[HN Gopher] Private Kit: Can we slow the spread without giving u... ___________________________________________________________________ Private Kit: Can we slow the spread without giving up individual privacy? Author : rchaudhary Score : 66 points Date : 2020-03-23 17:33 UTC (5 hours ago) (HTM) web link (safepaths.mit.edu) (TXT) w3m dump (safepaths.mit.edu) | awinter-py wrote: | if this is just logging location, how does it do contact tracing? | don't you need _everyone 's_ location, or the 'nearby' data like | gov.sg's 'trace together'? | simmanian wrote: | I had been a staunch advocate of not sharing any personal | information wherever possible, but recently I've been thinking | whether I've approached the whole privacy issue from a wrong | angle. | | Maybe there isn't anything wrong with sharing our data and | information for the public good. After all, we almost view it | self-evident that transparency is good for communities at large. | The real issue is that most of the parties who come after our | data are only interested in exploiting us to make more money. | | Given this thought, I believe I would be inclined to share my | data with orgs that I know are trying to do public good in a | verifiable and transparent way. | 1996 wrote: | Individual privacy is where I draw a line in the sand. | | I'm ready to do many things, but that does not include allowing | geotracking, geofencing or any other restriction on the freedom | of movement and freedom of assembly. | | The government can shut businesses, shut public parks and | beaches, but what we do in our homes, clubs and other private | properties is off limits. | TeMPOraL wrote: | > _any other restriction on the freedom of movement and freedom | of assembly_ | | People abusing these freedoms in spite of lockdowns are what's | going to kill hundreds of thousands of people in the coming | days. | isoprophlex wrote: | I agree completely. I found this FT article by Harari a very | lucid and accessible essay on how we should handle the crisis. | | https://www.ft.com/content/19d90308-6858-11ea-a3c9-1fe6fedcc... | | How we decide to strike a balance between privacy and safety | today will determine the shape of our world in the coming | decades. | aplummer wrote: | > any other restriction on the freedom of movement and freedom | of assembly. | | > clubs and other private properties is off limits. | | To give you the benefit of the doubt, you don't mean that you | refuse to have temporarily restricted movement during a | pandemic? | ndiscussion wrote: | I believe that is what they refuse. I refuse it. | aplummer wrote: | Wow. | | It's so selfish to sacrifice other people's lives for your | own delusional paranoia. | jlokier wrote: | It's worse than delusional paranoia. | | Because it's not necessarily delusional, or paranoid. | | Give them the benefit of the doubt: Assume they are | competent, healthy adults, who really believe in what | they say. | | With that assumed, it's someone choosing to sacrifice | other people's lives for their political values. | | Personally I think that situation crosses the "your right | to swing your fist ends at my nose" line. | | We should certainly build systems that protect privacy if | we can, to the extent we can. I'm very pro privacy, not | against privacy at all. | | But to the extent values conflict in a material | situation, such as privacy versus not harming other | people in a deadly way as the current crisis, we have to | choose priorities, and then be smart and subtle about | retaining as much of our overall values as we still can | given the priorities. | gojomo wrote: | Separate from the "current crisis" and retrospective contact- | tracing: | | Are there any existing apps that keep a high-resolution trail of | where you've been, _without_ ever uploading it to the cloud? (Or, | only uploading it to a location you choose, encrypted to a key | you hold?) | | Something like Google "Location History", but without Google or | any other intermediary data-silos who could be compromised to | reveal my data against my wishes. | bravoetch wrote: | Opentracks is an Android app that you could do this with. | zackb wrote: | A friend of mine is working on this privacy oriented data | collection app: https://www.coepi.org | LordOfWolves wrote: | Sadly, I do not see Private Kit reaching anywhere close to the | critical mass required for it to be fully effective, unless all | Americans are required to use it per a new federal mandate, which | I cannot see becoming a reality given the incompetency clearly | exhibited by one or more of our "leaders" over the past several | days (if not much longer).. | saagarjha wrote: | Summary: | https://drive.google.com/file/d/1UGY07m8GNrUaj9bGRx07vDMccxT... | | Paper: https://arxiv.org/pdf/2003.08567.pdf | | It seems like the way this preserves privacy is that you only | upload your location information once you're tested positive, | where it is "redacted" (I have very little faith in this) and | then sent to everyone else so they can check to see if they were | in contact with you. It's better than mass surveillance, sure, | but I'm not sure if you can claim that this doesn't give up | individual privacy. | [deleted] | RegnisGnaw wrote: | Mandatory or optional? Will the government force me to upload | if I am positive? Or can I choose not to? | plafl wrote: | What do you think is the ethical option? If you are positive | shouldn't the people in contact with you know it? I'm | genuinely asking, it's not a rethorical question. I think | they should know they have been exposed to the virus at | least, not necessarily knowing it was you. You already have | lost some rights of movement and assembly. Losing some | privacy may help you regain them sooner. | saagarjha wrote: | Optional, presumably. Nobody is forcing you to install the | app if it was mandatory anyways (and how would the app know | you were positive?), so it makes little difference. | ecoqba11 wrote: | That MIT site is not forcing HTTPS and the link above is using | HTTP. Talking about security... | RegnisGnaw wrote: | If sharing your location is optional, then there will be people | who opt out. Depending on how many people opt out, the data may | be useless. | awinter-py wrote: | I'm not an epidemiologist, but partial contact tracing is | probably better than none | | especially if the goal is to slow not stop | hutzlibu wrote: | "the goal is to slow not stop" | | The goal is for it to stop. But anything that slows it down, | is good. | Dumblydorr wrote: | Yes, By staying home, washing our hands, and not going out onto | beaches and partying. Anyone found breaking the rules should be | charged with biological assault. | perl4ever wrote: | It's being taken for granted that nearly everybody (Cuomo just | said 80%) is going to get it, so it doesn't make sense to get | angry at someone for increasing your risk of catching it. The | efforts to slow the spread are about giving the healthcare | system time to cope. So, yes, people are being antisocial if | they don't follow the rules but it's not sane to treat it like | you're personally being assaulted. This isn't ebola or HIV. | TeMPOraL wrote: | > _The efforts to slow the spread are about giving the | healthcare system time to cope. So, yes, people are being | antisocial if they don 't follow the rules but it's not sane | to treat it like you're personally being assaulted. This | isn't ebola or HIV._ | | No. It should be treated as attempted mass murder. Because | this is what it boils down to: one idiot causing a bunch of | deaths downstream, plus some more by contributing to | overloading healthcare. | gjs278 wrote: | a stupid idea that will never happen and completely ungrounded | in reality? ah yes, the HN comments here we are. tell us more | about "biological assault" when someone is proven to have the | antibodies and not contagious. | turdnagel wrote: | The only actors in the position to help here are the carriers and | platform owners. Perhaps a joint venture between Apple and Google | to hold each other accountable? I don't trust the carriers to get | this right. | xenonite wrote: | Considering that aerosols are a plausible infection vector, it | becomes necessary to introduce air flow models that include | building ventilations for a reliable outcome of location based | monitoring. Honestly, I consider this a major, and quite risky | undertaking. Already a retrospective analysis will turn out quite | incomplete. | | As a side note while being quarantined at home: please consider | closing building ventilations, talk to your neighbor to | coordinate asynchronous window opening procedures, and ensure | closed sewage systems. | | Why do I come to these conclusions? | | 1. It is plausible that SARS-CoV-2 behaves like SARS-CoV-1 in | aerosol transmission. https://dx.doi.org/10.1056/NEJMc2004973 | | 2. It took quite an effort to find out how SARS-CoV-1 spreaded | from one single flat to others and to nearby buildings that were | located in the direction of wind. Indeed, it is assumed that | sewage ventilation played a role here. | https://dx.doi.org/10.1056/NEJMoa032867 | __s wrote: | How should one know which regions have health officials using | this? Asking as a Canadian | sbohacek wrote: | Instead of using GPS, consider using the WiFi base stations. | Specifically, each location can be characterized by the set of | WiFi base stations a phone can detect. GPS is useful while | outdoors, but virus transmission is somewhat difficult outdoors. | Indoors, a conference room on the third floor and the 40th floor | will have the same GPS coordinates, but a phone in each location | will detect a different set of WIFI based stations. This paper | shows how WiFi base stations can be used | https://arxiv.org/pdf/1610.04730.pdf. | | I might not understand methods to achieve privacy, but here are | some thoughts. 1. The data could be stored more safely with | something like Intel SGX, where only the application can access | the data. In this scenario, the carrier (or healthcare worker), | uploads the carrier's path into SGX-based database. Then, | individual users that are concerned about their risk could use | the app to upload their location paths into the SGX-based system | and learn if they are at risk as a simple yes/no. (I have never | built an SGX application, so I might be mistaken on its | abilities.) 2. I don't think this is possible: "The solution is a | 'pull' model where users can download encrypted location | information about carriers" If the application is on my device, I | can decompile it and get the decryption key or use other methods | to dump the carriers' location data to disk. 3. It seems that the | user's data is also stored on the device. This data is then at | risk of being stolen by malicious applications. Instead, the | location data can be encrypted with a public key that can only be | decrypted on the SGX-protected servers. | jameslevy wrote: | Are tools such as homomorphic encryption, differential privacy, | etc. applicable here? There should be a way for users to control | their location data, and opt-in to sharing it at times like this, | and then opt-out later. | shuckles wrote: | Homomorphic encryption is not computationally practical and | differential privacy relies on noise which is not ideal when | (i) errors compound as is the case of contact tracing where | each new node introduces many candidates for exposure and (ii) | there is a high cost of false positives or negatives. | prophesi wrote: | For those curious by the claim that homomorphic encryption is | not computationally practical, Bruce Shneier has a great | article on it | | https://www.schneier.com/blog/archives/2009/07/homomorphic_e. | .. | jameslevy wrote: | Perhaps this is a use case for a secure enclave, where | location data is stored, a biometric authenticated | authorization can be used for releasing it, and there is | provably no backdoor for this feature to be used without the | user's approval. I hope to see companies like AAPL address | this in a way that solves for these types of situations | without introducing draconian oversight capabilities. | riedel wrote: | Because my guess is that location will give you too may false | positives if ppl realy use that system. I wonder if it would | not be better to do sth like emitting colocation ble beacons | with totp sequence and a random secret. If some is tested | positive you release the secret or a even only a list of the | emitted beacons in the relevant timeframe. Everyone can then | check against the list they recorded. Does that make sense? | cjbprime wrote: | Singapore's doing contact tracing without any location data, and | with contact between devices encrypted until needed for a contact | disclosure. Seems like a better approach to me: | | https://www.mobihealthnews.com/news/asia-pacific/singapore-g... | mderazon wrote: | Israel's ministry of health has released a similar app [1] (open | source [2]). Location is stored locally, and cross checked with | confirmed covid-19 patients location history. You get a | notification if you were close to a patient | | (1) https://medium.com/@oleiba/hamagen-fight-coronavirus-and- | pre... | | (2) https://github.com/MohGovIL/hamagen-react-native ___________________________________________________________________ (page generated 2020-03-23 23:00 UTC)