So @Pinboard is probably right that large-scale contact tracing demands well-regulated access to mobile operators and advertising services data. But if we do go the forced-app route, how could it be minimally disclosing? I wrote up a cryptographic outline:https://gist.github.com/colmmacc/740e7db2d9c5836848c849c02f600ec9 …
Yes :) There's an issue open where two of us made the same suggesting of using full-mesh DH in that context too.https://github.com/DP-3T/documents/issues/87 …