-
Notifications
You must be signed in to change notification settings - Fork 180
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Infected user tracking #27
Comments
Indeed, this is very similar to #9, where I also go into the legal consequences of the attack. |
@pdehaye indeed. And you referenced the "proximity marketing" and NYT articles, which I was a bit too lazy to dig up yesterday night. We probably want to continue the discussion in your issue. |
It's also similar to #37 |
You are right, my #37 is actually similar to this and #9. But I wanted to point out how simple the attack can be. Add collaborative gathering (possibly on an extra-UE server for safety) and the mass infected tracing is set up with no need of special hardware or access to any resource. |
Hi all, thanks for the input.
... or using side-information. In this case, someone close to me can link my identifiers without the secret info in my phone because he visually confirms that it's me in both cases. We will add this precision to the text. @inaitana Our latest design is specifically addressing the wardriving case (sec 4 p18 of the whitepaper), although not the collaborative gathering case (but making it a bit harder to mass-collect EphIDs). We're open for inputs if you have any suggestion there! I'll follow the multiple cross-links in issues and answer there - let me know if something else should be answered here! |
https://github.com/DP-3T/documents/blob/master/DP3T%20-%20Simplified%20Three%20Page%20Brief.pdf, 6ac1884, p.3:
https://github.com/DP-3T/documents/blob/master/DP3T%20-%20Data%20Protection%20and%20Security.pdf, 6ac1884, p. 8:
There seems to be a contradiction between these two quotes.
You (kind of) clarify this in the White Paper when you define the abilities of the eavesdropper. But, given that even supermarkets deploy ultrasonic and WiFi tracking, this appears to be a rather unrealistic attacker model?
Or do you assume users' mobile devices to use MAC randomisation on all wireless interfaces, and have no other apps installed? Maybe what's really missing is a system model?
The text was updated successfully, but these errors were encountered: