Chat about Novel Coronavirus - 2019-nCoV - COVID-19

Posted on
Page
of 1,101
First Prev
/ 1,101
Last Next
  • No need. they're already doing that at cellphone network level.

  • Example of one of the Chinese cities hoping to make the app permenant over there
    https://www.theguardian.com/world/2020/may/26/chinese-city-plans-to-turn-coronavirus-app-into-permanent-health-tracker

    Regular track and trace the old fashioned way it supposed to be pretty effective. the app is just the cherry on the cake. However, I don't have to use public transport at the moment, so am not coming in to close contact with lots of random people.

    For the conspiratoral minded and those skeptical of Goverment intentions:
    https://bylinetimes.com/2020/05/14/whitehall-analytica-the-ai-superstate-part-1-the-corporate-money-behind-health-surveillance/

  • Here's what the National Cyber Security Centre say about the app: https://www.ncsc.gov.uk/blog-post/security-behind-nhs-contact-tracing-app

    I'm not trying to convince anyone to use anything. But it's worth knowing what it's actually doing (or, if you're more conspiratorial in nature, what they claim it's doing).

    And yeah, NHS data has massive potential for a lot of private businesses - and it's already happened/been happening (see the controversy around DeepMind's deal with the NHS).

  • Here's what the National Cyber Security Centre say about the app: https://www.ncsc.gov.uk/blog-post/securi­ty-behind-nhs-contact-tracing-app

    I'm not trying to convince anyone to use anything. But it's worth knowing what it's actually doing (or, if you're more conspiratorial in nature, what they claim it's doing).

    And yeah, NHS data has massive potential for a lot of private businesses - and it's already happened/been happening (see the controversy around DeepMind's deal with the NHS).

    That's Ian Levy, I've interacted with him professionally and he's a clever chap, but (with regards to my subject area) he a) believed he knew what he was talking about and b) didn't.

    The Registers analysis of that article and the app is interesting: https://www.theregister.com/2020/05/14/nhs_contact_tracing_app/

  • I don't know anything about Ian Levy, but I think the point on centralized vs decentralized models is well made in the NCSC post. If I was in a position where I had to choose which to use, I'd prefer centralized. It also makes it clear that there is no geo-location data being tracked, and users are anonymous (as we would generally understand the word to mean).

    The Register article raises important issues around bugs. But it's also three weeks old and talking about a beta version of an app. It's point on anonymity is a technical one. The headline is misleading, IMO (although given the audience of The Register, this may be forgiven). Most people who read that will assume the app, and therefore the government, is actually able to identify users despite what they claim. That's not the issue though. It questions whether having anonymized identifiers linked to phones actually fulfills GDPR requirements for the technical/legal use of the word anonymous.

    Anonymity has a very precise definition under the prevailing legislation, including the European General Data Protection Regulations, and it’s unclear whether the current implementation meets that standard. This is due to the app’s practice of pinpointing phones with specific identifiers.

    Recital 30 of Europe's GDPR states that: “Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols."It provides a few examples, including IP addresses, cookie identifiers, and RFID tags. The concern is that these identifiers — which are linked to actual people in a one-to-one relationship — can be used to create profiles of the individuals they belong to.

    I'm not sure it's possible to get around this issue while achieving the goals of a centralized model.

    #notmyfieldofexpertise

  • Comes down to trust, I do not trust this government to have my data. They use "guided by the science" as a shield behind which they do what they consider politically expedient (release the lockdown) or politically existential (keep Cummings in place to run the country despite clear breaches of the regulations he shaped).

    Yes the centralised model makes sense from the perspective of a centralised scientific response - but we don't have that, we have a centralised political response that uses soundbites from Scientists when it suits them.

  • All valid gripes.

  • The NI health advisor said he doesn't think apps are all that effective.

    They aren't really promoting it here, yet?

  • I might be missing something but there don't seem to be any actual changes to the code in the Android version for more than a month and yet the Android app in the Play Store was updated yesterday.

  • This popped up a while ago - that they were releasing versions that weren't the same as the one in Git - assume the fear was that the open sourcing of it was in name only.

    https://github.com/nhsx/COVID-19-app-Android-BETA/issues/49

    I didn't really follow it up - it looks like there have been pushes recently so maybe it's no longer a valid gripe. Personally I simply don't trust them to either produce something ethically, to not use the data improperly or (even if done properly) to act on it effectively and impartially.

  • I was just working through the issues to see if @jellybaby's point was noted - nice one. This is the "official" response:

    Hello all - and thank you for your patience.

    The app is still being actively developed in our private GitHub repos.
    We're learning from all your comments, along with the security issues
    raised through HackerOne.

    At the moment, all of our effort is going into building, refining, and
    testing the app. The development team is focused solely on that.

    Preparing the app for an open source release takes time. We have to
    make sure that all secrets and keys have been redacted, that all
    developers' personal details have been removed, that the git history
    doesn't contain anything untoward, that we haven't accidentally done
    something to compromise security, that the licence files are correct
    etc.

    Additionally, it's difficult to code in the open on a high-profile
    project like this. We want to give our developers the space to work
    safely and effectively.

    My job is to make sure that the source code gets released alongside
    the public binary - and that it is released under a FOSS licence. I'm
    working as hard as I can to achieve that goal.

    Thank you all for holding us to account over this.

    To be fair, that's how I work on github. But mostly because I don't want people to see my shit code until I absolutely have to share it. And I'm not developing a pandemic track-and-trace app.

  • Aha, further down in that issue:

    Hello all - and thank you for your patience.

    The app is still being actively developed in our private GitHub repos.
    We're learning from all your comments, along with the security issues
    raised through HackerOne.

    At the moment, all of our effort is going into building, refining, and
    testing the app. The development team is focused solely on that.

    Preparing the app for an open source release takes time. We have to
    make sure that all secrets and keys have been redacted, that all
    developers' personal details have been removed, that the git history
    doesn't contain anything untoward, that we haven't accidentally done
    something to compromise security, that the licence files are correct
    etc.

    Additionally, it's difficult to code in the open on a high-profile
    project like this. We want to give our developers the space to work
    safely and effectively.

    My job is to make sure that the source code gets released alongside
    the public binary - and that it is released under a FOSS licence. I'm
    working as hard as I can to achieve that goal.

    Thank you all for holding us to account over this.

    That's not what I'd call Open Source and means if having the code in the open is a factor in if you would install the app or not I think you should treat it as closed source. But I'm perhaps just a paranoid nutter on the Internet.

  • I'm not so worried the code is insecure, the data storage issues are my main issue.

    Of course trying to explain the issues to people takes ages, followed by "it'll be fine" so all Covid Cummings has to do is a "you are a bad person endangering others if you don't install it" campaign.

    Though that's intelligent and after his recent castle visit fuckup...what is he really at? Aside for jobs for his mates?

  • Data storage is going to be with whatever partner Cummings wants, but it's definitely going to include Palantir, Peter Thiel's company. For that reason alone I won't be going near it.

  • A couple of recent examples of mistrust:
    Brings in quarrantine, then discusses (attempts to) with airlines
    Changes hospital face mask policy, then discusses with hospital
    Brings in App then...

  • Our lockdown wasn't shit. SA had an alcohol ban, which they've just relaxed. My mate in Jo'burg just sent me a video of a queue of hundreds of people singing outside the liquor store at 8am, in advance of a 9am opening. Heartwarming.

  • Palantir is also NSA funded.

    So no thank you. I know, a bit 3 for 2 tinfoil hat time however some of the Cambridge analytica tactics are also old NSA propaganda.

  • No app here. Even if/when I go back to the office I always cycle. If I need to be contact traced it will almost certainly be from someone I know, not a random.

  • I don't think it's a paranoid worry. I understand what the guy is saying about protecting his devs, and Occam's razor suggests that it's likely the true explanation.

    However, in my mind his/her explanation should just mean that stuff isn't pushed publicly - not that the app is released anyway without a public code review available.

    I've never done open source dev though - I could easily be wrong about how it's done. This isn't a game changer for me in any case as I never would have installed it, but it's a point of interest.

  • Honestly the quality of the code in the app isn't the main concern, it's how they treat the data, who they give it to and how they store it that's my worry. These kind of databases have a habit of being held insecurely and/or hacked, not to mention just directly giving it to unknown companies.

  • Data will be fine. I watched that Baroness Dido in the select committee, very reassuring, she had all the stats at her fingertips and what with her excellent record in this area there can’t be anything worth worrying about.

  • Ditto Rupert Soames.

  • The Death Secretary apparently not keen on answering crazy leftfield hypotheticals such as 'what are you actually going do to lockdown a local area?'

    https://twitter.com/DanielHewittITV/status/1269604159004737536

  • It’s weirdly specific, unanswerable question though isn’t it?

    It depends on;

    • size/proximity of outbreak
    • likelihood of transmission
    • vulnerability of individuals
    • who ‘you’ are (critical or non critical role)
    • where you are on the timeline of tests being returned
    • a bunch of other shit

    I think the journalist thinks ‘lockdowns’ will be of regions. That’s less likely than closing of (for example) a hospital or an office or business.

  • Post a reply
    • Bold
    • Italics
    • Link
    • Image
    • List
    • Quote
    • code
    • Preview
About

Chat about Novel Coronavirus - 2019-nCoV - COVID-19

Posted by Avatar for deleted @deleted

Actions