the log of this information to all installed apps:
Is there something special about it being an app? Because the contact tracing framework that the app uses was already pushed to people remotely without their consent or knowledge - as well as the contents of every update ever to Google Services Framework. And in the big scheme of shady shit that Android does without the user's consent or knowledge, that's a pretty benign, privacy-respecting one.
Read up on how the contact tracing apps work. They do not upload your data to the cloud. Phones broadcast a rolling random identifier, other phones collect received identifiers, and only on confirmed infection does the person's phone upload its last two weeks of broadcast IDs to the cloud, where other phones can grab them and cross-check.
Having someone's phone number allows you (via the phone company) to trace their location at any time, forever. That is much worse.
Edit: Surely we can come up with a more approachable explanation for less technical folks, though? Here's an attempt:
"Contact tracing respects your privacy and does not send your location to the cloud.
Instead, your phone makes up a new random name every 15 minutes and broadcasts it to nearby phones. It remembers the last two weeks of names it used, as well as the last two weeks of names it heard from other phones.
When someone catches COVID-19, they register it in the app. Their phone then uploads the last two weeks' worth of names it used to the cloud, where other phones can download the data. The names aren't connected to their identity, all they represent is someone who caught COVID-19.
If your phone finds a match between a name it has recently heard and the online database, it sends you a notification. After 2 weeks the data is erased, so you are only notified if you were near an infected person in the past 2 weeks.
Since the random names change every 15 minutes, nobody can track you or know that you are the same person as last time they saw your phone. The data is only stored locally, so after it is deleted two weeks later, there is no way to go back and recover it."
How's that?
(Edited because without the intro sentence it sounded like I was trying to imply the parent didn't get it; that wasn't my intent.
Still too complicated. I saw a comic version once, working through an actual example with some example IDs and it used phrases like "sends to the hospital" or "asks the hospital" etc. instead of downloading from the cloud.
Very non-technical people are not familiar with the basic concepts involved.
"Makes up a new random name and broadcasts it to nearby phones" is something they'd struggle with if they never heard or thought about random number generators, don't understand Bluetooth etc.
Also don't underestimate learned helplessness. Many will stop reading if it looks technical because they "can't understand that sort of thing. " Many such people never ever read such lengthy step by step technical documentation. It seems to them as a quantum physics experimental setup description sounds to the average programmer.
Learned helplessness is so real. My partner works at a help desk, and I constantly hear stories of older folks just mentally shutting down as soon as she has them open the start menu or a settings menu.
I even see it in myself, a super curious neophile software/hardware hacker. Sometimes I'll come across some particularly arcane API docs and it's like my brain just goes "tl;dr" to the whole thing and tries to immediately find a way to avoid interfacing with it.
That mental switch of "ah this is overwhelming, eyes glaze over" is all too easy to trip, even if you push through it and it really is not that bad after the fact.
It's also an ego-threatening thing. Often the older folks or otherwise nontechnical people are socially higher status and being lectured about something that they may not understand sounds dangerous to them or they take it as being challenged by them, especially if the person explaining it is lower social status, younger, "just a kid" etc.
It's easier for them to just refuse to participate and dismiss the topic as irrelevant, than to take up the game and then perhaps be seen as "dumb".
And this state of affairs is actually quite unnatural. The natural course of things over the millennia was that older people are more experienced and can give direction and advice to the young ones. Sure, this is still true in some "soft" topics, but the generational gap in understanding how the modern world works has never been so large.
When someone has lived 70+ years and done fine for most of those years. What is the use for them to learn what an "icon" on the "desktop" is, and why should they care about "browsers"?
This very much feels like justification for victim blaming.
Because the world changes. You don't change, you get left behind, sometimes in very important ways. (For example, my wife's licensing board now sends the renewal stuff only by e-mail, not snail mail. There are a few old-school people who have to get someone else to get the form for them.)
I prefer token over name, otherwise I think it's decent.
Here's my crack at it for fun:
Exposure Notification apps are a privacy preserving technology to help prevent the spread of COVID-19.
They don't collect or log any location data which is what makes them private.
Instead, a phone equipped with the app will continuously log and broadcast random tokens that change every 15 minutes.
Nearby phones with the app will take note of the token and the signal strength, while broadcasting a token of their own.
Each day the app downloads a public list of tokens that have been shared by people who have tested positive for COVID-19.
If your phone has been around a number of these tokens, it will notify you to get tested and self-isolate.
If you test positive for COVID-19 yourself, your doctor will give you a key to enter into the app. Entering the key will upload your tokens to the public list.
While exposure notification apps do preserve privacy, they are limited in effectiveness without widespread adoption. Additionally they are not a suitable replacement for traditional contact tracing.
Ahh apologies. It's not the wording of your paragraph, I understood both very well, they are well written.
It's a more fundamental understanding of stuff that's hard by those who are most at risk. The old, the vulnerable etc.
It's the old digital divide idea. My neighbor doesn't have any internet connected devices, for example. But she would benefit much more from the app than 40 of her mask wearing, young, self isolating, working from home fellow city inhabitants.
I didn't want to imply you didn't understand it; I was trying to come up with a more accessible explanation that might help others do so and help drive adoption.
You're right that it's not easy to explain, but surely we can come up with something that gets the idea across? :)
Well what do we expect? We've been shoving privacy down peoples throats for years.
You can't now expect them to be rational and trust us with: "don't worry we know privacy is bad, but THIS privacy breach is okay. Again trust us this is because of covid, we're the good guys."
> only on confirmed infection does the person's phone upload its last two weeks of broadcast IDs to the cloud
Alternatively phrased: “only upon government request does the person’s phone upload…” with the implied promise that such request will only come as a result of a CV-19+ test result.
Right. They can change things with the next silent update anyway. In Germany they also started requiring turning on the GPS while using it. Initially it wasn't necessary and only Bluetooth was needed. Who knows what they modify all the time. I have no spare capacity to follow these developments and when they decide to stop caring about privacy and go rogue in the name of harm prevention.
The apps used around Europe, including Germany's Corona-Warn-App, do NOT use GPS. It only asks for location permissions since it utilizes the exposure notification API that indirectly tracks your "location" relative to other users (i.e. the ID exchange)
I fail to see the difference. You say it doesn't use GPS, but then continue to say that it uses location data (and thus, I assume, GPS). So which is it? Or are you saying that the app doesn't receive the user location data, only Google does?
On android, a lot of APIs that have nothing to do with GPS (such as watching wifi networks, looking for devices on the same network, etc.) actually need the "location data" permission.
This is misleading, but it is made so because one could potentially use data harvested through those APIs to infer your location (for example, if an app has a map of wifi networks, knowing which networks are around allows it to infer your position)
Neither the App nor Google use location data. However, Google still prompts your for these permissions because, in their mind, the swapping of rotating IDs presents an indirect way of tracking somebody's location (although that data is solely stays on the device and is never transferred, unless a positive person decides to upload the list of IDs there were in contact with)
Even if it is perfectly safe with no potential for abuse, I deserve to make the decision to opt-in, not have it silently downloaded and installed. If the government thinks I am too stupid to understand how safe it is or that I should just trust them more, that is totally on them. They either need to communicate well or fix the trust issues.
> having a person phone number can lead to eventually identify that person while that internal trace id it might use, won't.
What? Many many bad people seem to somehow have my number. Practically daily I get an SMSs saying "I've been transferred $5000 to the please login to confirm your transaction .." or some such. I block but they keep on coming. Now, I think I'd rather the person who was responsible for these SMSs to have my phone number than a freaking app running on my phone, especially an app that was basically snuck on without consent.
Would it not be possible to send everyone currently in the state an SMS? I personally would be okay with the government having access to this type of PSA.
I'm not sure I get your point. The notifications are sent when system detects you were in contact with a person that tested positive, so mass messages don't make that much sense.
Unless you are referring to using the sms as a marketing way to encourage people to install the application...
While installing an app without users consent can be as questionable as you want, the point about these apps are not the notifications itself but about the contact tracing which is achieved through the bluetooth functionality. also, sending sms messages has other privacy concerns that the tracing apps have tried to avoid from the very beginning. having a person phone number can lead to eventually identify that person while that internal trace id it might use, won't.