the heart of this Google/Apple contact tracing proposal seems to harken back to the bad old days of Bluetooth wardriving, where you could sniff the unique ID being emitted by anyone's bluetooth device. All competent mobile vendors ended this with MAC randomization.

BT devices are still constantly broadcasting unique IDs (they sort of have to) but these IDs are constantly changing. Devices you've paired with can cut through this obfuscation (and BT beacons don't change their keys, so your apps can recognize them & react).

This new contact tracing system presumably has to cut through that obfuscation, too, letting you keep a tally of every unique ID that's been emitted by people you pass by (you will not be going through bluetooth pairing with everyone). When an ID reports an infection, it gets

flagged to everyone's individual devices and the ones who've seen the ID of the infected individual get a gentle buzz or a new U2 album on their phone or whatever

So how do we see those IDs? Will we just be turning off Bluetooth MAC randomization? I doubt it. More likely there'll be some shared secret sauce that unifies the approach to MAC randomization so a subset of trusted parties can undo it but jerks with ubertooths () cannot

but here's the other key part: which part of the phone ecosystem is this going to live in? how easily will it be reverse engineered? and will this capability live on beyond COVID-19 and into the next Black Hat?

I should probably have mentioned that I am talking about this, not just raving like an insane person https://www.washingtonpost.com/technology/2020/04/10/apple-google-tracking-coronavirus/

ok @kvnweb sent me the links that describe how this works. the crypto doc is probably the most useful https://covid19-static.cdn-apple.com/applications/covid19/current/static/contact-tracing/pdf/ContactTracing-CryptographySpecification.pdf

basically:
- install app. get assigned a random, unique ID
- you also get a daily ID derived from the first
- your phone creates a rolling ID every 15m in a one-way operation based on the daily ID
- the rolling ID rotates in sync w/ BT MAC randomization

- the rolling ID gets exposed as a BTLE service on phones with the relevant app installed. as you walk around your phone gets pinged by others' and shares your rolling ID, which is changing every 15m
- when someone is diagnosed, they enter a code and their phone spits out

daily IDs for the time periods when they were contagious
- these go to a server that sends them to every user (you could probably bin this by v coarse geography)
- users' phones repeat the one-way op to regenerate the every-15m rolling IDs and checks against ones they've seen

this makes sense to me from a privacy design standpoint (unsurprisingly, since it's coming from Apple and they do this work superbly)

excited to see which food delivery company is first to try to use these APIs to give coupons to the newly-exposed https://covid19-static.cdn-apple.com/applications/covid19/current/static/contact-tracing/pdf/ContactTracing-FrameworkDocumentation.pdf