Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
How to Disable COVID-19 Exposure Notifications in iOS 13.5
- Thread starter MacRumors
- Start date
- Sort by reaction score
Are you saying the NSA has access to Apple's source code?
That's… very unnuanced.
First of all, no, NSA doesn't have blanket access to any and all data.
Second, they can only access data that, y'know, is accessible. A ton of data in iOS is basically impossible to encrypt. On top of that, Apple tends to avoid collecting certain data in the first place. And in this particular case, to bring this remotely back on topic: the system is designed to make it basically impossible to track IDs back to devices, so good luck tying ID, device, location, timestamp, and ultimately person together.
Pretty sure Aussange[sic] is alive. And, again, Assange is a far more nuanced case than someone in the US government having killed him.
No just turn it off by default and if you download a specific contact tracing app it can then alert you that to use the app this must be turned on and take you to settings to do it.
Apple will not receive any covid info whatsoever of your or anybody else's phone. On or off. App or not. What for? What use are random numbers to Apple? And how would they get there? BT beacons send out random numbers for ever, not to Apple but inside a store for advertising.
The only time the app would share those numbers is to a health authority and even then only with your consent. And that only if you have been tested positive. Proven. Not nilly willy a button “I am positive” Neither Apple nor Google have anything to do with that.
well that was a long post with out actually answering the question. So I’m guessing most likely Apple is getting something extra from your phone. Apple has a random number key. I’m sure.
I can just see the headlines in 6 months. Security flaw in Covid app allows personal data breaches. Lawsuits against Apple google etc.
Holy crap people are strange. Even my tech oriented guys who use Google phones with Google accounts etc. are still against this. People who use Facebook, Tiktok etc. All suspicious. I don't understand what is going on.
Please read the spec and you will see there is not a single personal information being sent. You suspect iOS sending stuff to NSA? Why they would do it after this feature? A bloody random bluetooth ID gathering system? You trust a switch in the OS in this case to prevent "bad" things to happen? If someone wants to track people, you wouldn't know. No, it is not a good place to introduce tracking on this kind of features. Those things would be added in discrete. Why would this feature be the "leaker"? A random number gatherer?
The API doesn't even allow anyone to access the gathered data directly, you can only make queries for the IDs the app gets from healthcare authority to see if your phone has seen this random ID and only then it returns the possibility for contact.
This feature sends random IDs to your hospital/healtcare authorities IF you are infected and you ALLOW it. Period. The IDs are deleted after 14 days. There is no need to question this. You can easily question tower cell tracking or anything else 1000 times more easily. There are far more easier ways. A far more.
This is not a time to play tin foil hat games. This is a global threat that the whole world should fight against. Even if your phone would magically start to leak something just now, even that is not a good reason to start playing this mid-age witch-hunt game. Wake up please people. Please. I really ask you.
Please read the spec and you will see there is not a single personal information being sent. You suspect iOS sending stuff to NSA? Why they would do it after this feature? A bloody random bluetooth ID gathering system? You trust a switch in the OS in this case to prevent "bad" things to happen? If someone wants to track people, you wouldn't know. No, it is not a good place to introduce tracking on this kind of features. Those things would be added in discrete. Why would this feature be the "leaker"? A random number gatherer?
The API doesn't even allow anyone to access the gathered data directly, you can only make queries for the IDs the app gets from healthcare authority to see if your phone has seen this random ID and only then it returns the possibility for contact.
This feature sends random IDs to your hospital/healtcare authorities IF you are infected and you ALLOW it. Period. The IDs are deleted after 14 days. There is no need to question this. You can easily question tower cell tracking or anything else 1000 times more easily. There are far more easier ways. A far more.
This is not a time to play tin foil hat games. This is a global threat that the whole world should fight against. Even if your phone would magically start to leak something just now, even that is not a good reason to start playing this mid-age witch-hunt game. Wake up please people. Please. I really ask you.
First, you have to be near the person for at least 5 minutes before contact can even be considered. The distance is up to the app that is used, which will come from your public health authority.
Again, this is all in the technical specs. Next time read it yourself - I am not your personal google.
[automerge]1588257749[/automerge]
Wrong. You are reaching false conclusions by reading an explanation of a toggle in settings.
read the specification. Nothing happens unless you install an app. Uninstall the app or turn off the toggle to stop anything from happening. Not only does the spec make this clear, so does the FAQ.
They DO NOT see who you've come in contact with. Only your phone knows the Bluetooth IDs of who you've come in contact with. Apple only knows the Bluetooth IDs of those who have the virus. I assume you haven't read the spec... But excuse me, because according to you I'm an uneducated person...
And they don’t even know Bluetooth IDs. They know randomized tokens (Rolling Proximity Identifier), and only the phone that generated those tokens knows which phone those tokens came from. (And, of course, only if you voluntarily submit that you are infected).
The tokens change every 15 minutes. To correlate to an individual, a Temporary Exposure Key is needed. That key is regenerated every 24 hours.
If you test positive, and volunteer to participate, your temporary exposure keys (a subset of them) are uploaded, along with the times when these keys were active. Typically the last 14 days’ worth. Otherwise your keys never leave your device. These keys are all aggregated on the server, so there’s no way to know which keys are correlated to the same device (Making it essentially impossible to use the sequence of exposure keys to predict other exposure keys that were or will be generated by a given device).
Each Rolling proximity identifier is 16 bytes long, meaning collisions are unlikely. (False matches are possible, but unlikely. At the same time, this is long enough to make it very difficult to predict future or past identifiers. And even if cracked, it would only work until the end of the 24-hour period when a particular temporary exposure key is valid.)
It is really time for an open source and a linux equivalent for the smartphone
It's been delayed but getting closer:
Librem 5 Shipping Announcement – Purism
Purism makes premium phones, laptops, mini PCs and servers running free software on PureOS. Purism products respect people's privacy and freedom while protecting their security.
puri.sm
The smartphone with convenience and control – Purism
Purism makes premium phones, laptops, mini PCs and servers running free software on PureOS. Purism products respect people's privacy and freedom while protecting their security.
puri.sm
In many cases, it's because instead of listening to informed sources for their news, they listen to propaganda from people who want them to be fearful, so they can be more easily controlled. And that propaganda says, "they are out to get you! be afraid!" It also says, "don't believe anyone else but us - everything else is FAKE NEWS", in order to get them to believe blindly and to learn to reject other sources of information (easier to keep your flock in line if they're trained to disbelieve any information that doesn't come from you). There's a difference between being alert and thinking critically, on one hand, and on the other hand, listening to propaganda that stokes your fear of others.
Last edited:
Your iPhone is *already* sending random IDs (MAC addresses) via Bluetooth *all* the time. My phone and watch send about 150 per minute; or at least that's how many my computer manages to see. Why weren't you complaining about that already years ago? It has the same privacy implications. A random ID not matched with your identity and changing every 15 minutes.
[automerge]1588270433[/automerge]
No, Apple doesn't even know that. Apple gets zero information here. It's up to the app to send your codes to the health authority's server, and only when you're reported as infected. Apple servers don't get involved in this.
Last edited:
Do you think the NSA has full access to your location, your camera, your pictures, your contacts, your emails etc since that is also baked into the OS?
I imagine this new API is an expansion of the existing Find My feature which is already secure and private.
And perhaps a branch of Google's Maps popular times feature.
In other words, our phones spew data all the time. You can't prevent it. The smart and well-intentioned engineers are just putting it to good use here.
And perhaps a branch of Google's Maps popular times feature.
In other words, our phones spew data all the time. You can't prevent it. The smart and well-intentioned engineers are just putting it to good use here.
Find My and Google Maps popular revolve around location data. This doesn't.
[automerge]1588272063[/automerge]
I think Romeo_Nightfall was saying they're baked, not something's baked into the OS.
Hey Personal Google, in case you didn’t notice, the specs are not in this article. You seem like a really pleasant person.
Drawing dumb conclusions by drawing unwarranted conclusions from an article, and then spouting them as facts without bothering to check on whether dumb conclusions are dumb, is dumb.
If you want to know how something works, go to the source.
I think the biggest problem Apple/Google will face is to convince the non-technical people. They will not fully understand how the scheme works, so it comes down entirely to trust. And the idea that every single personal contact you have will be tracked in some fashion is scary, and intelligence agencies and authoritarian regimes around the world would love to find a way to abuse it for their own purposes.
I'll also point out that it is very well possible that someone finds weaknesses in the system or its implementation that could help to de-anonymize the data e.g. by linking the random IDs to the BT Mac addresses or something like that. This scheme was developed within just a few weeks and there was no time to thoroughly review it.
[automerge]1588275931[/automerge]
That already exists. It's called Android. And in this context I mean AOSP, i.e. the open-source part without proprietary Google crap.
The problem that all open-source platforms will face is building a rich app ecosystem comparable to the app store or Google Play store. Something like F-Droid is great, but it has nowhere near the selection of the commercial app stores unfortunately.
Last edited:
It also measure the time you were in close contact in 5 minutes increments up to 30 minutes.
Most official health apps will probably use 10-15 minutes to avoid a lot of short close contacts which has very low risk of causing an infection.
The API uses four weighted factors to decide your risk level and the developer of the app decides how much those four factors is weighted.
So the criteria for notification is up to the app, not the API.
It isn't related at all. It's important to understand that this scheme does not use geographic locations in any way. It relies solely on proximity detection, i.e. it knows that you were near another device on a certain day, but not where that happened or at what time exactly.
For someone who keeps pointing out that they don't care about the specs, you sure seem to care a lot to speculate what might be in the spec, and what might not.
They‘ve thought of the deanonymization problem, and that’s why they use rapidly changing codes, each tied to a key that changes every 24 hours. If you can find a way to crack the codes to figure out what the next one would be, you’d be cracking an encryption algorithm that is widely used, and you’d probably be better off using that to steal a lot of money. But assuming you did it, your calculations would only work until the key changes, so less than 24 hours. And none of it is tied to anything about your device - all you’d know is that “the person with code x is the same person who, 15 minutes later, had code y. And since I’ve apparently got bluetooth snoopers everywhere, i know where code x and code y were.”I think the biggest problem Apple/Google will face is to convince the non-technical people. They will not fully understand how the scheme works, so it comes down entirely to trust. And the idea that every single personal contact you have will be tracked in some fashion is scary, and intelligence agencies and authoritarian regimes around the world would love to find a way to abuse it for their own purposes.
I'll also point out that it is very well possible that someone finds weaknesses in the system or its implementation that could help to de-anonymize the data e.g. by linking the random IDs to the BT Mac addresses or something like that. This scheme was developed within just a few weeks and there was no time to thoroughly review it.
[automerge]1588275931[/automerge]
That already exists. It's called Android. And in this context I mean AOSP, i.e. the open-source part without proprietary Google crap.
The problem that all open-source platforms will face is building a rich app ecosystem comparable to the app store or Google Play store. Something like F-Droid is great, but it has nowhere near the selection of the commercial app stores unfortunately.
Even for nation states, it would be essentially impractical to achieve.