How many people do you know take the annual flu vaccine and how many people is it effective for? Yet it takes so many lives, but lets throw logic out the window.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple's Exposure Notification System Guide
- Thread starter MacRumors
- Start date
- Sort by reaction score
How many people do you know take the annual flu vaccine and how many people is it effective for? Yet it takes so many lives, but lets throw logic out the window.
As much as I love and prefere the fact that it is anonymus, which still is hard to guarantee. It poses a tread for abuse. For example: If it’s anonymous I could turn covid-19 on and walk to places as a sick prank or to the venues of my competitors forcing everybody there to stay at home.
I don’t think an app is going to fix this. Because a non private app would be very dangerous and put you in the situation of countries like China where the government really interferes in your life.
I don’t think an app is going to fix this. Because a non private app would be very dangerous and put you in the situation of countries like China where the government really interferes in your life.
I genuinely have no idea what point you’re trying to make here. How does the flu vaccine and it’s efficacy (or lack thereof) have anything to do with whether covid-19 contract tracing is beneficial?
This has been addressed many times before (including the Macrumors article). You will not be able to advertise yourself as diagnosed without authorization by a medical provider. This will be enforced by the app and its cloud backend.
PROVE IT.
Apple always “says” that their data is encrypted, anonymous, can never be traced back to anyone and can’t be hacked, violated, or translated.
I challenge ANYONE to prove this. Until then, that is simple propaganda from Apple’s marketing department.
Sorry if that gives you some butt hurt, but those of us who have trusted institutions in our lifetimes only to see our identities stolen have experiences to say, yeah, we’re skeptical.
That's not how it works — you need the app from your local medical authority. If you test positive, they will give you a code to scan (most likely a one-time scan) then the app registers the positive result to the list anonymously.
That's all you can do. It's not going to be like a fart app you can just run up somewhere and press a button.
This app isn't about fixing anything — that's a vaccine — what this will do is help track the spread, help alleviate stress at medical centres so only people exposed will try to get tested, and to inform people if they may have been exposed.
Please educate yourself and read the information literally attached to the comments you are posting.
If you use technology in any meaningful way (and I assume you do, since you're on Macrumors), then tremendous amounts of personal information about you are being digitized, information far more sensitive and important than randomly generated bluetooth identifier strings. Do you use social media, online banking, email, messaging, fitness tracking, etc.? Do you message your doctor through an app? Carry a cellphone with a GPS? How do you know any of that information is secure and isn't being hacked, stolen, or sold to the highest bidder?
People's entire lives are digital now but are losing their minds that someone could access a randomly generated bluetooth identifier string. I honestly just don't get it.
Or maybe he’s fully aware of how grossly overblown this whole thing is, and he’s not about to endorse it by playing along in this medical theater. Just a thought. ¯\_(ツ)_/¯
What kind of proof would you accept? They have published the specification, which can be examined by anyone. Now you'll probably say "but how do I know they implement it in the phone as specified". Well, if you don't trust them at all, you should throw away your iPhone. After all, nobody can prove to you that it doesn't record everything you say through the microphone, copies your banking passwords when you enter them in an app, or constantly tracks and uploads your location ...
Let's imagine how this could go wrong, but not about privacy:
- this give people have a false sense of protection
- people freak out for receiving "you've been exposed" notifications and unexpected things happen
- people that know they are infected still use the thing in public, deliberately or not
- people gamify the thing or want to check if "it works" (you'd have to be stupid for that but you never know)
- when everything is said and done, statistics determine that people enabling this feature were more infected on average than those that didn't
- this give people have a false sense of protection
- people freak out for receiving "you've been exposed" notifications and unexpected things happen
- people that know they are infected still use the thing in public, deliberately or not
- people gamify the thing or want to check if "it works" (you'd have to be stupid for that but you never know)
- when everything is said and done, statistics determine that people enabling this feature were more infected on average than those that didn't
Last edited:
The assumption that Apple is using a “randomized” bluetooth identifier that can never, ever, in no way, shape or form be linked back to you YET Apple can STILL identify EXACTLY who, where, when and how you interacted with another “randomized” data set AND guarantee protection from any hacker is so ridiculously myopic I pity those who religiously believe it.
Good lord... if Apple said they have a pen of unicorns they are feeding in a secret garden, and I disputed it, I would get about 50 downvotes, 20 snarky comments, and at least another two off-topic redress here on MR like those above.
It doesn't claim to do any of that. On the contrary, it is explicitly designed so that nobody can see the "who, where, when and how". Read the specification:
Privacy-Preserving Contact Tracing - Apple and Google
Contact Tracing makes it possible to combat the spread of the COVID-19 virus.
I think this a very clever system but I was wondering if a neo-fascist govt could use the step of validating your positive COVID test to tie the phone to the name of the sick pacient, thus tracking where the sick person is at at all times. Probably the app will ask to authorize the location sharing, and rightly so, the patient will give consent. Without him/her knowingly aware that his/her phone is being tracked.
No. The app does not use location data. The only way this could happen is if there is some unkown vulnerability in the system.
No thanks. I see they changed the name of API for PR purposes to get more people on board.
Go read the ***** spec.
Alternatively, you prove to me that there isn't an invisible pink unicorn in your house. It's completely silent, and very observant and nimble, so it hops out of the way whenever you get near.
By your standards, I've demonstrated that there's an invisible pink unicorn living in your house, unless and until you can conclusively can prove there isn't. Anything you say that isn't conclusive proof - to my standards - is simple propaganda on your part.
And if you don't trust Apple that much, why are you using Apple devices or any devices with Google software on them? Do you have a smartphone, or any device made by Apple ? Why? You clearly don't trust Apple. Time to throw your iPhone into a wood chipper.
Last edited:
So this is why it's important to read things
This isn't protection — this is about knowledge. This is about learning about how the virus moves, letting people know if they have come in contact with someone so that people who haven't been exposed don't overrun already stressed medical services without cause, and finally — it can help detect the oncoming of a second wave so that we can not only all be prepared but are able to act accordingly to the need of specific communities rather than over/under-reacting in a blanket sort of way. So while it isn't medically protecting anyone, it is providing the data that can help people who are protecting people make better decisions while enabling people to be proactive if they have been exposed.
If the app is made well, the explanation will not be alarming — that's a concern for the presentation, not the system. It would help if people would stop freaking out at headlines and summaries, overvalue other people's opinions and actually educate themselves enough to read the provided information. It actually answeres 99% of people's questions that involves the API (the app is up to the developer to answer).
This is unclear — If you mean people who don't use the system will still be out. Can't help that, people here have also been clear they aren't cool with overzealous laws to limit that so... freedom? If it is not deliberate, that's the point of the app, actually. It assumes people aren't purposefully exposing people, but you can't avoid doing the right thing just because some in society won't. We sell guns to people and we assume that those doing so will be law-abiding and won't murder anyone, even though we know that every day people are shot and killed. We cannot avoid doing the right thing for the majority just because some will rebel.
You can't — please read the process, this is impossible. You get a code to scan by the regional health authority once you test positive and I can guarantee it's a one time code. If Vinyl sellers can figure it our for digital downloads, I'm sure Apple and Google can figure it out. It's not a button you can just press. Please, read.
There is no fact in this — you are speculating — which is interesting as someone who claims that they don't want to "freak people out". Doing something is generally better than doing nothing. Doing nothing has gotten us to where we are today because we didn't start testing early enough, we didn't start mass manufacturing tests early enough, we didn't stockpile enough PPE, and we didn't continue operating the Global Health Security and Biodefense we wouldn't be here.
Read the damn spec. Then read it again. Then again, until you understand it. It DOES NOT KNOW where, when and how you interacted with anyone (or even who those anyones are). If you think that, they you haven't read the spec enough times, and you're just wasting everyone's time making up scary - and wrong - stories about how it works. STOP MAKING STUFF UP. You pity those who believe this? I pity you, if you really can't understand how this works.
It collects random numbers that other people's phones are broadcasting. Those numbers change quite often. All your phone knows is "I've seen this pile of numbers". It has no idea who those numbers represent, it doesn't remember where it saw those numbers, and the random number for any given individual won't be the same number an hour later - and there's no way to track from one to the next. If someone later self-reports as having tested positive (and there are various safeguards available that the people writing apps on top of the API can use to keep people from reporting falsely, so people can't grief the system), then their phone uploads the random numbers it has used recently to a database. That database doesn't store the numbers with any personal info, it's just a big pile of numbers. Your phone, in turn, downloads that pile of numbers every so often, and compares each of those numbers against each number in the small pile of numbers representing phones you've been near recently. If it gets a match, it tells you. And that's it. It can't tell you who, or when, or where - that information isn't stored anywhere, not on your phone, not in the central database - it just tells you that you've been exposed (not necessarily infected), meaning you should self-isolate and see about getting yourself tested. It doesn't have to keep the data safe from hackers because the data you fear doesn't exist in the first place.
Oh, ok, so you don’t understand how the technology works. Fortunately for you, the spec is public, so you can go look at it.
Of all the privacy issues to be worried about, this isn't the one. It's pretty easy to do this anonymously, and they do. Should be opt-in is all.
[automerge]1588387578[/automerge]
[automerge]1588387878[/automerge]
[automerge]1588388073[/automerge]
[automerge]1588387578[/automerge]
Not everyone understands computer science or its related fields, and there's no use in pretending they do. Features like this being suddenly enabled by default will make many people rightfully suspicious. Think about something others control that you know very little about, maybe 10-syllable organic compound food ingredients.
[automerge]1588387878[/automerge]
The source code can't be, at least on iOS. I trust them anyway, but the spec isn't proof, and you guys saying to read the spec are missing the point.
[automerge]1588388073[/automerge]
There will be so many sick that I'd be surprised and impressed if they acted upon it. And in the USA, that's partially what the 2nd Amendment is for.
Last edited:
Allow me to put on my tin foil hat and attempt to blue-sky some ideas that could be used for governments / large corporations / Lex Luthor to exploit this system. I'm going to imbue this imaginary bad guy with some sweeping powers, but please bear with me.
From the article, one of the images, insert:
This implies the API is able to give you the keys based on region. Is this lat/long and radius? Is this some other way, like FEMA regions? I can't say I know. Suffice it to say, this data can be retrieved specific for some kind of location. This also implies that location is then sent, at least upon a positive test, to the API. Furthermore, these keys and their locations are public by necessity.
Your phone is broadcasting beacon keys. These keys could then be easily "slurped up" by any number of sensors, such as those large retailers have for tracking Bluetooth ID's around the stores. Lex Luthor could then conceivably keep an entire list of beacon keys broadcasted anywhere he can put sensors, which, because he's Lex Luthor, will from here on out be everywhere you are, up to and including your apartment building / house / place of residence and - why not - your vehicle or person.
Lex Luthor now has every key generated by every phone, and then also every positive key by region. It could be noted here that Lex Luthor could realistically be a government and simply request these keys from whatever cloud provider(s) are presently hosting the data.
He could coordinate your location based on your keys. Further, he could track all your frequent contacts. If you and/or your contacts are up to no good, he comes in his black helicopters and sweeps you ne'er-do-well's away to who-knows-where.
Thing is, Lex Luthor could already do this based on your currently operating radios on your devices, your wifi adapter and bluetooth adapter for example. And in those cases it's even easier because he doesn't have to do best-guess logic to know which is you. He knows which is you because your hardware ID does not change.
What Lex Luthor can now do that he couldn't do before is know if you or anyone with whom you associate is COVID-19 positive.
The only danger, if you could call it such, that this adds is that it "normalizes" sharing health data with those around you, even if anonymously. It will be argued that this can be used as a pivot point for future violations. If it will or not, I don't know. Governments do not have a great track record and have earned distrust from many people, especially marginalized and disenfranchised populations.
Realistically speaking, people with such concerns (valid or not, that's not for me to judge) have really the only option of at least deferring backward to a non-smart phone and turning off unnecessary radios if their concerns are around the tracking. Best of all for those so concerned is ridding oneself of any mobile personal device that broadcasts any signal on any frequency whatsoever.
I see this system as saving lives. I also see this system as potentially a slippery slope. I also see it as nothing new to Lex Luthor's concerns or capabilities. If you want to make Mr. Luthor's job harder, your only real option is to abandon all personal devices that broadcast.
From the article, one of the images, insert:
This implies the API is able to give you the keys based on region. Is this lat/long and radius? Is this some other way, like FEMA regions? I can't say I know. Suffice it to say, this data can be retrieved specific for some kind of location. This also implies that location is then sent, at least upon a positive test, to the API. Furthermore, these keys and their locations are public by necessity.
Your phone is broadcasting beacon keys. These keys could then be easily "slurped up" by any number of sensors, such as those large retailers have for tracking Bluetooth ID's around the stores. Lex Luthor could then conceivably keep an entire list of beacon keys broadcasted anywhere he can put sensors, which, because he's Lex Luthor, will from here on out be everywhere you are, up to and including your apartment building / house / place of residence and - why not - your vehicle or person.
Lex Luthor now has every key generated by every phone, and then also every positive key by region. It could be noted here that Lex Luthor could realistically be a government and simply request these keys from whatever cloud provider(s) are presently hosting the data.
He could coordinate your location based on your keys. Further, he could track all your frequent contacts. If you and/or your contacts are up to no good, he comes in his black helicopters and sweeps you ne'er-do-well's away to who-knows-where.
Thing is, Lex Luthor could already do this based on your currently operating radios on your devices, your wifi adapter and bluetooth adapter for example. And in those cases it's even easier because he doesn't have to do best-guess logic to know which is you. He knows which is you because your hardware ID does not change.
What Lex Luthor can now do that he couldn't do before is know if you or anyone with whom you associate is COVID-19 positive.
The only danger, if you could call it such, that this adds is that it "normalizes" sharing health data with those around you, even if anonymously. It will be argued that this can be used as a pivot point for future violations. If it will or not, I don't know. Governments do not have a great track record and have earned distrust from many people, especially marginalized and disenfranchised populations.
Realistically speaking, people with such concerns (valid or not, that's not for me to judge) have really the only option of at least deferring backward to a non-smart phone and turning off unnecessary radios if their concerns are around the tracking. Best of all for those so concerned is ridding oneself of any mobile personal device that broadcasts any signal on any frequency whatsoever.
I see this system as saving lives. I also see this system as potentially a slippery slope. I also see it as nothing new to Lex Luthor's concerns or capabilities. If you want to make Mr. Luthor's job harder, your only real option is to abandon all personal devices that broadcast.
The source code wouldn't be any more proof than the spec, since the user has no way to verify that the code that is deployed on the phone is identical to the published source. At the end of the day you have to trust that they don't lie to your face. But if they did, they could already do a lot of nefarious things on your phone, so why would they wait for this exposure notification system?
That's true, but you maybe can with Android if they do verifiable builds.
I agree, this system is the last thing to worry about.
Only a tiny number of people can, and certainly not the poster above who was demanding proof.
Anyway, I think there are some valid concerns, but it's not that Apple is lying. Contact tracing at scale is the wet dream of intelligence agencies, police forces and authoritarian regimes. There *will* be attempts by well-resourced players to find weaknesses. And this thing was designed in a matter of weeks (and already went through one round of fixing privacy flaws after the first iteration), far too little for thorough peer review. So there is a risk that someone might find a way to abuse it. Apple/Google have to be really careful.
Last edited: