I've worked through the privacy preserving contact tracing spec so that don't have to. Importantly, the term "contact" here specifically means "person you may have come in contact with", not friends/people in your address book.
Step one is for the device to create a long lived “tracing key” - this *never* leaves the device.
Then every day the device derives a new “Daily Tracing Key”, is derived from the tracing key and the current date. An important note going forward that when we "derive" one key from another, no one can work out what the original key was.
Then device starts periodically deriving a short lived "Rolling Proximity Identifier" from the current daily tracing key and the current time interval in that particular day.

The spec specifically prohibits *ever* uploading these keys.
The "Rolling Proximity Identifier" is then broadcast by the bluetooth radios on the device. This means when you get near another device, that device receives your current identifier, and you receive theirs. Devices record all the identifiers they've seen for say 14 days.
Because proximity identifier is changing frequently no one can determine which specific devices were present, cannot track them as they move, and can only know how long they were present beyond the life of that specific identifier.
So now every one has a bunch of identifiers from devices they've been near, but they don't know what they devices were, who they belonged to, or even whether they've encountered that same device multiple times. On its own this isn't useful, so what do we do with it?
Imagine someone gets a positive diagnosis for covid-19.
The user can then elect to make their device report their diagnosis. What this report does is to upload only their daily tracing key and date for the days they're considered contagious, the spec calls these "diagnosis keys"
Now to determine whether you may have been exposed, your device periodically downloads a list of reported diagnosis keys. With these diagnosis keys, your device can derive the rolling identifiers that the reported device would have shared with them if you were ever in contact.
Your device now runs through the list of derived identifiers created from the download diagnosis keys to see if any of them match an identifier it has received. If it finds a match it can notify the device user that they may have been in contact with someone carrying covid-19.
The specification also specifically prohibits ever uploading match data.
Together this specification prevents applications from using it for any kind of tracking information, the broadcast rolling identifiers cannot be correlated without the user published the day key, the central server operator cannot learn anything about user proximity.
The specification prohibits the server from retaining metadata associated with a device that uploads diagnosis keys, but even if it is malicious the correlations of proximity identifiers is limited to a 24 period due to the rolling daily keys.
You can follow @ohunt.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: