Today I published my first article for @themarkup(!): the privacy pros and cons of Apple and Google’s plans for COVID-19 contact-tracing apps.

TL;DR - it’s good at protecting anonymity but vulnerable to spoofing, trolls and other abuses. /1

Pros: it’s opt-in, it’s anonymous, it’s mostly decentralized and personal information isn’t required for use.

Cons: It’s vulnerable to trolls, spoofing, adtech, false alerts. It's unclear how apps will be vetted. And it relies on testing which is currently inadequate. /2

Security expert @rossjanderson perfectly sums up the way that the service can be abused by people who want to sow panic by claiming a COVID diagnosis /3

Security expert @samykamkar explains how user’s temporary identifiers can be spoofed – which is perhaps an advantage in making the data less attractive to law enforcement. /4

Security expert @moxie explains how there is already a commercial sector, adtech, that is using these same types of signals for “proximity marketing” and may try to listen in to the COVID signals as well. /5

But probably the biggest concern is false alerts. It's not clear how the algorithm will determine how much exposure warrants an alert. And it's also not clear what users are supposed to do when they are deluged with warnings about potential exposure. /6

In the end, I have to wonder if all the programmers who plan to work on this wouldn't be doing more for society if they volunteered to rebuild our broken online unemployment benefit portals. /end https://themarkup.org/coronavirus/2020/03/31/online-unemployment-benefits-systems-are-buckling-under-a-wave-of-applications

And ... I forgot to link the story! https://themarkup.org/ask-the-markup/2020/04/14/will-googles-and-apples-covid-tracking-plan-protect-privacy