So Google and Apple just released their cryptography spec for COVID-19 contact-tracing.

A couple thoughts. https://covid19-static.cdn-apple.com/applications/covid19/current/static/contact-tracing/pdf/ContactTracing-CryptographySpecification.pdf
First things first, it is good that they are thinking about this, and good that Google and Apple are working together on this. Publishing earlier makes it easier to implement it faster later. IOW, you can decouple it from, and think about the if question in parallel.
The basic underlying idea is your phone normally uses bluetooth to interact with nearby devices. This augments that spec so that if you were close to someone who had COVID and was infectious, you can find out that you're at a higher risk and hopefully do something about it
The complicated problem, and why the cryptography spec exists, is how to do that in a way that (a) isn't overly privacy invasive of you, (b) isn't overly privacy invasive of the person who got it, and (c) isn't going to destroy the bandwidth of everyone involved
So the spec says:
1. Every device gets a unique secret ID called a "tracing key".
2. Every day, you derive a brand new secret "daily key" ID from that tracing key.
3. Your bluetooth uses that daily key to broadcast a "proximity ID" to everyone nearby every ~15m or so.
Importantly, you can't work backwards through these steps. So if you see the same device two hours apart, it'll have different proximity keys, so you can't directly*** see that it was the same device

*** see later
When someone is detected to be COVID-positive, they (or their doctors) work out which days you were infectious, and use your tracing key to compute all the daily keys corresponding with the days you are infectious, and upload those to a website somewhere.
Every day, your device tries to work out if you were in contact with someone who had COVID. To do that, it downloads all those COVID+ daily keys, and goes through the list of all the proximity IDs broadcast by bluetooth devices that you were near to recently
If there's a match, then you were close (within bluetooth range) of someone who had COVID on a day they were infectious, and now you know you should take steps to deal with that, perhaps by staying in quarantine, getting a test if they are widely available, or whatever else.
An immediate observation is that this protocol is strictly no worse than bluetooth's privacy in the specific case that you don't ever get COVID and the tracing key stays on your phone.
If you *do* get COVID, there's a nasty edge-case that needs to be (and can be) addressed, which is that a daily key can be used to correlate all of your proximity IDs for the corresponding day.
You can follow @pwnallthethings.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more