- From: Ian Smith <ian@vidicode.pro>
- Date: Sat, 11 Apr 2020 13:32:24 -0600
- To: David Booth <david@dbooth.org>
- Cc: Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CAG=j93Ad60P82HNTEO6f-R8foEo90U2Wr5G+pRCAYd9gHbjHNw@mail.gmail.com>
I think there is again some confusion among this group how technology works. It is a rotating random cipher, upload on positive, download to receive list of positives. The random cipher change frequently, the app holds them and doesn't share them. The app would work very well even without a cell or internet connection for tracing. The main software weakness on standard operation is the Bluetooth secret, but the protocol is cryptographically sound in a way that no information needs to be exposed. The biggest weakness is the health code credentials to unlock the upload process. Positive tests should be data mined. If the health code credentials are impersonated, the consequences are likely "a bad practical joke resulting in extra testing notifications." The main design challenge is making sure that if the same secret is used by multiple devices, that it errors appropriately. The comments regarding QR codes and images I don't understand in this context at all, there are no QR codes or images involved. The main limitation on efficacy is user adoption. I am going to highly recommend this app to everyone. I normally shout my pro privacy and security concerns about software, cell phones and corporations. I will also disassemble the app, reverse engineering the software to make sure it works as described. Ian Smith On Fri, Apr 10, 2020, 1:00 PM David Booth <david@dbooth.org> wrote: > "Across the world, governments, and health authorities are working > together to find solutions to the COVID‑19 pandemic, to protect people > and get society back up and running. Software developers are > contributing by crafting technical tools to help combat the virus and > save lives. In this spirit of collaboration, Google and Apple are > announcing a joint effort to enable the use of Bluetooth technology to > help governments and health agencies reduce the spread of the virus, > with user privacy and security central to the design." > > https://www.apple.com/covid19/contacttracing/ > > Comments, particularly on the privacy aspect? > > David Booth > > >
Received on Saturday, 11 April 2020 19:32:49 UTC