COVIDSafe app scepticism

The Government illustrates their “Do as I say, not as I do” policy.

4 Likes

It leaves the answer open to inference. The evasiveness of Morrison and the Deputy CMO has probably put paid to any chance the app had (subsequent backflip notwithstanding).

Hence:

which is not what I’d call a vote of confidence.

So what are we to believe? The obvious inferences to be drawn from the initial evasive equivocation (in context of increasingly authoritarian reactions to things like campaigns against fossil fuels) or subsequent political withdrawal in the face of reactions?

As pointed out above, we have systems that we know work. All things considered, the app will probably fail. So why is our government so keen? The app is comparatively cheap. It also has potential for purposes other than contagion tracing.

I feel that more conventional contact tracing resources would be a far better investment. Unglamorous though it might be, sewage testing is probably a far more cost-effective way to measure spread of the virus.

[edit]
Subtle! :laughing:

4 Likes

Interesting take:

I am pretty sure nobody really wants to know what Barnaby gets up to in any given day. After you have been entertained at length by one performer they pale and you go looking for variety. As The Donald has shown even if you have an endless supply of novel absurdity it gets boring.

1 Like

It isn’t “all or none”. There are subtleties in what the app actually is and does. It shouldn’t need to be “here is the one and only app, take it or leave it”.

If it is so important that everyone gets on board this one time then … for once in its miserable little life the Australian government could take seriously the privacy and security concerns that have been expressed time and time again, and ignored time and time again, in the past.

Since, apparently, the app is not available yet, why are they not using the time wisely to address the genuine concerns that people have?

I already gave a quick summary at the bottom of Secrecy, privacy, security, intrusion - #240 by phb above.

:+1:

This is the one thing that governments have been really successful at over the last 20 years. :frowning:

Only really effective though if a substantial fraction of everyone else installs the app.

3 Likes

More on the tracing app.

I listened yesterday to an explanation of the work Google and Apple have been doing on contact tracing. This is something that will be built into their phones’ operating systems, so apps will be able to simply plug into it.

From the description that I heard, the app will be anonymous end-to-end. It does not send the user’s phone number, device ID or anything like that to a central point - but does send an encrypted blob every ten minutes. If someone reports to the app that they have been diagnosed with COVID-19, their blob reports to the central blobosphere, which then identifies other blobs with which they shared space and reports back to those blobs.

I cannot do the work justice, so if you want to take a fairly deep dive start on page 10 of this PDF.

There is one obvious problem with this, that I suspect will bring it unstuck fairly quickly once implemented. Everyone is anonymous, and an individual is responsible for telling the app that they have been diagnosed with COVID-19. What do we know about anonymity and individual behaviours? There will be a few idiots who deliberately set off false alarms, and testing resources will quickly be overwhelmed.

I do not trust my government to do it right and with adequate security and privacy safeguards, but the alternative is total anonymity which I think is doomed to fail because people are jerks.

5 Likes

Government selects Amazon for cloud storage for coronavirus tracing app.

What could possibly go wrong?

And a software developer calls for the Government to wait for updates from Google and Apple.

2 Likes

Heaps, and I’m not even referring to sending our data offshore:

1 Like

Then it’s a “no” from me.

While it is possible that the secret parts of the code are where yet another backdoor is hidden, it is more likely that this is where the security weakness is (“security through obscurity”). You can bet that Chinese government cyber agents will be reverse engineering that part of the code even if we in Australia don’t get to see it. What is wrong with this picture?

Any claims about “how an app will work” that are not backed by complete source code are just hot air.

You aren’t anonymous when you get tested, I believe.

Perhaps this problem could be solved with a dual “key” system i.e. in order for your app to report in that you have been diagnosed with COVID, it needs both your authorisation and the tester’s authorisation. So if you get a positive result via text message that could include some kind of one-time-key from the tester, which you then input to the app to enable the app to report your diagnosis.

I haven’t read all the details but I haven’t seen anything specifically saying that the Bluetooth signal strength is relevant. A contact may be defined by
a) any successful Bluetooth data exchange, and
b) lasting for X minutes (X may be 15).

So the “paper-thin apartment walls” case would be a false positive but the “back to back” case would not be a false negative.

You could address the “apartment walls” case by disabling the app / disabling Bluetooth while at home with only the normal occupants of the property. (That means that if you test positive, the normal occupants would not be contact-traced automatically but presumably commonsense would deal with that.)

In that case, you’ll benefit from reading the article. IIRC a “contact” is defined as: within 1.5 metres for (I think) 15 minutes. Bluetooth has no way to measure distance, except signal strength.

3 Likes

One of my more paranoid acquaintances suggested that, if not enough people download the tracing app, then our government could just add tracing to one of their other apps. MyGov or the existing Coronavirus app, for example. The functionality (assuming they actually get it to work) could be incorporated as an “update”.

Here’s an idea. Make holding political office contingent on carrying around a device that tracks the individual’s position.

The real cause for concern:

And just because he asked:

[edit]
Some people really don’t like the idea:
image

2 Likes

I was coming around to the idea of the app until Amazon got the storage contract. If I barely trust our government, I have a VERY strong mistrust of the US government…

And yet for all that, I believe I will download it. I am in a very low risk group myself, but I work with the highest risk groups. As I have sacrificed freedom to do the things that I enjoy, I would be willing to sacrifice a measure of my privacy to help keep them safe.

3 Likes

Part of the concern is that this app normalises that level of scrutiny. It softens us up for the next rationalisation.

[edit]
Not like Australia’s tracing app, but similar issues:

1 Like

It could except that you would be notified that the app is asking for new permissions. Additionally, if you are on an iDevice I understand that the current app does not work except when it is in the foreground. That is, if you check your mail or post on this forum the app cannot track you until you switch back to it! (I am a little surprised it can track Android users in the background.) It also doesn’t yet work on iPads.

This is one of the reasons why Apple and Google are jointly developing an operating system-based solution that can run in the background. Of course, you still need to opt into whichever app uses that solution.

The app asks for the following permissions on Android:

I have so far been able to see its iOS permissions (and I’m not installing it just to check).

Also of interest, the government website that provides support for this app has an Amazon-issued security certificate! (I suppose that’s not too much worse that the Department of Health’s Let’s Encrypt certificate - except that in the app’s case we know that Amazon is providing the back end and collecting the data.)

6 Likes

An acquaintance reported receiving a zoom phishing email:

2 Likes

An article regarding concerns that Amazon may be forced to hand over data from the COVIDSafe app.

Hopefully there will be nothing of any use to other parties.

And another article regarding the app.

4 Likes

Class action underway against Optus for releasing the details of some 50,000 customers.

https://www.9news.com.au/national/optus-class-action-alleged-customer-privacy-breach-maurice-blackburn/cafd3620-c170-41cd-a91c-0fe105be5d6e

1 Like

You shouldn’t have to make that sacrifice.

If the government’s implementation were less lame then the same effects could be achieved, for better or for worse, but without sacrificing as much privacy.

2 Likes

Anything can always be better if just given more budget, more time, more expertise and more testing.

No matter what gets done the pundits will be commenting on deficiencies and so on. Sometimes getting the product in the hands of the users-consumers is more important than getting it perfect, and once in the consumers hands the product just might be quite valuable, deficiencies and all accepted.

Release V2.0 might improve it, or not :wink:

3 Likes