[HN Gopher] Private Kit: Can we slow the spread without giving u...
___________________________________________________________________
Private Kit: Can we slow the spread without giving up individual
privacy?
Author : rchaudhary
Score : 66 points
Date : 2020-03-23 17:33 UTC (5 hours ago)
(HTM) web link (safepaths.mit.edu)
(TXT) w3m dump (safepaths.mit.edu)
| awinter-py wrote:
| if this is just logging location, how does it do contact tracing?
| don't you need _everyone 's_ location, or the 'nearby' data like
| gov.sg's 'trace together'?
| simmanian wrote:
| I had been a staunch advocate of not sharing any personal
| information wherever possible, but recently I've been thinking
| whether I've approached the whole privacy issue from a wrong
| angle.
|
| Maybe there isn't anything wrong with sharing our data and
| information for the public good. After all, we almost view it
| self-evident that transparency is good for communities at large.
| The real issue is that most of the parties who come after our
| data are only interested in exploiting us to make more money.
|
| Given this thought, I believe I would be inclined to share my
| data with orgs that I know are trying to do public good in a
| verifiable and transparent way.
| 1996 wrote:
| Individual privacy is where I draw a line in the sand.
|
| I'm ready to do many things, but that does not include allowing
| geotracking, geofencing or any other restriction on the freedom
| of movement and freedom of assembly.
|
| The government can shut businesses, shut public parks and
| beaches, but what we do in our homes, clubs and other private
| properties is off limits.
| TeMPOraL wrote:
| > _any other restriction on the freedom of movement and freedom
| of assembly_
|
| People abusing these freedoms in spite of lockdowns are what's
| going to kill hundreds of thousands of people in the coming
| days.
| isoprophlex wrote:
| I agree completely. I found this FT article by Harari a very
| lucid and accessible essay on how we should handle the crisis.
|
| https://www.ft.com/content/19d90308-6858-11ea-a3c9-1fe6fedcc...
|
| How we decide to strike a balance between privacy and safety
| today will determine the shape of our world in the coming
| decades.
| aplummer wrote:
| > any other restriction on the freedom of movement and freedom
| of assembly.
|
| > clubs and other private properties is off limits.
|
| To give you the benefit of the doubt, you don't mean that you
| refuse to have temporarily restricted movement during a
| pandemic?
| ndiscussion wrote:
| I believe that is what they refuse. I refuse it.
| aplummer wrote:
| Wow.
|
| It's so selfish to sacrifice other people's lives for your
| own delusional paranoia.
| jlokier wrote:
| It's worse than delusional paranoia.
|
| Because it's not necessarily delusional, or paranoid.
|
| Give them the benefit of the doubt: Assume they are
| competent, healthy adults, who really believe in what
| they say.
|
| With that assumed, it's someone choosing to sacrifice
| other people's lives for their political values.
|
| Personally I think that situation crosses the "your right
| to swing your fist ends at my nose" line.
|
| We should certainly build systems that protect privacy if
| we can, to the extent we can. I'm very pro privacy, not
| against privacy at all.
|
| But to the extent values conflict in a material
| situation, such as privacy versus not harming other
| people in a deadly way as the current crisis, we have to
| choose priorities, and then be smart and subtle about
| retaining as much of our overall values as we still can
| given the priorities.
| gojomo wrote:
| Separate from the "current crisis" and retrospective contact-
| tracing:
|
| Are there any existing apps that keep a high-resolution trail of
| where you've been, _without_ ever uploading it to the cloud? (Or,
| only uploading it to a location you choose, encrypted to a key
| you hold?)
|
| Something like Google "Location History", but without Google or
| any other intermediary data-silos who could be compromised to
| reveal my data against my wishes.
| bravoetch wrote:
| Opentracks is an Android app that you could do this with.
| zackb wrote:
| A friend of mine is working on this privacy oriented data
| collection app: https://www.coepi.org
| LordOfWolves wrote:
| Sadly, I do not see Private Kit reaching anywhere close to the
| critical mass required for it to be fully effective, unless all
| Americans are required to use it per a new federal mandate, which
| I cannot see becoming a reality given the incompetency clearly
| exhibited by one or more of our "leaders" over the past several
| days (if not much longer)..
| saagarjha wrote:
| Summary:
| https://drive.google.com/file/d/1UGY07m8GNrUaj9bGRx07vDMccxT...
|
| Paper: https://arxiv.org/pdf/2003.08567.pdf
|
| It seems like the way this preserves privacy is that you only
| upload your location information once you're tested positive,
| where it is "redacted" (I have very little faith in this) and
| then sent to everyone else so they can check to see if they were
| in contact with you. It's better than mass surveillance, sure,
| but I'm not sure if you can claim that this doesn't give up
| individual privacy.
| [deleted]
| RegnisGnaw wrote:
| Mandatory or optional? Will the government force me to upload
| if I am positive? Or can I choose not to?
| plafl wrote:
| What do you think is the ethical option? If you are positive
| shouldn't the people in contact with you know it? I'm
| genuinely asking, it's not a rethorical question. I think
| they should know they have been exposed to the virus at
| least, not necessarily knowing it was you. You already have
| lost some rights of movement and assembly. Losing some
| privacy may help you regain them sooner.
| saagarjha wrote:
| Optional, presumably. Nobody is forcing you to install the
| app if it was mandatory anyways (and how would the app know
| you were positive?), so it makes little difference.
| ecoqba11 wrote:
| That MIT site is not forcing HTTPS and the link above is using
| HTTP. Talking about security...
| RegnisGnaw wrote:
| If sharing your location is optional, then there will be people
| who opt out. Depending on how many people opt out, the data may
| be useless.
| awinter-py wrote:
| I'm not an epidemiologist, but partial contact tracing is
| probably better than none
|
| especially if the goal is to slow not stop
| hutzlibu wrote:
| "the goal is to slow not stop"
|
| The goal is for it to stop. But anything that slows it down,
| is good.
| Dumblydorr wrote:
| Yes, By staying home, washing our hands, and not going out onto
| beaches and partying. Anyone found breaking the rules should be
| charged with biological assault.
| perl4ever wrote:
| It's being taken for granted that nearly everybody (Cuomo just
| said 80%) is going to get it, so it doesn't make sense to get
| angry at someone for increasing your risk of catching it. The
| efforts to slow the spread are about giving the healthcare
| system time to cope. So, yes, people are being antisocial if
| they don't follow the rules but it's not sane to treat it like
| you're personally being assaulted. This isn't ebola or HIV.
| TeMPOraL wrote:
| > _The efforts to slow the spread are about giving the
| healthcare system time to cope. So, yes, people are being
| antisocial if they don 't follow the rules but it's not sane
| to treat it like you're personally being assaulted. This
| isn't ebola or HIV._
|
| No. It should be treated as attempted mass murder. Because
| this is what it boils down to: one idiot causing a bunch of
| deaths downstream, plus some more by contributing to
| overloading healthcare.
| gjs278 wrote:
| a stupid idea that will never happen and completely ungrounded
| in reality? ah yes, the HN comments here we are. tell us more
| about "biological assault" when someone is proven to have the
| antibodies and not contagious.
| turdnagel wrote:
| The only actors in the position to help here are the carriers and
| platform owners. Perhaps a joint venture between Apple and Google
| to hold each other accountable? I don't trust the carriers to get
| this right.
| xenonite wrote:
| Considering that aerosols are a plausible infection vector, it
| becomes necessary to introduce air flow models that include
| building ventilations for a reliable outcome of location based
| monitoring. Honestly, I consider this a major, and quite risky
| undertaking. Already a retrospective analysis will turn out quite
| incomplete.
|
| As a side note while being quarantined at home: please consider
| closing building ventilations, talk to your neighbor to
| coordinate asynchronous window opening procedures, and ensure
| closed sewage systems.
|
| Why do I come to these conclusions?
|
| 1. It is plausible that SARS-CoV-2 behaves like SARS-CoV-1 in
| aerosol transmission. https://dx.doi.org/10.1056/NEJMc2004973
|
| 2. It took quite an effort to find out how SARS-CoV-1 spreaded
| from one single flat to others and to nearby buildings that were
| located in the direction of wind. Indeed, it is assumed that
| sewage ventilation played a role here.
| https://dx.doi.org/10.1056/NEJMoa032867
| __s wrote:
| How should one know which regions have health officials using
| this? Asking as a Canadian
| sbohacek wrote:
| Instead of using GPS, consider using the WiFi base stations.
| Specifically, each location can be characterized by the set of
| WiFi base stations a phone can detect. GPS is useful while
| outdoors, but virus transmission is somewhat difficult outdoors.
| Indoors, a conference room on the third floor and the 40th floor
| will have the same GPS coordinates, but a phone in each location
| will detect a different set of WIFI based stations. This paper
| shows how WiFi base stations can be used
| https://arxiv.org/pdf/1610.04730.pdf.
|
| I might not understand methods to achieve privacy, but here are
| some thoughts. 1. The data could be stored more safely with
| something like Intel SGX, where only the application can access
| the data. In this scenario, the carrier (or healthcare worker),
| uploads the carrier's path into SGX-based database. Then,
| individual users that are concerned about their risk could use
| the app to upload their location paths into the SGX-based system
| and learn if they are at risk as a simple yes/no. (I have never
| built an SGX application, so I might be mistaken on its
| abilities.) 2. I don't think this is possible: "The solution is a
| 'pull' model where users can download encrypted location
| information about carriers" If the application is on my device, I
| can decompile it and get the decryption key or use other methods
| to dump the carriers' location data to disk. 3. It seems that the
| user's data is also stored on the device. This data is then at
| risk of being stolen by malicious applications. Instead, the
| location data can be encrypted with a public key that can only be
| decrypted on the SGX-protected servers.
| jameslevy wrote:
| Are tools such as homomorphic encryption, differential privacy,
| etc. applicable here? There should be a way for users to control
| their location data, and opt-in to sharing it at times like this,
| and then opt-out later.
| shuckles wrote:
| Homomorphic encryption is not computationally practical and
| differential privacy relies on noise which is not ideal when
| (i) errors compound as is the case of contact tracing where
| each new node introduces many candidates for exposure and (ii)
| there is a high cost of false positives or negatives.
| prophesi wrote:
| For those curious by the claim that homomorphic encryption is
| not computationally practical, Bruce Shneier has a great
| article on it
|
| https://www.schneier.com/blog/archives/2009/07/homomorphic_e.
| ..
| jameslevy wrote:
| Perhaps this is a use case for a secure enclave, where
| location data is stored, a biometric authenticated
| authorization can be used for releasing it, and there is
| provably no backdoor for this feature to be used without the
| user's approval. I hope to see companies like AAPL address
| this in a way that solves for these types of situations
| without introducing draconian oversight capabilities.
| riedel wrote:
| Because my guess is that location will give you too may false
| positives if ppl realy use that system. I wonder if it would
| not be better to do sth like emitting colocation ble beacons
| with totp sequence and a random secret. If some is tested
| positive you release the secret or a even only a list of the
| emitted beacons in the relevant timeframe. Everyone can then
| check against the list they recorded. Does that make sense?
| cjbprime wrote:
| Singapore's doing contact tracing without any location data, and
| with contact between devices encrypted until needed for a contact
| disclosure. Seems like a better approach to me:
|
| https://www.mobihealthnews.com/news/asia-pacific/singapore-g...
| mderazon wrote:
| Israel's ministry of health has released a similar app [1] (open
| source [2]). Location is stored locally, and cross checked with
| confirmed covid-19 patients location history. You get a
| notification if you were close to a patient
|
| (1) https://medium.com/@oleiba/hamagen-fight-coronavirus-and-
| pre...
|
| (2) https://github.com/MohGovIL/hamagen-react-native
___________________________________________________________________
(page generated 2020-03-23 23:00 UTC)