<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>I don't know, perhaps I am too naive. I would not have thought
that a client could talk to a server over the Internet such that
one does not know the other, and yet clever cryptographers have
found a way to do it.</p>
<p>As I read more, it seems more clear that this system cannot be
truly anonymous, but pseudonymous at best. Aside from building
transparency end-to-end, maybe one can also fragment the data such
that no entity has the whole picture, while still being useful to
health workers. For example, does a doctor in NY need to know
about every patient in CA, or can they work with broader
statistics? That could suggest a decentralized data storage. If
the system is tracing contacts automatically, and we no longer
need human tracers, does a doctor need to know who the infected
person was in contact with and all the places they have been, or
can they simply work with the fact that the person is infected?
Perhaps a system can be made such that only the doctor can reveal
a person's identity (to follow up on them and such), and to
everyone else the log is just a sea of random numbers. This way,
corporations/governments trying to exploit the social graph have
limited knowledge on the underlying personas, while the doctors
can go on about their business with the power to reveal identities
but without a full picture of the social graph.</p>
<p>In essence, since the system won't be anonymous, make it such
that no one has the full picture (especially governments and
advertising companies). But I don't know if this system would be
useful or if it's even possible to build.<br>
</p>
<div class="moz-cite-prefix">On 4/26/20 11:16 AM, Zach Bastick
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CA+1uv1H5CFJ+qKtWMMAQAiv5jyZxxEP5A+i1eTy8Cxmq_JzgvQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr"><br>
</div>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Sat, 25 Apr 2020 Marc
Sunet wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
The video makes constant references to "the location
service", which<br>
appears to track your location both outdoors (GPS?) and
indoors (wifi? What if I don't turn it on?). For cases (2)
and (3) to work, my<br>
understanding is that both person 1 and 2 need to be
connected to the same service, suggesting a central service?
And you state that the device contains an "encrypted record
that is a function of their<br>
identity". So basically, you're suggesting a central service
that<br>
identifies and tracks people everywhere they go?<br>
</blockquote>
<div><br>
</div>
<div>Such constraints actually might work well in a medical
facility (which is the example David gives). Rooms can be
delineated not by Bluetooth beacons or WIFI, but simply by
door access badges (although that involves employee tracking
concerns). Regarding anonymity, would it not presumably be
expected that healthcare workers exposed to COVID-19 be
identifiable anyway to peers/employers (for the protection
of patients and the workers own welfare, e.g. testing and
sick leave)? <br>
</div>
<div><br>
</div>
<div>Zach<br>
</div>
</div>
</div>
</blockquote>
<pre class="moz-signature" cols="72">--
GPG: 9C2A AF1D CC91 0A53 AB0A B6A1 C457 0E01 081F 8F91
<a class="moz-txt-link-freetext" href="https://emailselfdefense.fsf.org/">https://emailselfdefense.fsf.org/</a></pre>
</body>
</html>