Today I published my first article for @themarkup(!): the privacy pros and cons of Apple and Google’s plans for COVID-19 contact-tracing apps.

TL;DR - it’s good at protecting anonymity but vulnerable to spoofing, trolls and other abuses. /1
Pros: it’s opt-in, it’s anonymous, it’s mostly decentralized and personal information isn’t required for use.

Cons: It’s vulnerable to trolls, spoofing, adtech, false alerts. It& #39;s unclear how apps will be vetted. And it relies on testing which is currently inadequate. /2
Security expert @rossjanderson perfectly sums up the way that the service can be abused by people who want to sow panic by claiming a COVID diagnosis /3
Security expert @samykamkar explains how user’s temporary identifiers can be spoofed – which is perhaps an advantage in making the data less attractive to law enforcement. /4
Security expert @moxie explains how there is already a commercial sector, adtech, that is using these same types of signals for “proximity marketing” and may try to listen in to the COVID signals as well. /5
But probably the biggest concern is false alerts. It& #39;s not clear how the algorithm will determine how much exposure warrants an alert. And it& #39;s also not clear what users are supposed to do when they are deluged with warnings about potential exposure. /6
You can follow @JuliaAngwin.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: