Coronavirus: NHS Reveals Source Code Behind Contact-Tracing App (bbc.com) 93
The NHS has released the source code behind its coronavirus contact-tracing app. The BBC reports: The NHS Covid-19 app is designed to use people's smartphones to keep track of when they come close to each other and for how long, by sending wireless Bluetooth signals. More than 40,000 people have installed the smartphone software so far. NHSX, the health service's digital innovation unit, has opted for a centralized system to power the app, so the contact-matching process happens on a UK-based computer server rather than individuals' smartphones. And there has been a lot of speculation this decision would mean the app was doomed to work badly on iPhones.
Apple limits the extent to which third-party apps can use Bluetooth when they are off-screen and running in the background, although it has promised to relax this rule for contact-tracing apps that use a decentralised system it is co-developing with Google. But NHSX had said it had come up with its own solution. Pen Test Partners installed the app on a handful of "jailbroken" iPhones - altered to allow them to monitor activity normally hidden from users. [...] There will be further scrutiny of the app now the source code has been published to Github, allowing others to see how the workarounds were achieved.
Apple limits the extent to which third-party apps can use Bluetooth when they are off-screen and running in the background, although it has promised to relax this rule for contact-tracing apps that use a decentralised system it is co-developing with Google. But NHSX had said it had come up with its own solution. Pen Test Partners installed the app on a handful of "jailbroken" iPhones - altered to allow them to monitor activity normally hidden from users. [...] There will be further scrutiny of the app now the source code has been published to Github, allowing others to see how the workarounds were achieved.
Tracking (Score:5, Insightful)
Good Job guys, totally reassured us this is privacy-focused.
https://github.com/nhsx/COVID-... [github.com]
Re:Tracking (Score:5, Informative)
There are a lot of very serious issues coming up.
https://github.com/nhsx/COVID-... [github.com]
https://github.com/nhsx/COVID-... [github.com]
- "Secret" keys are generated by the central server
- Google Analytics tracks users
- Doesn't work on OnePlus or Samsung devices
- Uses HTTP, no encryption
- Doesn't work properly on Apple devices
Not a great start, certainly won't be installing it until it's been heavily revised and security audited.
Re:Tracking (Score:4, Interesting)
The whole thing is poorly thought out. There seem to be two competing goals here. The first is to allow those who might have been infected to take precautions to prevent the spread. The second seems to be the desire for researchers to be able to model how the infection is spreading through the community. The first of these can be done using the Apple/Google API. The second cannot.
I get why researchers would love to have real time data on virus propagation. It will certainly help immensely with calibrating models and understanding a lot of questions we have. But in trying to push for this they will undermine the effectiveness of the app in meeting the first requirement. In the end it will likely fail at both goals.
They should just make what they want to do clear and have two apps. If you want to partake in the modelling research (to help the NHS if you will), then you can install the second app. If you just want to stay safe you install the first (and this could be an apple/google service with little to do with the govt). One benefit of this is that if you feel the tracking app is being abused by govt, you can stop using it in protest. By rolling it all together many will feel the compulsion to keep using it, but unless they eventually put police on the streets to check you have your phone and app, the data will just get progressively worse as trust in the govt is lost (and it is already being lost).
Re: (Score:3)
This is why I worry about what will happen after brexit. Without the EU to protect us our data is going to get abused. They are just waiting to slurp it up and will use any excuse to do so.
cameras (Score:2)
Re: (Score:1)
Jesus, after watching the massive failure of governments on a global scale live for three months your solution is even more bigger government?
I suspect folks like you to be thoroughly discredited for a few generations after this. That's the best think to come out of it.
Re: (Score:1)
Jesus, after watching the massive failure of governments on a global scale live for three months your solution is even more bigger government?
I suspect folks like you to be thoroughly discredited for a few generations after this. That's the best think to come out of it.
So what's the alternative to government? Not all of the governments failed. Most of the "massive" failures happened in countries where the government was viewed with hostility or indifference by a significant portion of the population. In countries where the government was viewed simply as an extension or a representation of the collective desires of the population, the results were quite positive, e.g. New Zealand and some of the Nordic countries.
Exactly. The Apple/Google app preserved privacy (Score:2)
I wish I could mod you up.
Contact tracing can be done in a privacy-respecting way by using the clever system designed by Apple and Google. That would let you know if you've spent time around someone who later tested positive.
Because that system doesn't include location information, identifying specific locations would have to be done by asking people who tested positive about where they had gone that week.
As you said, those are two different things. The DHS app collects location data, so it doesn't preserve
Re: (Score:2)
There's an even greater issue (from the government's point of view): it only tracks people in the UK. Are they 100% sure that people can't go in and out of the UK right now? Not even a single person?
Re: (Score:2)
Tracking is important in the first case too. If someone is found to be infected, the tracking data will provide possible interactions with others, providing hints who is at risk and needs to be tested, also correlating multiple infections in an area may allow pinpointing their source (say, shopping at the same shop, someone in the crew is infected).
Re: (Score:2)
Tracking is important in the first case too. If someone is found to be infected, the tracking data will provide possible interactions with others, providing hints who is at risk and needs to be tested, also correlating multiple infections in an area may allow pinpointing their source (say, shopping at the same shop, someone in the crew is infected).
The first case addresses this better, at least for identifying possible interactions with other people using the app.
Normal, manual contact tracing can address the rest... and if people really want electronic help with that, they can just turn on the location history in their device. Then they'll have a full location history they can selectively share with contact tracers.
Re: (Score:2)
Much of what you mentioned are red herrings. For example, the secret key generated at the server is simply a poorly chosen name. It's an HMAC validation key that has to be shared between the client and server.
The real problem is that this app, if working perfectly, causes more harm than good. See here [schneier.com].
Re: (Score:2)
More specifically, they outsourced all their support to the lowest bidder in India, and then, when their customers called support, they may end up with "someone from TalkTalk" calling them regarding their issue, and the
Re: (Score:2)
If this app is doomed to fail... (Score:2)
Re: (Score:3)
Re: (Score:2)
They've lied too many times. Under no circumstances will I be installing or using anything like this and there are tens if not hundreds of millions more like me. So that makes the whole thing a waste. Eventually this will be used to justify forced quarantines for the people using it.
Contact tracing a virus that can be contagious in an asymptomatic patient for weeks is pointless.
Re: (Score:2)
Eventually this will be used to justify forced quarantines for the people using it.
It will be the people who don't use it who will be forced into isolation.
Contact tracing a virus that can be contagious in an asymptomatic patient for weeks is pointless.
That people are spreading it before they even know they are spreading it (or can see if other people are infectious) is entirely the point.
If everyone infected had blue spots, it would be trivial to self quarantine and to keep away from people with blue spots. Common sense...
Re: (Score:2, Informative)
You must not be an American. There are still enough of us left who care and value the 2A that if they did try to start locking people up because your phone told them to, or worse, because you refuse to install an app... well they'd only try it once or twice.
Re: (Score:2)
You must not be an American. There are still enough of us left who care and value the 2A that if they did try to start locking people up because your phone told them to, or worse, because you refuse to install an app... well they'd only try it once or twice.
By that stupid logic, you must not be American either because you literally just finished saying this.
Eventually this will be used to justify forced quarantines for the people using it.
When I corrected you.
Re: (Score:2)
What good is this idea if it's not mandated and what is it's purpose if not for forced quarantines?
Re: (Score:1)
What good is this idea if it's not mandated and what is it's purpose if not for forced quarantines?
Are you for real?
Or just a caricature of an ignorant Republican?
Re: (Score:2)
You didn't answer the question.
The only explanation they've suggested so far is that this "voluntary" app will allow people to be alerted if they were in proximity to an infected person. Wouldn't just telling people to assume everyone they come in contact with is infected and behave accordingly accomplish the same thing? Of course that isn't the ultimate purpose, that's just to get you used to it and afraid enough that you won't protest when they start locking people up. You won't even care. Until its yo
Re: (Score:2)
This should bring you up to speed [medium.com]
I also already answered you here. [slashdot.org]
Let me know if you need anything else.
Wouldn't just telling people to assume everyone they come in contact with is infected and behave accordingly accomplish the same thing?
Is this your actual plan?
Re: (Score:2)
Under no circumstances will I be installing or using anything like this and there are tens if not hundreds of millions more like me. So that makes the whole thing a waste.
It actually doesn't, as long as digital contact tracing isn't the whole story. It should be only a part of an overall strategy that relies primarily on manual contact tracing, i.e. sending people to talk to those who have tested positive, to ask them where they've been and who they've been in contact with, then following those leads.
The goal of all contact tracing, manual or digital, is to identify additional possibly-infected people so that those people can also be tested and, if positive, quarantined a
Re: (Score:2)
" i.e. sending people to talk to those who have tested positive, to ask them where they've been and who they've been in contact with, then following those leads. "
This virus is contagious in people for weeks before they show any symptoms. Contact tracing that is not physically possible. So someone who was in a Walmart two weeks ago gets sick... You then contact every single person in that Walmart, every person those people were in contact with and then every person they were in contact with.... How many
Re: (Score:2)
This virus is contagious in people for weeks before they show any symptoms.
Most people will show symptoms after around 5 days. [healthline.com]
So someone who was in a Walmart two weeks ago gets sick... You then contact every single person in that Walmart, every person those people were in contact with and then every person they were in contact with
You wouldn't bother contact tracing people from that long ago. Any infected people would probably be showing symptoms themselves by then anyway.
You would obviously prioritize. Trace the people who had the most contact, and also the most recent. It would depend very much on tracing capacity. The idea is
Re: (Score:2)
USA - don't make me laugh.
Well, you simply don't know. No need to laugh at yourself just because you don't know.
In the US it is done by the State, normally delegated to the County, and for example on the West Coast there are effective contact-tracing systems in place that are used to track a wide variety of diseases on a routine basis, with regional cooperation.
Re: (Score:2)
Well, you simply don't know. No need to laugh at yourself just because you don't know.
Well one of us doesn't know...
For it to work in the U.S., states and local communities will need ample testing and they'll need to expand their public health workforce. By a lot. An influential group of former government officials released a letter last week calling for a contact tracing workforce of 180,000 around the country. Other estimates of how many contact tracers are needed range from 100,000 to 300,000. [npr.org]
On April 27, health policy leaders — including former officials from the Obama and Tr [pbs.org]
Re: (Score:2)
This virus is contagious in people for weeks before they show any symptoms.
As CaffeinatedBacon pointed out, you're wrong about that.
But that's not the point. The point is that as soon as someone has symptoms and gets tested, you then identify all of their contacts and test them before they show symptoms, and then all of their contacts and test them even earlier. The whole purpose of contact tracing is to enable testing and quarantine of pre-symptomatic infectees. If just wait until everyone has symptoms, you don't need to do any contact tracing... just wait until people show
Re: (Score:2)
And why would anyone in their right mind believe that the version to be installed from the Playing About store is the same one for which one has the source code? Unless one is downloading the source and compiling it oneself, it is nothing more than a "believe me, I'm from the Government" claim.
Re: (Score:2)
Google requires location permission.
They promise they don't use it, but history teaches that if they ask for it, and they could monetize it, they do.
Therefore, asking for location permission is the same as tracking it. Promises have no weight. What if there is a bug? They can't promise not to have a bug, so they can't promise not to use it.
Re: (Score:2)
The NHS doesn't have access to people addresses? When the app shows Mr. Anonymous spends 20 hours a day during lockdown at a particular address then how anonymous is it?
Re: (Score:1)
As has been pointed out on the Github, the Apple version does not trace on a regular phone if the device is locked and Androids have various problems if the phone isn't rooted. There is no way of making this work without jailbreaking the phones because it does things the privacy settings won't allow you to do.
Re: (Score:2)
Every single surveillance tool ever given to governments has been abused against those governments own citizens. Every. Single. One.
But this time will be different despite this being the ultimate Holy Grail of all intelligence tools... They'll totally delete all the data they collect and will stop collecting once the virus is no longer a threat (which will be never).
Re: (Score:2)
Britons will not be able to ask NHS admins to delete their COVID-19 contact-tracking data from government servers, digital arm NHSX's chief exec Matthew Gould admitted to MPs this afternoon.
Gould: 'If data has been shared by choice with the NHS, then it can be retained for research in the public interest or by the NHS for planning and delivering services, obviously in line with the law and on the basis of the necessary approvals by law.'
Plus... asking the question 'when will the virus threat be eliminated?' is a lot like asking 'when will the terrorist threat be eliminated?' back in late 2001.
Re: (Score:2)
These apps are totally useless unless most, if not all people use it. They wouldn't even be floating the idea to acclimate people to it and framing an early variant of the "for the children" narrative unless they intend to mandate its use.
Apple version works in some cases. (Score:1)
As has been pointed out on the Github, the Apple version does not trace on a regular phone if the device is locked
If you read through the issues that is not entirely accurate, there are some cases where it works (though part of the flow seems to be that the iOS device is triggered by encountering an Android device using the app).
How it stays alive on IOS (Score:2)
This blog has a breakdown of the techniques the developers have used to keep the app alive on iOS. Ingenious, but I can't help thinking they should just use the apple/google api...
https://reincubate.com/blog/nh... [reincubate.com]
Re: How it stays alive on IOS (Score:2)
The Apple API doesn't include location data (GPS) or sharing your private keys with the government. The NHS does all of the above and keeps a detailed map of the phones' environment. It can literally be used to draw a map of the UK and put everyone on it, even phones that aren't using the app. It's literally scanning for any Bluetooth ID and all radiographic information (Rssi) and passing it to the government. If your phone doesn't randomize them, you are tracked.
The NHS data spies strike again. (Score:5, Informative)
Same organisation as sold data to Google having promised not to now plans to sell the data after the crisis [theregister.co.uk]. They claim the data is "anonymised" which is quite funny if it includes location data which will show you spend most of your time in a place that just happens to be your home. Or your mistresses.
Presumably it's the people with mistresses that we really need to have traced, so it seems a bit of an omission to be encouraging them to switch off their phones whenever they meet.
Re: (Score:1)
Re: (Score:2)
The information that covid-19 apps will collect has invaluable research potential, and it will be very difficult to gather again such an amount of information without an exceptional occurrence of the same magnitude as the covid-19 outbreak.
The cost and physical size of computation is tending towards zero.
20 years from now what do you think will be inside credit cards? Government IDs? Inside your junk mail?
The claim that this is a "once in a lifetime opportunity" is bullshit trying to make it happen sooner. The reason there is a rush for it is because the fir
It's not the source code that's the problem (Score:2)
It's the root signing authority being GCHQ that is rather less than convincing.
Re: (Score:2)
That includes the 'privacy and security design' [ncsc.gov.uk] of the app, or lack thereof.
Australia as well... (Score:2)
The Australian government has released the source code to their tracking app as well (iOS and Android versions) via https://covidsafe.gov.au/app-c... [covidsafe.gov.au]
Although it seems that unlike the NHS the code isn't actually "open source" by even the most liberal definition of the term (the NHS code is MIT licensed, the Australian code has terms attached to even looking at the code and you can forget about changing it from what I can see)
Re: (Score:2)
Well no. The Australian government has released some code THAT THEY WANT YOU TO BELIEVE is the source code for their app. Unless you compile the code yourself there can be no assurance that this is so.
Re: (Score:3)
Or you can decompile the apk and compare it to the published code. One developer peeked at the code [twitter.com] back in April and found that it was surprisingly kosher and did exactly what the government claimed. I know that you should always be suspicious of government surveillance, but is it worth risking your (and others') life to prevent them from knowing where you are? What exactly is the downside that you imagine will happen? Whatever it is, it can be fixed by simply uninstalling the app once the pandemic is over
Re: (Score:2)
I know that you should always be suspicious of government surveillance, but is it worth risking your (and others') life to prevent them from knowing where you are? I know that you should always be suspicious of government surveillance, but is it worth risking your (and others') life to prevent them from knowing where you are?
That's the classic privacy -vs- liberty question that we discuss here on Slashdot ad-nauseum. Not sure how much Australians trust their government, but always be aware that the data probably goes through cloud providers in other countries too. So the chain of trust often includes more people that you might realize.
Whatever it is, it can be fixed by simply uninstalling the app once the pandemic is over.
Not necessarily. Suppose it recorded conversations or captured private messages or emails, then once that data is out there then uninstalling the app wouldn't clear it out. And what if the pan
Re: (Score:2)
That's the classic privacy -vs- liberty question that we discuss here on Slashdot ad-nauseum.
The difference this time is that we are in the middle of a pandemic. This is not a usual situation. The more people who get the app, the quicker we can get out of the lockdown.
uppose it recorded conversations or captured private messages or emails, then once that data is out there then uninstalling the app wouldn't clear it out.
But I would have to give permission to access the microphone or read the emails. The OS is pretty secure for things like that. Besides, the government would shoot themselves in the foot if they did this, because when (not if) it came out they would lose the ability to stop the Coronavirus and thus get the economy going again. They wan
Re: (Score:2)
The difference this time is that we are in the middle of a pandemic
Then you are not aware of the discussion I refer to. The assumption that starts that discussion is always that this particular time it is okay to trade liberty for security, because of terrorism, pandemic, war, child molesters, drugs, etc. That's always the excuse. This time is not different: it is exactly the same. The reasons for liberty are not suspended, not should our skepticism of government control be ignored, merely because of the latest crisis. I'm not saying it isn't a crisis, merely that we
Re: (Score:2)
I think I’d rather a tracing app that isn’t “open source” (though does have source provided) and be in a country with 93 COVID-19 deaths...
Than be in a country with 30,000+ COVID-19 deaths and have an open source tracing app.
One seems a little more important than the other.
It is likely that the reason the Australian app is not open source is that it was developed from Singapore’s tracing app, and that may have caused limits on the licensing of the code.
As an aside, Currently th
Re: Australia as well... (Score:2)
Nah, I still don't want to live in Australia. My wife is from there and I spend a lot of time visiting. 6 months living in her house in the SE suburbs of Melbourne (no, not Narre Warren or Frankston) were the most isolated months I've ever experienced.
Re: (Score:2)
the UK is way more laid back when it comes to rules and enforcement, at least where I live. Whatever the number of deaths from Covid-19 in the UK, it's a tiny percentage of the population, and when viewed as in the context of the number of people who normally die at this time of year, not so dramatic.
In the UK it's 460 per million. [worldometers.info] In Australia it's 4. Maybe the laid back attitude is part of the reason 100x as many people are dying in the UK? And why Australia is opening back up and the UK isn't.
Alright, What Am I Missing? (Score:1)
How are you going to track this thing? With the possibility of picking it up on a surface, or walking through infected droplets in the air from people 2 aisles over in a grocery store, etc, how do you track that? Its not like a public health tracking of sex partners for sexually transmitted diseases, you instead may not even know the person that you get it from.
A tracking program seems futile.
Re: (Score:2)
Even if all that wasn't the case, you're never going to get a useful percentage of people to use those apps in the first place.
There are people who don't have smart or mobile phones, people who don't bother with apps, people with older unsupported OSs, people who have bluetooth or internet access disabled, people who don't want to be tracked, people who don't carry their phones with them all the time, people who run into technical issues, etc.
Are the contact criteria even reasonably reliable to indicate a v
Re: (Score:2)
There are people who don't have smart or mobile phones, people who don't bother with apps, people with older unsupported OSs, people who have bluetooth or internet access disabled, people who don't want to be tracked, people who don't carry their phones with them all the time, people who run into technical issues, etc.
There are going to be people who don't wear a mask. So nobody should wear a mask?
There are people who don't cover their mouth when they cough. So nobody should?
There are people who don't wash their hands. So nobody should?
There are people who don't social distance at all. So nobody should?
Just because you can't get 100% compliance, doesn't mean you settle for zero.
Are the contact criteria even reasonably reliable to indicate a virus transmissions? Have any of the pilot programs tracked actual transmissions?
It works in South Korea.
A tracking program seems futile.
Indeed.
Again, it works in South Korea.
Some people would rather just wait at home until one day, like a miracle, it disappea
Re: (Score:2)
The lesson in all this is that contrary to a popular political ideology no, the government can not baby sit everyone. Protect yourself, the gov't has already demonstrated their incompetence. Wishing for even more government as the solution is what a child would do.
Re: (Score:2)
Protect yourself, the gov't has already demonstrated their incompetence.
Yes. Trump failed everybody, couldn't agree more.
Wishing for even more government as the solution is what a child would do.
Um, the government already has everyone locked down. If some people willingly install some app and it lets us open up and get back to work faster, how is that more government and not less? You'd prefer to stay locked down until one day, like a miracle, it disappears?
Re: (Score:2)
And there it is. Trump's fault!!!
I'm in one of the hardest hit areas on the planet. We aren't locked down.
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
But that isn't the same as saying the app won't help. In South Korea with widespread availability of testing, if the app says you were near an infected person you could go and get a free/cheap test.
That's not the case in the US. But we need to be thinking of heading in that direction if we plan on opening up again any time soon. Isn't that the goal?
Possible vs likely (slow-motion cough) (Score:2)
This video shows a cough in slow motion:
https://youtu.be/8-xzDoHYTyE [youtu.be]
Notice the droplets begin falling toward the ground within 3 feet.
In terms of contact tracing, it might be theoretically possible to catch it from the 0.01% of droplets that travel much further. Obviously the 99.99% of droplets are a much bigger risk, the vast majority which fall within a few feet. We don't know yet how much of the virus is required to start an infection, so the tiny percentage that travels far might well not be enough ev
Re: (Score:2)
How are you going to track this thing? With the possibility of picking it up on a surface, or walking through infected droplets in the air from people 2 aisles over in a grocery store, etc, how do you track that? Its not like a public health tracking of sex partners for sexually transmitted diseases, you instead may not even know the person that you get it from.
A tracking program seems futile.
They can use it to see where you were and what other people were there also.
So when you find out you had covid and for the last 2 days were spreading it around without even knowing. Because you presumably have too much freedom, to consider wearing a mask. Now the contact tracers know who else might be contagious and also spreading it about.
Since testing isn't up to it at the moment, only your very close contacts can be tested. But later if/when there are not as many infected people wandering about. Those
Re: (Score:2)
Can you please stop playing with Daddy's computer until you are able to compose complete sentences.
Re: (Score:2)
So what do you do to all the people your app's server says has been exposed?
Go ahead and say it: Forced Quarantine. Those people will be forcibly imprisoned at gunpoint. Otherwise what is the point? So people can just be aware that they were near someone infected? How about we all just assume that anyway and save all the trouble?
The same folks who called me a liar three months ago when I posted on Slashdot that China was forcibly locking people in their homes are now wanting to do the same in free coun
Re: (Score:2)
So what do you do to all the people your app's server says has been exposed? Go ahead and say it: Forced Quarantine. Those people will be forcibly imprisoned at gunpoint. Otherwise what is the point? So people can just be aware that they were near someone infected? How about we all just assume that anyway and save all the trouble?
Uh yes? What do you do if one of your sex partners informs you they've been diagnosed with an STD? Do you
a) Go on a flag waving, gun toting rant about how this is an attempt to stifle your constitutional right to fuck around.
b) Carry on as before because you already assume you have herpes, gonorrhea, syphilis and HIV. Make sure to double bag.
c) Get yourself tested and temporarily avoid sexual contact with all/new partners to stop the spread of a dangerous infection
I care about my sick and/or elderly relativ
Re: (Score:2)
STD is the wrong example. Contact tracing works with STD's because transmission is limited and the number of people involved is low. That does not translate to a virus that is contagious for weeks before showing any symptoms. EVERYONE is going to be exposed to it eventually.
Re: (Score:1)
EVERYONE is going to be exposed to it eventually.
That's a pretty stupid reason to expose everyone to it at the same time though...
Re: (Score:2)
Without contact-tracing and forced quarantines then everyone will be exposed to the virus at the same time?
I don't think you really believe that. I think you just make shit up when you're losing a debate.
Re: (Score:1)
Contact tracing and testing is how you slow the spread. Didn't you say you didn't want that?
Did you wan't to send everyone out again all at once? Or did you want to keep everyone locked up? Maybe you came up with another plan?
It's your scenario, you tell me how it works. Currently there is not enough contact tracing or testing, how will you decide who to let out? Random? All? None?
You also mentioned...
a virus that is contagious for weeks before showing any symptoms.
Most people aren't contagious for weeks without symptoms either. Though that would be a good reason to d
Re: (Score:2)
So what do you do to all the people your app's server says has been exposed?
That depends. Are we talking about a country that has the outbreak under control? Or is this America?
Go ahead and say it: Forced Quarantine. Those people will be forcibly imprisoned at gunpoint.
What is this hypothetical country's testing capacity? Are the people sensible? Is the testing free?
Best case you inform the people they may be infected, and those people self isolate and get a free easy test. Positive results go into quarantine, negative go about their lives.
America, well in that case. There isn't enough testing capacity anyway. Plus there aren't enough contact tracers either. You'd have t
Centralised? (Score:2)
The only part that is actually centralised is the key map, this is actually technologically exactly the same as the web of trust in conventional.
Frankly I'd rather my data was only on the NHS database than on the Apple/Google/Amazon cloud of some third party App creator.
Can you compile and install it yourself? No? (Score:2)
Bluetooth implementation doesn't need to track... (Score:2)
Hoped that "they" would have implemented it this way but it seems they may not have.
An algorithm that would greatly improve, if not outright eliminate privacy concerns all the while being very low load on the server / bandwidth might be:
"The App" on "Your Phone" using Bluetooth low power, signal strength for distance filtering for 2m / 6' or less.
Unique serial number generated on "The Server" and registered to "The App" on "Your Phone".
"The App" constantly registers connects & disconnects with "Other Us