ProDigit
Could answer some questions:
"You are being tracked"
You are NOT being tracked by this API. It's a one-way function. No one is tracking you and no one knows who you are. ... I mean ... lots of people are already tracking you and know who you are, but THIS is not yet another method for that to be done.
What THIS is:
Your phone creates new random IDs for yourself periodically and sends your current random ID out to nearby devices, and stores a list of random IDs it receives from other devices. The random IDs don't reveal anything about you, or about them, or about your device, or about their device. And they don't reveal anything about who you interact with, because they don't share historical data between each other (or with anyone else). You don't know who those random IDs are. The growing list of random IDs on your phone doesn't get sent to anyone, so even if you do consider it as a tracking method, since it isn't sent to anyone, there is no one who could try to track you or your interactions using that list. Anything on the list which is over 14 days old is deleted. You don't have access to view the list, and neither do they. The list is encrypted and your phone handles the list.
API via bluetooth:
You: Hi, I am ID 1
Them: Hi, I am ID 3
You: Hi, I am ID 1
Them: Hi, I am ID 5
You: Hi, I am ID 2
Them: Hi, I am ID 6
Who is "you"? Your device is both 1 and 2 in this example. Does their device know that you are both 1 and 2? No! 1 and 2 could be different people for all their device knows. Or the same people. Their device doesn't know. Their device just knows that it has been in contact with 1 and 2.
Who are "them" [they]? Your device doesn't know. Are 3, 5, and 6 the same people? Different people? Your devices doesn't know. There is no way for it to know. It just knows that it has been in contact with 3, 5, and 6 within the last 14 days. Your device doesn't tell you or ANYONE that it has been in contact with 3, 5, and 6. It keeps that information to itself, in an encrypted list, and then forgets it after 14 days.
AFTER you have been confirmed positive for COVID-19, YOU have to CHOOSE to send your list of past IDs to a CDC database via your doctor's authentication system. You don't send any information about IDs you have interacted with, only a list of all IDs you have been. It's only then that you reveal ANYTHING about yourself (which is really almost nothing since it is just a list of random IDs without any identifying information).
You to the CDC via a doctor: I have been ID 1 and 2 and I have been confirmed positive for COVID-19. This is sent to the CDC as an encrypted message.
CDC to everyone's devices: 1 and 2 are confirmed positive. This is sent from the CDC as an encrypted message.
Everyone's devices (internally calculating to itself): Do I have a record of 1 and 2 within the past 14 days? If yes: the phone tells the user but NO ONE else. Phone alert: "You have been in contact with someone who tested positive. Self-quarantine as a matter of precaution and seek medical advice if you start exhibiting symptoms." The person's device doesn't reveal anything about you or even your ID numbers. The phone keeps that information secret.
Again, your phone at no point makes any of its own contact records known to anyone; not even you. It's only after a person is "confirmed positive" that they can CHOOSE to share information ONLY about all of THEIR anonymized past IDs; NOT information about ANY other IDs they have interacted with. Therefore, it is not possible to figure out social interactions and use that information to determine identities.
Sharing that "confirmed positive" information to the CDC requires authorization by a medical professional, in order to make the system usable and not just full of false-positives and speculations.
These are APIs. They don't DO ANYTHING on their own. You have to CHOOSE to download a companion app (still in development in many places) to even make this process function properly. Until then, this is just a useless API which sends and receives random numbers useful to no one, encrypted and not accessible to anyone, and automatically deleted after 14 day periods. The reason they released these APIs is because they want to create a smart, safe, secure method which is anonymous and well-thought-out BEFORE someone else creates some other method which is flawed, which you would actually need to worry about. They have been very open about this. Feel free to do some research before believing some crazy conspiracy theory.
They believe that they need about 80% of users to CHOOSE to use the apps before it is going to be effective. Therefore, they know that it is very important that they are open and honest about how the API works in order to increase public trust. If they don't have public trust, people won't download the apps, and the system will be ineffective and a failure. Until YOU CHOOSE to download an accompanying app, the API on your phone does nothing except keep a useless list which is shared with no one (not even you) for a period of 14 days.
I am all for protecting private information and against tracking, just like the next guy. But come on, at least educate yourself about it before getting paranoid. I think the name "tracker" is an unfortunate cause for people to ignorantly fear it. I think that there will be more widespread explanation, to calm fears, once the accompanying apps are available.
https://support.google.com/android/answer/9888358?hl=en Can I get a BR Amen?
post edited by ty_ger07 - 2020/06/23 19:27:58