I promised I& #39;d do a round up of sharing level-headed analysis of the Australian government& #39;s #covidsafe app. I& #39;ll post a little of my own commentary at the end.
Firstly, this is the most readable thread for those wanting a run-down. #auspol https://twitter.com/matthewrdev/status/1254336105203200000">https://twitter.com/matthewrd...
Firstly, this is the most readable thread for those wanting a run-down. #auspol https://twitter.com/matthewrdev/status/1254336105203200000">https://twitter.com/matthewrd...
Jack is a wonderful human being, and also justifiably one of the people most critical of the Australian government& #39;s privacy record.
The fact that he& #39;s decompiled #covidsafe, and found it seems to be doing what it says on the lid, is reassuring. https://twitter.com/developerjack/status/1254321369166123011">https://twitter.com/developer...
The fact that he& #39;s decompiled #covidsafe, and found it seems to be doing what it says on the lid, is reassuring. https://twitter.com/developerjack/status/1254321369166123011">https://twitter.com/developer...
Last night, @xssfox did one of the first decompiles, also finding that is seemed to be doing what it said in the privacy policy.
So I think it& #39;s safe to say the folks who built the app are sincere and wanted to do things right, even under time pressure. https://twitter.com/xssfox/status/1254258634902499328">https://twitter.com/xssfox/st...
So I think it& #39;s safe to say the folks who built the app are sincere and wanted to do things right, even under time pressure. https://twitter.com/xssfox/status/1254258634902499328">https://twitter.com/xssfox/st...
On the other side of the fence, here& #39;s a discussion from an epidemiologist on what contract tracing actually looks like, and how an app would work with that. https://twitter.com/peripatetical/status/1254351060891627520">https://twitter.com/peripatet...
Finally, @GeoffreyHuntley has done a full decompile, uploaded the results to github, formed a discord server, and is coordinating in-depth analysis of #covidsafe. https://twitter.com/GeoffreyHuntley/status/1254319376620072960">https://twitter.com/GeoffreyH...
So, a few observations.
Firstly, it doesn& #39;t help that the Australian government said they& #39;d release the source to the app, and then went back on that.
It may also be breaking the licence the code is based upon, if the government has used it under GPLv3. https://twitter.com/rgmerk/status/1254589426698555392">https://twitter.com/rgmerk/st...
Firstly, it doesn& #39;t help that the Australian government said they& #39;d release the source to the app, and then went back on that.
It may also be breaking the licence the code is based upon, if the government has used it under GPLv3. https://twitter.com/rgmerk/status/1254589426698555392">https://twitter.com/rgmerk/st...
I think it& #39;s safe to say the Australian government& #39;s stance on privacy is viewed extremely poorly by the tech community.
They have a track record of recording too much data, and that data being used for things they promised that would never happen. https://www.theguardian.com/world/2020/feb/07/web-browsing-histories-are-being-given-to-australian-police-under-data-retention-powers">https://www.theguardian.com/world/202...
They have a track record of recording too much data, and that data being used for things they promised that would never happen. https://www.theguardian.com/world/2020/feb/07/web-browsing-histories-are-being-given-to-australian-police-under-data-retention-powers">https://www.theguardian.com/world/202...
Between mandatory metadata retention, dubious practises around anonymity in the Australian census, and a track record of going back on promises in tech and privacy, it& #39;s no surprise people viewed the government& #39;s release of their own COVID-19 tracking app with extreme scepticism.
And from everything I can see, despite the best intentions of the people building the app, it was rushed out too soon.
It requires iPhones be unlocked and the app and in the foreground to function. https://mobile.abc.net.au/news/2020-04-26/coronavirus-tracing-app-covidsafe-apple-iphone-covid-19/12187448">https://mobile.abc.net.au/news/2020...
It requires iPhones be unlocked and the app and in the foreground to function. https://mobile.abc.net.au/news/2020-04-26/coronavirus-tracing-app-covidsafe-apple-iphone-covid-19/12187448">https://mobile.abc.net.au/news/2020...
On Android, the user is asked to give fine location permissions, and while that& #39;s required for any app to use Bluetooth, it also freaked a lot of people out, because the government has been bad at privacy in the past, and it& #39;s easy to jump to conclusions. https://twitter.com/pjf/status/1254256428631523329">https://twitter.com/pjf/statu...
Apple and Google at looking at releasing their contact tracing API in the next couple of days. It would presumably not require you leave your phone unlocked, or that you agree to a scary looking permission.
It feels hurried not to wait for this. https://techcrunch.com/2020/04/23/first-version-of-apple-and-googles-contact-tracing-api-should-be-available-to-developers-next-week/">https://techcrunch.com/2020/04/2...
It feels hurried not to wait for this. https://techcrunch.com/2020/04/23/first-version-of-apple-and-googles-contact-tracing-api-should-be-available-to-developers-next-week/">https://techcrunch.com/2020/04/2...
Contact tracing is most useful the more people who opt-in for it, so trust is *enormously* important.
Saying the source will be released and then not doing so, having a poor privacy record, and having an app that& #39;s not really usable on iPhone, are not great for trust-building.
Saying the source will be released and then not doing so, having a poor privacy record, and having an app that& #39;s not really usable on iPhone, are not great for trust-building.
Waiting just a little longer until the tracing APIs are available feels like it would have been the most trust-gaining course. But having said that, there& #39;s been more than a million downloads, which is huge for Australia. https://mobile.abc.net.au/news/2020-04-27/coronavirus-tracing-app-covidsafe-one-million-downloads/12187806">https://mobile.abc.net.au/news/2020...
And if I were back in Aus? Yeah, I& #39;d probably install it myself.
Not because I trust the Australian government, but because I trust the analysis of the folks who have decompiled it, and who examined what it& #39;s collecting and how.
Not because I trust the Australian government, but because I trust the analysis of the folks who have decompiled it, and who examined what it& #39;s collecting and how.
It& #39;s my hope that the app will upgrade to the Google/Apple tracing APIs when they become available. That would fix a lot of the technical limitations, and would hopefully allow the (currently necessary) fine location permission to be removed.