I know that this is how it's designed, but someone may find a way to circumvent all that. Security is hard, and often the weaknesses are not in the cryptography but in the implementation. In the security research community it takes years of peer review until a new scheme is trusted.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
How to Disable COVID-19 Exposure Notifications in iOS 13.5
- Thread starter MacRumors
- Start date
- Sort by reaction score
Android is Linux.
Open-source smartphone systems exist and have since before the iPhone.
If Nokia had played its cards right, Maemo/MeeGo/what ended up as Tizen these days could've been the iPhone before the iPhone, a year and a half before.
After the iPhone was shown, a lot of people from the FLOSS community seemed reality excited by Openmoko, which, lol.
Lots of factors against it, but I think the big one is that more than two big platforms never seem to survive. Windows+macOS on the desktop in the '90s (killing Amiga, Be, Atari, and so many others in the process), and Android+iOS on mobile in the '10s (killing Symbian, classic Windows Mobile, Windows Phone / Windows 10 Mobile, BlackberryOS, Maemo/MeeGo, and more).
So, like, good luck with that.
I can see the argument, "hey, wait a second, did two tech companies from Silicon Valley just dictate how contact tracing will work to the EU and others? that doesn't seem democratic", and, yup, that's a problem. Amusingly, in this case, they dictated a rather good approach, and they don't even really benefit from it other than perhaps in PR/image.
[automerge]1588277481[/automerge]
But that's usually for long-lasting keys. A key for a digital signature or certificate that's valid for an entire year or more? Yeah, that's very interesting, and maybe a few years from now, we'll crack AES-256 in reasonable time (so far, not so much).
But a key that's only useful for 15 minutes? Derived from another key that's only useful for a day?
Just to give you an example of what I mean, the BT beacon contains not only the random IDs, but also some metadata such as the BT MAC address. That also rotates on modern phones, but how secure is the randomization scheme? Given that the MAC addresses and the random IDs are supposed to change in sync, a weakness in the MAC randomization would potentially allow an attacker to uncover the device that broadcasted the random IDs. Or how about correlating it with unrelated BT communications (such as syncing between the phone and a smart watch)?
Last edited:
This system by Apple and Google ensures the exposure-notification ID is changed exactly at the same time as the MAC address, to prevent that linking. (Governments and health orgs who decide not to use this API and implement their own thing will inevitably have a flaw with that, because they can't know when the MAC changes)
So you may see MAC address 37:38:5D:78:F7:BF sending ID 0546ec4d24f0675dc0c9bcf738df1f9f, and if you're still close to the same person minutes later, you may see MAC address 18:F2:57:2E:96:A6 sending ID 222a19dc602dd291978dc98c853c4fbe. But there is no way you can know it's the same person both times. It all looks random and there's no overlap of the two identifiers. It could have been different devices each time.
If we can't trust iPhones to securely generate random numbers and they end up being predictable, all their cryptography would be broken, including SSL connections to websites, filesystem encryption, maybe Wi-Fi WPA... MAC addresses would be the least of your problems.
And if there is a flaw in MAC randomization, then it's a problem regardless of this API. Your device is already sending stuff over Bluetooth with a randomized MAC, if that's broken then you can already be tracked and the new API is irrelevant.
I could care less if I come into contact with someone with covid. That’s what, up to 20 percent of the people in the US now? More? It’s already happened multiple time I’m sure. Time to get on with life.
It is not irrelevant if it allows someone to uncover the device that broadcasts the exposure notification beacons and thus potentially de-anonymize the data.
Look, we can argue about examples all day long, but none of this means it's impossible that someone finds a weakness that the Apple/Google engineersn or you and I haven't thought of. I think this would be the first system in history that has been designed in a few weeks and is totally uncrackable.
Wait… what beacon? This system uses decentralized phones. No beacons are involved.
Are you suggesting an evil beacon that collects data? OK, but it can do that today. It doesn't need the IDs at all.
Who would know about communication between a phone and a smartwatch, and how?
[automerge]1588280976[/automerge]
This system isn't for right now. It's for the coming months and year or two, where the virus hopefully loses ground, but is still around. Tracking exposure can help accelerate that.
The phone itself becomes a beacon.
It's wireless and easy to capture using BT monitoring tools. The payload is usually encrypted, but there's probably a lot of metadata to capture.
As far as I can tell, they use different MACs. The watch needs to know the message is coming from that phone, so the phone uses a "resolvable private address" (looks random but the watch can tell who it is if it already has the pairing key). Exposure notification broadcasts use a non-resolvable private address which is *truly* random. So they are different.
Sure. But by using the same encryption algorithm as is used for things like securing financial transactions, they aren’t going out on a limb and doing something new and untested. And if someone could figure out how to crack it, they would likely use that knowledge to make themselves rich instead of snooping on you to see when the last time you went to the dry cleaners was.
[automerge]1588283458[/automerge]
There is a bit of metadata, encrypted. It is not stored anywhere.
That makes no sense. The phone collects its own data maliciously? Why?
Is there malware on it?
You can already do that.
A phone with this system enabled constantly broadcasts the rolling identifiers to make it discoverable for other phones. That makes it a beacon. It has nothing to do with malware.
You asked who would know about the communication between the phone and watch. The answer is "anyone who is close enough and cares to listen".
The amusing part is watching a number of European countries, who signed on to all sorts of privacy legislation over the past decade or two (which is not a bad thing), have also pushed hard that, "no, this anonymized approach wasn't invented by us, so we insist you make changes to your OS so we can implement our invasive centralized privacy-denying system that we thought up".
Im all for staying far away from tracking. Government can stay out my business. I won’t be downloading these apps and I will read any I do download to make sure.
But comparing this virus with Flu is so old. 8 weeks 60,000+? Dead? WITH stay at home orders etc... please don’t say this isn’t an emergency. If some of these steps wouldn’t have been taken, the numbers would be worse. Classic case of a (Somewhat) effective response leading to a positive result (no overwhelmed hospitals - which was the goal) and people saying “it’s not that bad - it didnt even overwhelm hospitals” (which I know you didn’t say that but people have). 8 weeks... we have 48 weeks to go before people can effectively compare the death rates with flu, heart disease, swimming pools etc.
Btw, just checked - cdc says average ANNUAL flu deaths are 12,000-61,000/year in the US. We are at 63,000+ Covid deaths in 8 weeks...
Your iPhone is *already* a beacon constantly broadcasting rolling identifiers (the MAC address). I see 150 broadcasts per minute from my iPhone (non-beta iOS 13) and Watch (watchOS 5).
I don't understand why people are worrying about *this* new functionality when Continuity features already blast out (encrypted, non-identifying, periodically-changing) data over Bluetooth all the time.
Yeah, I think the EU’s stance is more that citizens should have privacy against corporations, but not so much against the government.
So this is even more pointless of a feature? Most people will never go to a healthcare provider to get tested they will stay asymptomatic and only find out once they have an antibody test or test at home and have no way to confirm their status. Anyone admitted to a hospital or seen by a doctor wont be of concern to the average person they wont be in public until they either recover or pass away.
[automerge]1588343493[/automerge]
If the average person knew how incomptent governments are they would breakdown into a panic attack. Ive worked with various NATO governments and when comparing response plans to what the average person thinks we are capable of is scary. Society is a fragile thing and the the most intelligent people do not run it they retire at 35-40 and check out of society for the most part.
Last edited:
Never said it wasn't. Please go back to the post I replied to. BTW, have you checked what it does if no BLE devices (watch, Airpods, etc.) are paired to the phone?
In the context of the contact tracing system, it might open up the potential for side-channel attacks or help with correlating the random IDs to device identifiers.
[automerge]1588346774[/automerge]
Why not? At some point soon testing capacities will hopefully be sufficient to test anyone who has received an exposure notification.
Last edited:
It's been delayed but getting closer:
Librem 5 Shipping Announcement – Purism
Purism makes premium phones, laptops, mini PCs and servers running free software on PureOS. Purism products respect people's privacy and freedom while protecting their security.puri.sm
The smartphone with convenience and control – Purism
Purism makes premium phones, laptops, mini PCs and servers running free software on PureOS. Purism products respect people's privacy and freedom while protecting their security.
I don't know why it has not happened yet or why it seems so difficult. People are concerned about privacy more than ever and means of working together and sharing is more prevalent than ever. We have a zillion distros of Linux that run the backbone of the internet, but we do not have a Linux with touch interface for a smartphone, which is really just a small computer. Through the means of kickstarter, patreon, github, and the power of the internet a strong Linux/Unix/OpenBSD based contender should be a big player in the market by now.
You make a good arguement, but I think the fact that only 2 platforms survive is due to late stage capitalism effect, if it wasn't for Jobs return to Apple by now we would have Windows as our sole OS. There are 8 Billion people on planet earth, 200+ countries, I really think there is a place for a third and a fourth player in the market.
Good.
I’ve spent ten years figuring out how to recover my health from this pseudo medical system, after being floxxed with ciprofloxacin from a misdiagnosis that was essentially medical malpractice, and sundry other issues.
Unless I break a bone, Western medicine will never touch my body again, vaccines included. Your judgment holds no weight over the privacy and rights of my body.
Because it sets an inappropriate cultural precedent with our technology.
The thing is, it's hard to convince management to do even apps for two platforms (or even one; "why not just do a web app?"). It's harder, and rarer, to take advantage of platform-specific features or concepts. For a third platform? It's exponentially harder.
Systems like Sailfish OS (from the former MeeGo team) or KaiOS (née Firefox OS or Boot 2 Gecko) exist. Ubuntu Touch was also briefly a thing, and unfortunately abandoned. But good luck giving any of them traction.
Hmm... if the curve is flattened, then maybe we do. The idea isn't to keep anyone with this from infecting anyone else, but to keep % of those who might need hospitalization under control so we can handle it. Aside from a couple hot-spots, that has been achieved and then some.
This isn't the plague.... and maybe it isn't me being paranoid. And, regarding selfish, how many will end up dying from the overreaction?
The problem is that the medical professionals don't have very good data. And, even if that is true, context is still crucial.
Your logical fallacy is slippery slope
You said that if we allow A to happen, then Z will eventually happen too, therefore A should not happen.yourlogicalfallacyis.com
Not all slippery slopes are the fallacy type.
Also, the proper slippery slope argument doesn't guaranteed it will happen, just that it logically follows. The core principal applies at each step, making the next step possible based on the same reasoning.
Well, then we have a lot of feeble minded people, because panic is rampant.
We'd better get out of lockdown before a vaccine is available, or we'll loose a LOT more people than Covid-19 could ever be responsible for. But, we don't need this to get out of lockdown! The concept that we do IS the problem!
Most of those deaths also occur within a fairly narrow time window.
Gotta love the anti-vaxxer straw-man/ad hominem, eh? Or science-denier... or ...
While there are people out there for which it properly applies, most people I've run across who have concerns about vaccination are fully aware of how vaccines work, and maybe on board with them 'as far as it goes', but ALSO aware of the hazards.
I suppose one can legitimately have a personal autonomy vs civic duty debate, but that is politics and morality, not science.
Personally, I'm really glad Western medicine is available when something goes really wrong. But, the whole model is so broken, and on the grand scale, so ignorant of the big picture. And, I'd rather put more of my efforts into prevention than reaction.