249
submitted 1 year ago by ijeff@lemdro.id to c/android@lemdro.id
you are viewing a single comment's thread
view the rest of the comments
[-] ooterness@lemmy.world -1 points 1 year ago

The Google system allegedly shares hashes of a ID-number salted with a rotating timestamp over BLE. But it's also a closed-source binary. Can you or anyone else actually inspect its implementation? Can you really guarantee it doesn't have even the smallest design flaws?

This technology is exceptionally dangerous. There is very little difference between these two scenarios:

  • A doctor has identified a COVID patient. Let's notify everyone who's spent time with them recently.
  • Secret police have identified a "dissident". Let's round up all their close associates.

It's voluntary (for now). It's allegedly secure (for now). But did anyone actually benefit from this complicated system? All I see are downsides.

[-] FooBarrington@lemmy.world 5 points 1 year ago

Security researches have taken apart the binaries, listened to network requests and everything else you need to do to verify that nothing nefarious was going on. The system itself is set up so no tracing is possible if nobody reads your hashes.

[-] ooterness@lemmy.world 0 points 1 year ago

[Citation needed]

Every reverse-engineering study I've read has been about the apps built in top of the Google API, not the Google binaries. Here's one, and here's another, and neither paints a flattering picture.

Maybe it's possible to build a perfect implementation, but that is not what we got.

You know what does work? Masks and vaccines. Phone-based tracking was a dangerous waste of time.

[-] FooBarrington@lemmy.world 4 points 1 year ago

Maybe it's possible to build a perfect implementation, but that is not what we got.

What exactly are you referring to? The whole approach is built in a way that doesn't really give anyone any way to screw things up. Please be specific.

You know what does work? Masks and vaccines. Phone-based tracking was a dangerous waste of time.

Unless you were testing yourself literally every day, phone-based tracking is a great way to tell you when you should test yourself. It's a great addition to other preventative measures, and I have no idea how you could come to this conclusion while thinking rationally about this topic.

this post was submitted on 04 Nov 2023
249 points (98.8% liked)

Android

17668 readers
89 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

🔗Universal Link: !android@lemdro.id


💡Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.


Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

💬Matrix Chat

💬Telegram channels / chats

📰Our communities below


Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

Chat and More


founded 1 year ago
MODERATORS