Versions Compared

Old Version 3

changes.mady.by.user Diarmid Mackenzie

Saved on

compared with

New Version 4

changes.mady.by.user Adam Leon Smith

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This means that it will be common for case data from individuals to have a publication delay of 2 or 3 days, perhaps even longer.

Countries we are taregtting have total cases as follows:

Haiti: 151; Guam: 151, Puerto Rico: 2,173, Mexio: 33,460,

...

This chart from Oxford (https://science.sciencemag.org/content/368/6491/eabb6936) shows why this is such a big problem.

This shows transmission from day of infection.

...

In short - for the solution to be effective, we need to be able to publish individual users data promptly (within 12 hours; sooner would actually be significantly better). We can’t do that if we are dependent on “crowd” effects for privacy, because the crowds simply will not be there in many of our small scale deployments.

Note also, my assuption assumption that a crowd of 10 will be enough for privacy purposes may be a major underestimate. In some jurisdictions, it is not even clear that there is any value N for which the pooled data on N users can be considered to result in adequate privacy. Adam Leon Smith (Unlicensed) tells me that this would be the case in the EU (though that may chage change if we got a more explicit consent from users).

And beyond what the law says, I would not be surprised if there were significant public outcry when it is discovered that we publish this personal data in plain text. The only defense I can see against that is total transparency with patients about how their data will be published, and how exposed this could make them - and I suspect that such transparency will massively hinder uptake.

...

Another option might be to have the HA Servers authenticate Safe Paths Apps based on a secret built into release builds of the app, from outside our Open Source repo - I am not sure why this approach does not seem to be under consideration.

ALS: I think that this should be done regardless, it provides an additional control, albeit weak.

The first solution is described in this paper:

...

And this WIRED interview with Ramesh.
https://www.wired.com/story/covid-19-contact-tracing-apps-cryptography/

It is known to have weaknesses (vulnerbaility vulnerability to brute-force attacks), but it provides considerably more protection than plain text, and is relatively inexpensive to implement (Abhishek Singh (Unlicensed) tells me it is mostly implemented already).

...

  • If it does allow us to reduce this number to low figures, 1, 2 or 3, say - then I think it makes MVP1 viable (as per above, I don’t think teh the current MVP1 plan is viable).

  • If it does not, then there is little point in spending time on a Hashing solution, and we should be working on the “full” solution as a priority, as a necessary part of MVP1.

...