[HN Gopher] Vietnam's contact tracing app broadcasting a fixed ID ___________________________________________________________________ Vietnam's contact tracing app broadcasting a fixed ID Author : cryptbe Score : 29 points Date : 2020-04-26 20:22 UTC (2 hours ago) (HTM) web link (vnhacker.blogspot.com) (TXT) w3m dump (vnhacker.blogspot.com) | serf wrote: | >Because I can predict all future IDs, I can preregister all of | them. This is a denial of service attack, denying all future | users to participate in this system. Maybe I should do that??? | | I get that the author was snubbed by the software group when he | emailed them, but vague blackhat threats is no way to get a | company/country/authority to listen. | cryptbe wrote: | I wrote the article. I agreed. It's a bad joke. I have no | intention causing harm to this system. | serf wrote: | >I have no intention causing harm to this system. | | I took that intent from the article, but 'professionals' | aren't always as kind in their reading of things like that. | | Interesting article. | cryptbe wrote: | Thanks. | | I have no strong evidence, but it seems that Force 47 is | actively monitoring my blog [1]. I've never got so many | personal attacks and smear comments like I did since I | published my findings. I bet one of them will cite your | comment as an evidence of my "immaturity". | | [1] https://en.wikipedia.org/wiki/Public_opinion_brigades | cryptbe wrote: | Author here. One interesting aspect that I've learned is the | tactics, techniques, and procedures (TTPs) of public opinion | brigades, aka Force 47. | | My initial report had an error, that is I didn't know that | Bluetooth on Android needs ACCESS_FINE_LOCATION permission. A | person pointed this out in a comment -- he posted and rewrote it | three times. I said thank you and thought that's that, but then a | bunch of people commented that since I made that basic mistake | I'm immature and inexperienced, therefore the rest of my findings | have no merit. | | Someone then posted a super long comment, raising a lot of | questions about my credibility and intention, but not about my | report. The interesting thing is they claimed that they're a | student, haven't installed the app, have no intention to do so, | but care a lot about privacy. Essentially they want to show that | they're merely an underdog bystander standing up against my | wrongdoings. | | Other attacks are more direct. For example, a person pointed out | that since I don't have many followers on Twitter, I'm not a good | engineer. They said I didn't really contribute anything to my | public research, but I just took credit from my coauthors. That I | am only cleaning toilet at Google, there's nothing proud about | that. | | After I posted a rebuttal to the developers' rebuttal, a guy [2] | dropped this one-line comment: | | >cai vu nay bat dau thay nham roi. Lap luan cua anh Thai cung | khong con chat che nhu truoc nua. | | Which translates to "This is getting nonsense. Thai's argument is | not as strict as before". | | The title of the guy's blog [3] is, I kid you not, Communist | Party of Vietnam. | | [1] https://en.wikipedia.org/wiki/Public_opinion_brigades | | [2] https://www.blogger.com/profile/17567201928186857755 | | [3] http://phichnuocnong.blogspot.com/ | dkdk8283 wrote: | Contract tracing is a disaster. I've secured a forensic RF | shielding bag for my phone. I refuse to participate ___________________________________________________________________ (page generated 2020-04-26 23:00 UTC)