Me on COVID-19 Contact Tracing Apps

"My problem with contact tracing apps is that they have absolutely no value," Bruce Schneier, a privacy expert and fellow at the Berkman Klein Center for Internet & Society at Harvard University, told BuzzFeed News. "I'm not even talking about the privacy concerns, I mean the efficacy. Does anybody think this will do something useful? ... This is just something governments want to do for the hell of it. To me, it's just techies doing techie things because they don't know what else to do."

I haven't blogged about this because I thought it was obvious. But from the tweets and emails I have received, it seems not.

This is a classic identification problem, and efficacy depends on two things: false positives and false negatives.

False positives:
Any app will have a precise definition of a contact: let's say it's less than six feet for more than ten minutes. The false positive rate is the percentage of contacts that don't result in transmissions. This will be because of several reasons. One, the app's location and proximity systems -- based on GPS and Bluetooth -- just aren't accurate enough to capture every contact. Two, the app won't be aware of any extenuating circumstances, like walls or partitions. And three, not every contact results in transmission; the disease has some transmission rate that's less than 100% (and I don't know what that is).

False negatives:
This is the rate the app fails to register a contact when an infection occurs. This also will be because of several reasons. One, errors in the app's location and proximity systems. Two, transmissions that occur from people who don't have the app (even Singapore didn't get above a 20% adoption rate for the app). And three, not every transmission is a result of that precisely defined contact -- the virus sometimes travels further.

Assume you take the app out grocery shopping with you and it subsequently alerts you of a contact. What should you do? It's not accurate enough for you to quarantine yourself for two weeks. And without ubiquitous, cheap, fast, and accurate testing, you can't confirm the app's diagnosis. So the alert is useless.

Similarly, assume you take the app out grocery shopping and it doesn't alert you of any contact. Are you in the clear? No, you're not. You actually have no idea if you've been infected.

The end result is an app that doesn't work. People will post their bad experiences on social media, and people will read those posts and realize that the app is not to be trusted. That loss of trust is even worse than having no app at all.

It has nothing to do with privacy concerns. The idea that contact tracing can be done with an app, and not human health professionals, is just plain dumb.

👉🏼 Read more:
https://www.schneier.com/blog/archives/2020/05/me_on_covad-19_.html

#coronavirus #apps #tracing #tracking #privacy
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Monitoring COVID-19 from hospital to home: First wearable device continuously tracks key symptoms

Wireless sensor gently sits on throat to monitor coughs, fever and respiratory activity

EVANSTON, Ill. — The more we learn about the novel coronavirus (COVID-19), the more unknowns seem to arise. These ever-emerging mysteries highlight the desperate need for more data to help researchers and physicians better understand — and treat — the extremely contagious and deadly disease.

Researchers at Northwestern University and Shirley Ryan AbilityLab in Chicago have developed a novel wearable device and are creating a set of data algorithms specifically tailored to catch early signs and symptoms associated with COVID-19 and to monitor patients as the illness progresses.

Capable of being worn 24/7, the device produces continuous streams of data and uses artificial intelligence to uncover subtle, but potentially life-saving, insights. Filling a vital data gap, it continuously measures and interprets coughing and respiratory activity in ways that are impossible with traditional monitoring systems.

Developed in an engineering laboratory at Northwestern and using custom algorithms being created by Shirley Ryan AbilityLab scientists, the devices are currently being used at Shirley Ryan AbilityLab by COVID-19 patients and the healthcare workers who treat them. About 25 affected individuals began using the devices two weeks ago. They are being monitored both in the clinic and at home, totaling more than 1,500 cumulative hours and generating more than one terabyte of data.

👉🏼 Read more:
https://news.northwestern.edu/stories/2020/04/monitoring-covid-19-from-hospital-to-home-first-wearable-device-continuously-tracks-key-symptoms

#coronavirus #wearable #tracing #tracking #privacy
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

India's Contact Tracing App Is All But Mandatory. So This Programmer Hacked It So That He Always Appears Safe.

A software engineer from Bangalore was worried about being forced to download Aarogya Setu. So he ripped its guts out.

For days, Jay, a software engineer in Bangalore, watched with mounting alarm as people in India were forced to install the government’s coronavirus contact tracing app. Then, he rolled up his sleeves and ripped its guts out.

“I didn’t like the fact that installing this app is slowly becoming mandatory in India,” said Jay, who requested a pseudonym to speak freely. “So I kept thinking of what I could personally do to avoid putting it on my phone.”

Jay started work at 9 a.m. on a Saturday. He chopped away at the app’s code to bypass the registration page that required people to sign up with their cellphone numbers. More pruning let him bypass a page that requested personal information like name, age, gender, travel history, and COVID-19 symptoms. Then, he carved away the permissions that he viewed as invasive: those requiring access to the phone’s Bluetooth and GPS at all times

By 1 p.m., the app had become a harmless shell, collecting no data but still flashing a green badge declaring that the user was at low risk of infection.

“That was my goal,” said Jay. “I succeeded. You can show the green badge to anyone if they ask to check your phone and they won’t be able to tell.”

👉🏼 Read more:
https://www.buzzfeednews.com/article/pranavdixit/india-aarogya-setu-hacked

#hacked #india #coronavirus #tracing #app
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

EU-funded COVID-19 app ‘listens to voices and coughs’

A recently launched EU-funded mobile application records users’ breathing and coughing to diagnose cases of COVID-19, scientists involved in the project have said.

The initiative, which has been developed by researchers at Cambridge University and partially funded by the European Research Council through Project EAR, aims to build up a large, crowdsourced dataset in order to develop machine learning algorithms to be used in automatic disease detection.

It will collect demographic and medical information from users, in addition to “spoken voice samples, breathing and coughing samples through the phone’s microphone.”

In an attempt to allay privacy fears, researchers say that the app will collect ‘one coarse grain location sample’ but that it would not track users, only recording location data once when are actively using the software.

“The data will be stored on University servers and be used solely for research purposes,” the university added.

“There are very few large datasets of respiratory sounds, so to make better algorithms that could be used for early detection, we need as many samples from as many participants as we can get,” said Professor Cecilia Mascolo from Cambridge’s Department of Computer Science and Technology, the lead team on the app.

“Even if we don’t get many positive cases of coronavirus, we could find links with other health conditions.”

👉🏼 Read more:
https://www.euractiv.com/section/digital/news/eu-funded-covid-19-app-listens-to-voices-and-coughs/

#coronavirus #eu #tracing #tracking #app #privacy #surveillance
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Google and Apple announce Big Brother

https://www.xda-developers.com/google-apple-contact-tracing-coronavirus


📡 @NoGoolag
#Google #Apple #spyware #knowtheenemy #bigbrother #contact #tracing

Google and Apple announce Big Brother

https://blog.google/inside-google/company-announcements/apple-google-exposure-notification-api-launches


📡 @NoGoolag
#Google #Apple #spyware #knowtheenemy #bigbrother #contact #tracing

CoraLibre android sdk

[Message forwarded from Gramá]

Governments are starting to roll out Coronavirus-tracing apps based on the Apple-Google developed Exposure Notification API.
Google has implemented the API in their Google Services, which means that if you don't use them, you cannot use the Coronavirus Tracing APP.
I am a health specialist and I do care about privacy, I have no Google Services on any of my or my family's phones. But I do care about health and I know the importance that tracing infections have for the control of epidemics. That's why I'm fighting for doing this in the most possible open way, using as much Open Source software as possible, and I strongly belive this can be done.

Unfortunately until now all the biggest, government-funded, projects, do not address this issue, simply relying on the use of the API implementation in Google Play Services. But we have a great, well known, Android developer which started an project to develop an Open Source SDK that would be compatible with such systems and would allow us to have a Coronavirus Tracing APP that would be independent from Google Play Services.

This is the link to the project: https://github.com/theScrabi/CoraLibre-android-sdk .

Please spread the word among other developers, to have as much people as possible working on it. I'm not a developer unfortunately, so I cannot help with that. But I am a doctor and I strongly believe on the importance of this kind of tracing tools for epidemics control.


#CoraLibre #sdk #coronavirus #covid #tracing #tracking #bigbrother

Me on COVID-19 Contact Tracing Apps
by Bruce Schneier

"My problem with contact tracing apps is that they have absolutely no value,"
"I'm not even talking about the privacy concerns, I mean the efficacy. Does anybody think this will do something useful? ... This is just something governments want to do for the hell of it. To me, it's just techies doing techie things because they don't know what else to do."

https://www.schneier.com/blog/archives/2020/05/me_on_covad-19_.html

Spanish translation:
https://wordsbridge.co.uk/aplicaciones-de-contactos-para-detener-la-covid-19


#coronavirus #covid #tracing #tracking #bigbrother

Contact-tracing apps are not a solution to the COVID-19 crisis

https://www.brookings.edu/techstream/inaccurate-and-insecure-why-contact-tracing-apps-could-be-a-disaster


#coronavirus #covid #tracing #tracking #bigbrother

Google and Apple to roll out phase two of contact-tracing system

Operating system update will allow opt-in to coronavirus exposure notifications without need of an app

Apple and Google are preparing to roll out phase two of their Covid-19 contact-tracing system, allowing users to receive notifications about their exposure to infectious people without needing to install a specific app.

But the system will still not fully work in Britain until the UK government releases its own contact-tracing app – currently being trialled in the Isle of Wight and the London borough of Newham – nationally.

The basics of the “exposure notification” system were built into iPhones and Android devices in May. Users who have downloaded an app made by a public health authority can opt in to a decentralised tracking system. Their phones record details of other devices they have been near, and if one of those users later marks themselves as infectious, exposed individuals receive a notification.

https://www.theguardian.com/technology/2020/aug/27/google-and-apple-to-roll-out-phase-two-of-contact-tracing-system

#Apple #Google #coronavirus #COVID19 #contact #tracing

US Authorities Can Now Track the Privacy-Focused Monero Cryptocurrency

The leading crypto intelligence firm CipherTrace has developed a toolset to assist U.S. law enforcement to track the privacy-centric Monero cryptocurrency.

The cryptocurrency analytics firm CipherTrace has made the announcement that they have created a toolset designed to help trace transactions made using the privacy-centric Monero virtual currency – stating that they did so under contract with the U.S. Department of Homeland Security (DHS).

‼️ Monero Can Now Be Tracked

A press release by CipherTrace stated that the goal behind development of the tracing tools was harnessed from the U.S. law enforcement need to track the transactions made across criminal networks using the Monero cryptocurrency.

The firm reflected on the fact that Monero has since grown to become the second most popular digital coin in the dark web – with estimate figures indicating that about 45 percent of dark web platforms have adopted Monero integration.

It is for the above reason that law enforcement interest has developed around the digital currency as the facilitator of darknet-backed cybercriminal enterprises. As mentioned already, Monero offers far better features than Bitcoin, including the ring signature mechanism to ensure user anonymity.

Ring signatures work to mix transactions so that when third party actors try to figure out the source of funds sent in Monero, it will appear as though multiple users participated in the transaction. The feature makes it virtually impossible for law enforcement agencies to identify the true sources of such funds.

👀 👉🏼 http://tapeucwutvne7l5o.onion/us-authorities-can-now-track-the-privacy-focused-monero-cryptocurrency

👀 👉🏼 https://ciphertrace.com/ciphertrace-announces-worlds-first-monero-tracing-capabilities/

#monero #cryptocurrency #ciphertrace #usa #authorities #tracing #Privacy #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Apple, Google build virus-tracing tech directly into phones

Apple and Google are trying to get more U.S. states to adopt their phone-based approach for tracing and curbing the spread of the coronavirus by building more of the necessary technology directly into phone software.

That could make it much easier for people to get the tool on their phone even if their local public health agency hasn’t built its own compatible app.

The tech giants on Tuesday launched the second phase of their “exposure notification” system, designed to automatically alert people if they might have been exposed to the coronavirus.

Until now, only a handful of U.S. states have built pandemic apps using the tech companies’ framework, which has seen somewhat wider adoption in Europe and other parts of the world.

https://apnews.com/37595e41ddde3789796592bdcbfce2ee

#Google #Apple #Covid19 #tracing #privacy

IRS Wants to Pay $625,000 for Tools to Track Monero

The United States Internal Revenue Service is offering $625,000 for Monero-tracing software, according to a recently published proposal request.

In the proposal request, the IRS described the need for “innovative solutions for tracing and attribution of privacy coins,” including Monero and the Bitcoin Lightning Network.

The use of privacy coins is becoming more popular for general use, and is also seeing an increase in use by illicit actors,” the IRS wrote in the proposal. “Currently, there are limited investigative resources for tracing transactions involving privacy cryptocurrency coins such as Monero, Layer 2 network protocol transactions such as Lightning Labs, or other off-chain transactions that provide privacy to illicit actors.”

The IRS is planning on spending $1 million this fiscal year on multiple proposals, according to the document.

💡 Documents attached to the proposal: 👈🏼

👉🏼 Pilot+IRS+Crypto+RFP+FINAL.pdf
http://darkzzx4avcsuofgfez5zq75cqc4mprjvfqywo45dfcaxrwqg6qrlfid.onion/post/irs-wants-to-pay-625000-to-track-monero/documents/Pilot+IRS+Crypto+RFP+FINAL.pdf

👉🏼 Clauses+Provision+Attachment+Crypto.pdf
http://darkzzx4avcsuofgfez5zq75cqc4mprjvfqywo45dfcaxrwqg6qrlfid.onion/post/irs-wants-to-pay-625000-to-track-monero/documents/Clauses+Provision+Attachment+Crypto.pdf

👉🏼 Related: CipherTrace Provided Feds with “Monero Tracing” Tools
http://darkzzx4avcsuofgfez5zq75cqc4mprjvfqywo45dfcaxrwqg6qrlfid.onion/post/ciphertrace-provided-feds-with-monero-tracing-tools/

👀 👉🏼 http://darkzzx4avcsuofgfez5zq75cqc4mprjvfqywo45dfcaxrwqg6qrlfid.onion/post/irs-wants-to-pay-625000-to-track-monero/

#irs #monero #tracking #tracing #privacy #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Aarogya Setu Data Privacy Ignored: RTI Exposes Major Govt Lapses

RTI replies from National Informatic Centre reveal Government of India’s failure to implement measures to secure private data of over 160 million Indians collected by the COVID-19 tracing app, Aarogya Setu. The govt announced a data protection and audit protocol for Aarogya Setu, but even 6 months later, it has failed to act on most of its key aspects.

📺 https://www.youtube.com/watch?v=8ldFm2CEqqA

#india #gov #rti #covid #tracing #app #data #protection #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Tracing Paper

Color printers mark printouts with barely visible codes that are used to track down currency counterfeiters, as well as everyone else.

In 2017, when a National Security Agency (NSA) whistleblower wanted to extract classified government documents from her work computer, she sought refuge in the printed page. Maybe she thought physical paper would be safer from digital surveillance than an email. So she printed the documents at her office and then mailed them to The Intercept, which broke the news with the headline, “Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election” on June 5th, 2017 at 3:44 p.m. eastern time. A few hours later, the US Department of Justice officially announced their arrest of Reality Winner, a former US Air Force officer and NSA contractor.

What happened? The Intercept contacted the NSA on May 30th asking them to verify the documents. But by sending the scanned images that included each page’s wrinkles and folds, as opposed to retyping the information, the journalists shared more than they intended to: they sent the NSA the pale yellow tracking dots that are embedded in every piece of paper that is printed by a color laser printer. The dots form rectangular grids of rows and columns, with each dot’s position corresponding to the value of a date, time, or printer model.

Together, the rows and columns constitute a machine-readable bitmap known as a machine identification code (MIC). MIC grids repeat across the page so that even if only a shred of a page is recovered, the MIC on that shred can still be decoded and traced. While neither the Justice Department’s nor the FBI’s statements about Winner’s arrest mentioned MICs, security experts strongly suggested that they played a role in helping the agencies identify her and, at the very least, corroborated other evidence linking Winner to the leak.

https://logicmag.io/security/tracing-paper/

#tracing #paper #printers #digital #surveillance
📡 @nogoolag @blackbox_archiv

Google Promised Its Contact Tracing App Was Completely Private—But It Wasn’t

Researchers say hundreds of preinstalled apps can access a log found on Android devices where sensitive contact tracing information is stored.

When Google and Apple introduced their COVID-19 contact tracing framework in April 2020, the companies aimed to reassure people worried about sharing private health information with major corporations.

Google and Apple provided assurances that the data generated through the apps—people’s movements, who they might have come in contact with, and whether they reported testing positive for COVID-19—would be anonymized and would never be shared with anyone other than public health agencies.

“Our goal is to empower [public health agencies] with another tool to help combat the virus while protecting user privacy,” Google CEO Sundar Pichai wrote in a tweet last May, when the framework became publicly available.

Apple CEO Tim Cook provided similar assurances.

Since then, millions of people have downloaded contact tracing apps developed through Apple’s and Google’s framework: The U.K.’s National Health Services’ app has at least 16 million users, while Canada’s Digital Service COVID Alert app boasted more than six million downloads in January, and Virginia’s Department of Health noted more than two million residents were using its COVIDWISE app.

California governor Gavin Newsom endorsed his state’s version of the app, calling it “100% private & secure” in a tweet last December.

But The Markup has learned that not only does the Android version of the contact tracing tool contain a privacy flaw, but when researchers from the privacy analysis firm AppCensus alerted Google to the problem back in February of this year, Google failed to change it. AppCensus was testing the system as part of a contract with the Department of Homeland Security. The company found no similar issues with the iPhone version of the framework.

https://themarkup.org/privacy/2021/04/27/google-promised-its-contact-tracing-app-was-completely-private-but-it-wasnt

#google #DeleteGoogle #contact #tracing #app #privacy
📡 @nogoolag 📡 @blackbox_archiv