Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Two major OS platforms covering majority of the population working together in an attempt to better track current populations at behest of the government. How could anyone even begin to feel a wee bit cynical? To question this effort it worse than wanting PATRIOT ACT to expire. It is downright unamerican.

I hate the fact that I definitely see a good reason for it and the goverment is more than happy to accommodate this power grab.



Have you even read the spec before dumping your thoughts? They address the privacy concerns explicitly. A short summary:

- Doesn't collect personally identifiable information or user location data

- People who test positive are not identified to other users, Google or Apple

- List of people you’ve been in contact with never leaves your phone

https://blog.google/documents/57/Overview_of_COVID-19_Contac...


I will admit that I did not, but having seen trends over the past few decades taught me to be rather skeptical. In other words, today's specs are little more to me than promises. I am ok with being downvoted for this.

edit: I just "read" it ( it is not even a spec - it is not even a powerpoint presentation ). You are down voting me for questioning a couple of pictograms?


A technical outline is here: https://covid19-static.cdn-apple.com/applications/covid19/cu... also linked elsewhere in this thread.


Thank you for this. It may take me a little longer to digest.


There is nothing wrong with being skeptical, I just think your objections are out of place. If you are really concerned then it's probably best not to use Android or iOS at all, who knows what data might be shared with the government without your knowing? This spec (or any app built on top of this spec) doesn't really change anything about that.

Edit: I wasn't downvoting you, and the link was the source for the summary for the privacy considerations. The details are in the actual spec.


I disagree. You base your opinion on nothing more than a couple of icons. Having now read it, I cannot in good faith even call it specs. It is a step above infomercial. Hardly something trustworthy.


I mistakenly gave you the impression that I was linking to the spec. I was in fact linking to the infomercial that had a summary of the privacy considerations. The actual spec can be found here:

1. Bluetooth: https://covid19-static.cdn-apple.com/applications/covid19/cu...

2. Cryptography: https://covid19-static.cdn-apple.com/applications/covid19/cu...

3. Framework: https://covid19-static.cdn-apple.com/applications/covid19/cu...


No worries. I apologize for jumping to conclusions like this. I will be going over these soon.


This doesn't appear to be a way for the government or tech companies to track people. Looking through the API docs I think it's designed just to alert people who may have been exposed.

It lets someone identify as Covid-19 positive and then if people have come into contact with them, you can be alerted. Most of the processing happens on device and it doesn't use location data.

It looks like it would be very hard to abuse by governments or businesses, but I'm not an expert on these kind of things.


Indeed, if I understand correct, the device locally stores a bunch of keys of people you've been in contact to, and there is no way of working backward from the keys to who it was, and these keys also change daily. Then when someone marks themselves as infected for days A through Z, their keys for those days is sent to devices, where the devices check locally if they have the given person-day keys stored.

Do I understand this correctly? It's almost all done locally, there's nothing about location, and almost nothing is send up until you mark yourself as infected, right?

EDIT: This is the best high level explained I've found: https://blog.google/documents/57/Overview_of_COVID-19_Contac...


It is possible I am not expressing myself clearly. The API may not directly access location data ( though I have a hard time believing that either ). Processing may be local, but I just find it very difficult to believe that the information gleamed from that common platform would not be used. And if it can be used, it will be used. And then it will correlated with information that was previously gathered via regular means. I am not sure how that is not a concern? To Trump's credit, he seems hesitant to go all in on this front.

edit: There is something that occurred to me after writing this. FB had an API at the beginning of their game when they were shooting to get developers' attention. They did. As the leaked documents show what really end up happening, API evolved in ways that benefited big boys. I guess my rambling point is that whatever current specs say, may quickly become rather distant past.


Is this at the behest of the government? Seems privately driven?


Sure. DPA was not invoked only few days ago. Companies were not already threatened openly ( and not so openly ) to obey or else. Companies are effectively expected to volunteer their services or risk consequences from government( and potential bad PR ).


None of those facts indicate directly that this wasn't privately driven. They suggest reasons to be skeptical but, at the same time, it's highly unlikely they developed this spec since the DPA was invoked. These companies have been threatened by the Trump White House for years and did nothing to show they succumbed to them. The risk of bad PR hasn't stopped companies from committing sins.

Sometimes, especially in crises, people like actually want to help other people.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: