[Miyata]

Voted "No" for now until the time it becomes a requirement. Even then, I will only be installing on a secondary phone that has no other information saved on it.

Privacy is not really all that of a concern to me on this, but security is. I do have some questions that I am still not clear about -

1) The source code is not yet open to the public. I am reading that it is to be made public. Will await for the source code to be public first.

2) Does the app presume that everyone is moving about with a mask to evaluate potential risk or down the road issue some sort of digital health certification / immunity certification?

3) How does the app know I am near a covid +ve person - I mean, I know it is bluetooth powered etc, but am I relying on the integrity of that covid +ve person to update the app that he/she is tested +ve? That would be setting myself up for disappointment!

4) What happens with doctors / nurses and other medical personnel - since many of them will be around multiple covid +ve people, will the app go haywire and bombard them with notifications and health warnings?

5) Contact tracing makes better sense only with large scale testing and faithful reporting of those covid +ve identified individuals. What steps are being taken to ensure such a compliance? Without this, we are just a bunch of people moving about with our phones "handshaking" and draining out the batteries and serving no useful purpose.

The battery vendors will have some commercial benefits, and no one else!

6) In the event of serious or otherwise security lapses, what is the recourse?

[roy_libran]

Quote:

Originally Posted by Miyata

3) How does the app know I am near a covid +ve person - I mean, I know it is bluetooth powered etc, but am I relying on the integrity of that covid +ve person to update the app that he/she is tested +ve? That would be setting myself up for disappointment!

4) What happens with doctors / nurses and other medical personnel - since many of them will be around multiple covid +ve people, will the app go haywire and bombard them with notifications and health warnings?

5) Contact tracing makes better sense only with large scale testing and faithful reporting of those covid +ve identified individuals. What steps are being taken to ensure such a compliance? Without this, we are just a bunch of people moving about with our phones "handshaking" and draining out the batteries and serving no useful purpose.

I don't even want to get into a debate about the Security and Privacy angle here, but for all advocates of the supposed Efficacy of Contact Tracing, particularly the way Aarogya Setu implements it, the above points are the problem with relying solely on contact tracing as a mitigation strategy. The only thing that will prove to be really effective in the longer run is cheaper, accurate testing and effective quarantining. We need to be channelling our efforts there and asking our government (sic) to do the same, rather than support their dubious efforts!

Thanks for putting these points out.

[theMandarin]

This guy Elliot Alderson '@fs0c131y', who claims to be an ethical hacker has released a preliminary report on some "loopholes" that he identified in the app:

• Outlining the security vulnerabilities
  
• India's Covid-19 Contract Tracing App Could Leak Patient Locations : The system's use of GPS data could let hackers pinpoint who reports a positive diagnosis. - WIRED

That's one guy with the only motivation being some recognition.

[phamilyman]

Quote:

Originally Posted by theMandarin

This guy Elliot Alderson '@fs0c131y', who claims to be an ethical hacker has released a preliminary report on some "loopholes" that he identified in the app:

• Outlining the security vulnerabilities
• India's Covid-19 Contract Tracing App Could Leak Patient Locations : The system's use of GPS data could let hackers pinpoint who reports a positive diagnosis. - WIRED

That's one guy with the only motivation being some recognition.

Its the same issue we argued over. What's new except the webview issue and the ability to bypass root detection and then call the API from a rooted device (which should be patched)? No two ways.

GOI in its wisdom thinks its useful to include location. He disagrees. Its his opinion. What's the new thing? He's better in his articulation but do we need to share his world view?

About privacy - forget whatsapp groups of concerned locals sharing who is ill and where - even the containment zones list gives you as much of an idea as the 500m in the app does. You could triangulate it a bit further - or you could ask the panwari frankly.

Sample the Delhi Govt containment zone list for starters -

That's probably 100m accuracy! In Mumbai specific societies have been contained. Same 100m radius!

This is India - we can't judge the app by european standards of privacy when we have other burning issues to solve. His stricter perspective on privacy doesn't solve the use case outlined in my previous post. So he's saying don't take location - limiting its utility. He doesn't care if this already inaccurate tool becomes worse because of his world view.

Do we save more lives or bow down to one super smart clever hacker but one whose world view does zilch for containing our pandemic?

[theMandarin]

Again, it's about intent & having a holistic view.

An effective AND 'safe' approach probably does not have to be mutually exclusive.

Quote:

Originally Posted by phamilyman

Its the same issue we argued over. What's new except the webview issue and the ability to bypass root detection and then call the API from a rooted device (which should be patched)? No two ways.

The privacy policy, in it's current version, deems it illegal to reverse engineer the app. This means this guy could have been behind bars by now if he was in India and these bugs could've remained un-patched.
Some may see it as discouraging constructive feedback.

Quote:

Originally Posted by phamilyman

GOI in its wisdom thinks its useful to include location. He disagrees. Its his opinion. What's the new thing? He's better in his articulation but do we need to share his world view?

We don't need to but why is it so hard to accept that maybe some do?

Quote:

Originally Posted by phamilyman

About privacy - forget whatsapp groups of concerned locals sharing who is ill and where - even the containment zones list gives you as much of an idea as the 500m in the app does. You could triangulate it a bit further - or you could ask the panwari frankly.

Lets go one step further.
I'm sure you must have received some list detailing who traveled back, where they live, which houses have been quarantined. I have read people terming this as unethical to say the least and maybe you agree too.

Why do you want to accept it as a new normal?

If it really is OK, i'm not sure why so much effort has gone into educating users to not be afraid of AIDS patients. We should just publish the list in the weekly city edition of the newspaper.

Quote:

Originally Posted by phamilyman

This is India - we can't judge the app by european standards of privacy when we have other burning issues to solve. His stricter perspective on privacy doesn't solve the use case outlined in my previous post. So he's saying don't take location - limiting its utility. He doesn't care if this already inaccurate tool becomes worse because of his world view.

I can imagine Trump saying that for a 'third world country' but it seems the thought that we don't deserve equal privileges is ingrained much too deep.

In reference to your example that was dependent on accurate location tracing, while it's difficult to assess the efficacy of different solutions without raw data, i agree that it is reasonable to assume that the more data you have, the more accurate your result will be.
What do you think is stopping anyone from coming up with a 'sunset clause' that might make the solution effective as well as safe with minimal effort?

I'm sure everyone will be willing to get with the program as long as the country needs them to.

Quote:

Originally Posted by phamilyman

Do we save more lives or bow down to one super smart clever hacker but one whose world view does zilch for containing our pandemic?

In my humble opinion, it doesn't have to be so black & white.

[JithinR]

Quote:

Originally Posted by theMandarin

This guy Elliot Alderson '@fs0c131y', who claims to be an ethical hacker has released a preliminary report on some "loopholes" that he identified in the app:

That's one guy with the only motivation being some recognition.

Hopefully, this guy never comes near India. Our current Central Government loves ethical hackers who support their narrative but looking at how for example the journalist who exposed the corruption in school meal programs in UP was charged he better stay far away.

He certainly isn't backing down though:

https://twitter.com/fs0c131y/status/...606066178?s=19

[phamilyman]

Quote:

Originally Posted by theMandarin

Some may see it as discouraging constructive feedback.

Disagree - AS folks took it well. They can't get into the weeds like we can but they are within their rights to politely say thank you regarding the privacy issue. They accepted his feedback silently for a previous bug and fixed it. Ditto NYT feedback. That's evidence for acting on feedback, no?

That said, I hope they get to work to fix the rooted device bypass hack AND update the API to obfuscate the location to prevent effective triangulation.

As for the TOS - yes that's a typical govt bureaucratic approach. Do I care - in a pandemic? Umm. No. Its GoI. Alas.

Quote:

Originally Posted by theMandarin

We don't need to but why is it so hard to accept that maybe some do?

I never said its so hard to accept that - he's entitled to his opinion and AS is entitled to politely say thank you after duly acknowledging the issue .

Location collection is obviously a central design principle.

Quote:

Originally Posted by theMandarin

Lets go one step further.
I'm sure you must have received some list detailing who traveled back, where they live, which houses have been quarantined.
I have read people terming this as unethical to say the least and maybe you agree too.
Why do you want to accept it as a new normal?

Nope.
I am not condoning the data being shared off whatsapp. I'm just pointing out the granularity of information the government (whether BJP or AAP) is sharing. Compared to that, AS simply indicates the number of positives in 500m radius. Slightly more private, actually.



let's reframe this - what I really support is letting people know how many people near them are COVID positive. It viscerally solves for normalcy bias. My fellow residents went ahead and did impromptu rain dance / hugged each other on Holi in society even though we canvassed public opinion to get the holi event cancelled. If we had a COVID +ve patient in 500m radius like we do now, people would've been careful. People would be more careful in supermarkets.

We are a country where even today senior health ministry bureaucrats don't wear masks, forget the morons buying liquor! People need to fear their mortality and behave better! Smash the normalcy bias.

Quote:

Originally Posted by theMandarin

If it really is OK, i'm not sure why so much effort has gone into educating users to not be afraid of AIDS patients. We should just publish the list in the weekly city edition of the newspaper.

This is beyond being facetious - but let's debunk this untenable argument. COVID courtesy its incubation period spreads far before it is discovered. Therefore maintaining location / contact history for 14 days is useful. If said individual wore their mask inadvertently wrong and touched surfaces that could infect me. Can an AIDS patient spread AIDS in exactly the same "mundane" way?

Quote:

Originally Posted by theMandarin

I can imagine Trump saying that for a 'third world country' but it seems the thought that we don't deserve equal privileges is ingrained much too deep.

Disagree on the extrapolation to Trump . Its a harsh statement but I think you and I are principally not that far apart. Haven't we all seen videos of even educated people behaving like idiots at liquor shops or govt officials not use masks for us to say, the system must be designed for the lowest common denominator (civic sense and app usage / smartphone availability) that's pretty low for us. Srinagar DM stating that last 2 days' Srinagar cases traced to "single illegal travel"!

Quote:

Originally Posted by theMandarin

In reference to your example that was dependent on accurate location tracing, while it's difficult to assess the efficacy of different solutions without raw data, i agree that it is reasonable to assume that the more data you have, the more accurate your result will be.

Agree perfectly here.

Quote:

Originally Posted by theMandarin

What do you think is stopping anyone from coming up with a 'sunset clause'
...snip...
I'm sure everyone will be willing to get with the program as long as the country needs them to.

On that i agree - a sunset clause is very logical and reasonable. Happy to join a change.org petition for the same!

Quote:

Originally Posted by roy_libran

I don't even want to get into a debate about the Security and Privacy angle here, but for all advocates of the supposed Efficacy of Contact Tracing, particularly the way Aarogya Setu implements it, the above points are the problem with relying solely on contact tracing as a mitigation strategy. The only thing that will prove to be really effective in the longer run is cheaper, accurate testing and effective quarantining. We need to be channelling our efforts there and asking our government (sic) to do the same, rather than support their dubious efforts!

Thanks for putting these points out.

a. You yourself say that the ideal approach is a Tracing + Testing + Isolate strategy and yet you wish to step back on stronger tracing citing that tracing alone doesnt work! Of course, no one said that! Let's agree to disagree on stronger vs weaker tracing for reasons I have addressed earlier.
b. "Dubious effort?" Sigh.
Exhibit 1: Chennai. https://www.newindianexpress.com/cit...d-2137235.html
44 labs in TN tested 1.1L samples and found 2.2k positive. That's a 2% positive rate. The tracing and testing is effective as proven by the huge proportion of asymptomatic cases (95%). That sounds like a pretty fine job. Please tell me how a weaker tracing approach could have helped or the specific issues in the testing / isolation methodology?
Exhibit 2: Forget states with effective bureaucracies - let's take Gurgaon. Our shattered roads are a monument to generations of kleptocrats that have ruled us.
7032 samples, 87 positive i.e 1.2% positive rate. Now even if you think the tests are fraud, let's see if people are falling sick? Sorry. Sales of medicines is flat. That's unequivocal proof that the statistics are true.

So to sum up, we have strong privacy insensitive protocols that require more location information than other countries, but the overall trace+test+isolate was working decent enough by Indian standards. What detail did I miss in my summary of these so called dubious efforts?

[roy_libran]

Quote:

Originally Posted by phamilyman

What detail did I miss in my summary of these so called dubious efforts?

Primarily this - How does Contact Tracing as a model work when millions of individuals do not regularly self-assess or assess themselves incorrectly, deliberately or not? How can you rely on this as any sort of mitigation approach?
Mind you the privacy and security implications remain constant irrespective of self assessment.

[am1m]

Leaving aside the privacy concerns, not because I don't think they are concerns, but because hey what can I really do about it. If the government decides to make this mandatory to step out I'm going to install it anyway, not much choice. But I'll wait till it becomes absolutely necessary.

But if the app relies on people self-reporting and relies on people carrying the phone that has the app on it all the time (not to mention having a smartphone that can support the app!), not really sure how effective it will be for the purpose it has been designed for. To be fair, I believe the government will address the technical issues as they come up, it will just take time and will not be as good a job as a world-class dedicated app development company might do, that is to be expected.

[Also, interesting to see people who are urging others to download the app as a sort of 'duty during this crisis' and also at the same time admitting that they have downloaded it on a 'backup' phone which they do not carry when going out! Like a spare phone, I guess it's good to have a spare set of standards if you misplace one. ]

[sanjayrozario]

Different school of thought: -

1) In lock down at home, how will one come in contact with a +ve person?
2) One has to keep his/her location & Bluetooth on. Not sure, why would one want the Govt. to know about one's whereabouts?
3) India does not have a data protection law in place. High probability of data misuse.
4) To know that one has come near a +ve person, that person ought to have been recognized by the app as a positive person in the first place. If that person is +ve & the Govt. knows about it, then shouldn't he/she be in quarantine?

[bharanidharang]

As of now, I am not confident on the quality of the app in respect to data security. Hence voted no. Might change my opinion based on future updates and better clarity.

[alexgv]

Quote:

Originally Posted by sanjayrozario

Different school of thought: -

1) In lock down at home, how will one come in contact with a +ve person?
2) One has to keep his/her location & Bluetooth on. Not sure, why would one want the Govt. to know about one's whereabouts?
3) India does not have a data protection law in place. High probability of data misuse.
4) To know that one has come near a +ve person, that person ought to have been recognized by the app as a positive person in the first place. If that person is +ve & the Govt. knows about it, then shouldn't he/she be in quarantine?

Regarding #4, the idea could be tracing back in time once a person is found to be positive to determine who he may been in close contact with. After being found +ve he/she better be in quarantine for the good of society.

Disclaimer:I dont have installed the app yet unless i plan to go to office.

[AnandB]

I installed the app last week and it showed approx 550 self-assesments done in my city and more than half said they have symptoms. Only 2 actual were postive were found till then (not necessarily of all 550). Don't trust people here to be genuine with their assessment and just want their testing done. Also with tracking and stuff uninstalled it immediately.

[phamilyman]

Friends,
This app is our best chance at staying safe and early detection - you can't bring dead people back.

Quote:

Originally Posted by bharanidharang

As of now, I am not confident on the quality of the app in respect to data security. Hence voted no. Might change my opinion based on future updates and better clarity.

Please share your specific actionable concerns on data security? Happy to take the effort to track down the dev team and relay your feedback.

Quote:

Originally Posted by sanjayrozario

Different school of thought: -

1) In lock down at home, how will one come in contact with a +ve person?

ONLY if you will go grocery shopping. The fastest growth vector in NCR is the main vegetable Azadpur mandi (dozen plus cases) from where Gurgaon (Khandsa) mandi has seen ten infections happen. Same in Chennai at Koyambedu. Do NOT be lulled into a false security sir.

Quote:

Originally Posted by sanjayrozario

2) One has to keep his/her location & Bluetooth on. Not sure, why would one want the Govt. to know about one's whereabouts?

Repasting from https://www.team-bhp.com/forum/shift...ml#post4799882 (The Aarogya Setu App : Yes or No?)

In a hypothetical world view informed by limited uptake (even Singapore is under 20% usage) / large feature phone base - Bluetooth pings indicate that I came near theMandarin and the location trace tells the government that the venue was barber shop Y. Then the government can ask the owner and staff of shop Y to undertake precautions as well, and use CCTV footage to identify Mr Z and Mr AA who happened to use the same seat right after me as well. More pings = more contacts found with lesser human intervention. Again - would you rather that govt creates lakhs of contact tracer jobs OR that money goes to the poor? Its OUR (rapidly dwindling) tax money my friend. What would you choose?

Quote:

Originally Posted by sanjayrozario

3) India does not have a data protection law in place. High probability of data misuse.

At 60000 feet, I agree with you. But while a pandemic is raging, I don't mind. Anyways there are dozens of security cameras that track my movements anyhow, or RFID boom barriers tracking my car's movement (even in my apartment). Facebook and 90% of the apps on your phone are already selling you out.

You can set location to "While using the app"
Maybe my life is unexciting but it will tell nothing more than me living with my wife, walking past my watchman, and buying at the 4 shops near me (which PayTM already knows).

Quote:

Originally Posted by sanjayrozario

4) To know that one has come near a +ve person, that person ought to have been recognized by the app as a positive person in the first place. If that person is +ve & the Govt. knows about it, then shouldn't he/she be in quarantine?

Correct - the app doesn't do proactive red flagging. What it does is help govt trace back super fast amidst exploding cases.

What would you prefer? No information, or that maybe you should self-isolate from your diabetic hypertensive mother because you were buying groceries at the exact same time when the guy ahead of you in the queue was later found covid positive.

Quote:

Originally Posted by alexgv

Regarding #4, the idea could be tracing back in time once a person is found to be positive to determine who he may been in close contact with. After being found +ve he/she better be in quarantine for the good of society.

Disclaimer:I dont have installed the app yet unless i plan to go to office.

Correct

Quote:

Originally Posted by AnandB

I installed the app last week and it showed approx 550 self-assesments done in my city and more than half said they have symptoms. Only 2 actual were postive were found till then (not necessarily of all 550). Don't trust people here to be genuine with their assessment and just want their testing done. Also with tracking and stuff uninstalled it immediately.

Please see above. Your data is on your phone till you self report sick. Upload is in your hands. Govt will still ping you if it found someone ill who had been near you. Isnt that what you'd want? An early warning?

[Bibendum90949]

I voted No.


Hacker ‘sees’ security flaws in Aarogya Setu


https://www.thehindu.com/news/nation...le31515292.ece

Quote:

Ethical hacker Robert Baptiste on May 6 alleged that security flaws in the government’s Aarogya Setu application enabled him to see that five people at the Prime Minister’s Office (PMO) and two people at the Indian Army headquarters were unwell.
Mr. Baptise, who goes by Elliot Alderson on Twitter, also claimed that there was “one infected person at the Indian Parliament and three at the Home office.”