First look at Apple/Google contact tracing framework: 1) Once a day, your device derives a new key ("daily tracing key"). 2) It uses that to derive a new "proximity ID" every time your device's bluetooth address changes (15min), which is broadcast to nearby BT sensors. 1/10
-
Show this thread
-
3) Your device keeps track of all "proximity IDs" it sees. 4) If someone tests positive, they choose to publish their (previously secretly) "daily tracing keys." 5) Your device frequently DLs all published daily tracing keys and KDFs to see if they match recorded proximity IDs.
8 replies 53 retweets 301 likesShow this thread -
So first obvious caveat is that this is "private" (or at least not worse than BTLE), *until* the moment you test positive. At that point all of your BTLE mac addrs over the previous period become linkable. Why do they change to begin with? Because tracking is already a problem.
11 replies 65 retweets 366 likesShow this thread -
So it takes BTLE privacy a ~step back. I don't see why all of the existing beacon tracking tech wouldn't incorporate this into their stacks. At that point adtech (at minimum) probably knows who you are, where you've been, and that you are covid+.
8 replies 91 retweets 432 likesShow this thread -
Second caveat is that it seems likely location data would have to be combined with what the device framework gives you. Published keys are 16 bytes, one for each day. If moderate numbers of smartphone users are infected in any given week, that's 100s of MBs for all phones to DL.
25 replies 48 retweets 242 likesShow this thread -
That seems untenable. So to be usable, published keys would likely need to be delivered in a more 'targeted' way, which probably means... location data.
12 replies 36 retweets 298 likesShow this thread
This could go the same way as the daily keys; terrible for infected folks, not as bad for others. Infected app users could disclose their location history, and others' apps could download the datasets for the locations they have visited (and some fake but credible locations).
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.