Let me explain how privacy-focused contact-tracing works [thread].

The number one thing we need to do is to make sure that we are not storing any information that, in any way, can be linked back to you.

This means, no location tracking, no personal tracking, no nothing!

How do we do that? Well, it's actually quite simple. We just create an ID that is NOT LINKED TO ANYTHING.

This is the thing to understand about privacy. The reason why ad tracking is so bad is that it is doing the opposite. IT SHARES an ID that can then be used to track you.

By creating an ID that is NOT linked (and cannot be linked), we, by default, have 100% privacy.

But, wait-a-minute, you say. Isn't an ID is as bad as any other form of tracking?!?

No, it is not.

The problem with tracking isn't the ID; it's how they are linked. If you don't have a link, there is no privacy problem.

But, you say again, couldn't someone else just start collecting all these ID and then use this for something bad?

Well, yes... potentially they could.

But we can fix this too. All we do is to create the system so that the ID is constantly changing ...say, once every hour. This way, even if someone bad is trying to hack into this, they still won't know anything.

And we can make it even more secure by adding a 14-day time limit

But, you say again, if this is then stored on a central server, couldn't the tech companies then not track us via that?

Sure... but that's easily solved too. Just don't store anything on a central sever. Only store it on people's own phones.

So, this is the setup. It's really simple. Create an app, make it create an ID that is not linked to anything, tell it to refresh that ID every hour, don't track anything else, and only store the data locally on people's phones.

This is 100% privacy. There is zero privacy risk!

So how do we make this work?

Well, what this should then do is that, whenever it gets into a certain distance from another phone, both your and the person's phone exchange what your ID is at that hour.

Me: BD0581C6147C43F9A80F20CA870EF3D7
You: FB5707B6F8124018A532697EEA052138

And that's all the data that is being exchange. Just an ID. No location, no information about which person it was, just a string of characters.

So for instance, if you are standing in line at the supermarket, you might get 10 ID, but you have no idea who is which.

And to illustrate this even more, an hour later, you cross path with another person, and your phone does it again. But now the IDs look like this.

BB447B81B8084F92B62C00AE7CE83533
E2F9C93A415749D796BC372BE1C6B096

Completely different!

Again, this gives us total privacy.

And that's how this works. Your phone is sending and receiving a whole bunch of seemingly random IDs all day, and there is no way for you to link that back to anyone specially.

So... one day, you get sick. And mind you, right now we are talking COVID-19, but we could use this for any infectious deceases ... including things like the flu, which kills half a million every year.

How do we then tell other people about this?

Well, it's simple. Once you are tested positive for COVID-19, you go into your phone (where all your IDs are stored for the past 14 days), and you say: "I'm sick."

Your phone will then upload this list of IDs to a central database (which also only stores it for 14 days).

But remember, these are just IDs. There is no other information being collected. So all the central database now knows is that these 336 IDs are 'positive'. But the server has no idea that it came from you, nor where you had been, nor your location.

Again 100% privacy!

At the same time, every other person's phones are constantly checking if there is anything new being reported. And so, as soon as your 336 IDs are listed on the server, every other phone checks to see if the numbers stored on their phones match any of them.

If there is a match, your phone say that you have been in contact with someone who has tested positive. But again, since neither the server or your phone has any link to who it is, it cannot tell you who it was, nor where it happened.

All you are told is: You are at risk!

So, now you must take your own precautions. Meaning, you must self-isolate until you can get tested yourself (which must happen quickly).

And then if you are also tested positive, this process repeats.

This is how you create a totally privacy-focused system.

This is essentially how the new system from Google and Apple works. There might be slight variations in how often the IDs refresh and how quickly the data is purged.

The reason being is that we want it to be long enough time to make sure we can test and report accurately.

But, as you can see, there is no tracking taking place here. No part has any idea who you are, or where you have been. It doesn't collect any health data.

Not even your phone knows who you are. The app itself doesn't even know. Nor can this be used to link to other databases.