no phone number registration should be needed #143
Comments
thanks for the link! i'm not really familiar with the internal (and especially legal) workings of the "chytra karantena" thing but it's pretty sad to hear that. :-( so, since i'm obviously not the first person to ask this please consider adding this to the faq. sadly, as long as the app is not truly decentralized/anonymous (in the sense i've mentioned earlier) it's not something i would use myself nor recommend the usage to anyone. also, you should - in my opinion - ease a bit on your "privacy first" claims. ;-) still, i let me express my deepest respect for the work you do and keep up! thanks! |
tl;dr I believe that possibility to use the app without phone number (and without any pairing to actual person) could really help the app to be widely used. I want to help to stop COVID-19 pandemic. But from my selfish point of view I don't want to risk (especially after month in global partial quarantine) spending 14 days in a real quarantine. I consider quite probable that I will once meet infected person and it is also probable that I will not be infected (most people are wearing face masks and are not standing close to each other). So I don't want to give state any possibility to order me a quarantine, but I would like to have the information that I have met an infected person and subsequently behave even more responsibly than usually. Therefore I hesitate if I should use the app or not. And many people may think similarly. From this perspective is the best solution to use PACT or Contact Tracing proposed by Apple and Google. Another possibility (worse, but current code could be used) would be to enable using app with just anonymous ID. When anonymous user should be contacted by the healthcare authorities, they could send him just informational push notification. It would also be needed to declare by the state authorities that they will not try to identify the user (it could be technically possible). I think this application can be very useful and would like to thank everybody who is involved for their work. But I feel there is a need to change one paradigm: You shouldn't ask, how could state track people, but how you can provide people more data. When participating is voluntary, it should serve people. And I believe that (most) people are responsible even when they are not forced by the government. Even in these difficult times we should not forget privacy. |
A have forgotten one privacy flaw of the current solution: Government can monitor some place and get phone numbers of all people who are around. This will be probably procedurally prohibited, but the protocol shouldn't enable it. |
First imagine that there is no phone number, but just an app and some local algorithm and information based on a personal decision to share his state. (as there is no connection to the real world no one is capable of verifying the state you have shared and if so, then there is possibility to identify the person, right?) So what will happen:
So I personally prefer a version somehow connected to the real world so I can “trust” the information. I also like the idea to hear the bad news from a qualified person so I can ask questions. I know there is no perfect solution to fit all our needs. We just need to be able to identify the spread before it spreads. |
These issues are not a good place for discussions, only for actual bugs in the app. We built our infrastructure around phone numbers, because we work with Hygienická stanice, it's most convenient for them. Phone numbers also work with people form all generations, especially elderly. We considered to build it around push notifications, but people often ignore them and that's bad, especially for critical information such as health risks. |
"Phone numbers also work with people form all generations, especially elderly." - you mean those elderly that have a smartphone, but cannot recieve a push notification, only a call? Yeah, I bet that's a large group... ;) Throwing out privacy and security for the sake of convenience seems like an exceedingly dumb trade, and based on responses here and at #144, both were totally ignored here. I though about installing the app, now I know not to do that. Hopefully Google & Apple will do a better job with their PACT-based approach than you did. |
How would you send a push notification to the suspect in a system that uses
the PACT protocol?
…On Mon, Apr 13, 2020, 16:57 Anagmate ***@***.***> wrote:
"Phone numbers also work with people form all generations, especially
elderly." - you mean those elderly that have a smartphone, but cannot
recieve a push notification, only a call? Yeah, I bet that's a large
group... ;)
Throwing out privacy and security for the sake of convenience seems like
an exceedingly dumb trade, and based on responses here and at #144
<#144>, both were
totally ignored here.
I though about installing the app, now I know not to do that. Hopefully
Google & Apple will do a better job with their PACT-based approach than you
did.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#143 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AADWBZHBAILIHNLFW7RRPQDRMMR4PANCNFSM4MGN7GDA>
.
|
The user has the app installed, of course the app can send him a notification after it downloads the public infected ID list and finds a match with its internal database. After that, I see 2 possibilities:
Trust is everything here - if the users do not trust the app, they won't download it at all, which is a worse outcome than downloading it and then refusing to call the local hygiene office when prompted. |
My last comment was rather a joke 😃 of course local notifications can be done. This all comes back to what David said. Just two things.
|
...just as a curious follow up - does the current (2.0) version implement what has been proposed above (complete anonymity and voluntary reporting). thanks! |
@rpodgorny Yes that's how Apple/Google protocol works. We don't have any personal data about the user, both reporting and reacting to the push notification about risky contact is voluntary. |
...at least i believe so.
why not just keep an updated public database of anonymized ids? the central server already exists. all the processing could then be done on the client and if a record from the public db is in my local "ids seen" db, a warning with "call the doctors immediately" should pop up.
bam! that's it. no phone number registration needed, no sending all my collected data. privacy first (this time for real)! ;-)
if this is not possible for some reason, please also add the answer to the faq. thanks!
The text was updated successfully, but these errors were encountered: