[HN Gopher] Vietnam's contact tracing app broadcasting a fixed ID
___________________________________________________________________
Vietnam's contact tracing app broadcasting a fixed ID
Author : cryptbe
Score : 29 points
Date : 2020-04-26 20:22 UTC (2 hours ago)
(HTM) web link (vnhacker.blogspot.com)
(TXT) w3m dump (vnhacker.blogspot.com)
| serf wrote:
| >Because I can predict all future IDs, I can preregister all of
| them. This is a denial of service attack, denying all future
| users to participate in this system. Maybe I should do that???
|
| I get that the author was snubbed by the software group when he
| emailed them, but vague blackhat threats is no way to get a
| company/country/authority to listen.
| cryptbe wrote:
| I wrote the article. I agreed. It's a bad joke. I have no
| intention causing harm to this system.
| serf wrote:
| >I have no intention causing harm to this system.
|
| I took that intent from the article, but 'professionals'
| aren't always as kind in their reading of things like that.
|
| Interesting article.
| cryptbe wrote:
| Thanks.
|
| I have no strong evidence, but it seems that Force 47 is
| actively monitoring my blog [1]. I've never got so many
| personal attacks and smear comments like I did since I
| published my findings. I bet one of them will cite your
| comment as an evidence of my "immaturity".
|
| [1] https://en.wikipedia.org/wiki/Public_opinion_brigades
| cryptbe wrote:
| Author here. One interesting aspect that I've learned is the
| tactics, techniques, and procedures (TTPs) of public opinion
| brigades, aka Force 47.
|
| My initial report had an error, that is I didn't know that
| Bluetooth on Android needs ACCESS_FINE_LOCATION permission. A
| person pointed this out in a comment -- he posted and rewrote it
| three times. I said thank you and thought that's that, but then a
| bunch of people commented that since I made that basic mistake
| I'm immature and inexperienced, therefore the rest of my findings
| have no merit.
|
| Someone then posted a super long comment, raising a lot of
| questions about my credibility and intention, but not about my
| report. The interesting thing is they claimed that they're a
| student, haven't installed the app, have no intention to do so,
| but care a lot about privacy. Essentially they want to show that
| they're merely an underdog bystander standing up against my
| wrongdoings.
|
| Other attacks are more direct. For example, a person pointed out
| that since I don't have many followers on Twitter, I'm not a good
| engineer. They said I didn't really contribute anything to my
| public research, but I just took credit from my coauthors. That I
| am only cleaning toilet at Google, there's nothing proud about
| that.
|
| After I posted a rebuttal to the developers' rebuttal, a guy [2]
| dropped this one-line comment:
|
| >cai vu nay bat dau thay nham roi. Lap luan cua anh Thai cung
| khong con chat che nhu truoc nua.
|
| Which translates to "This is getting nonsense. Thai's argument is
| not as strict as before".
|
| The title of the guy's blog [3] is, I kid you not, Communist
| Party of Vietnam.
|
| [1] https://en.wikipedia.org/wiki/Public_opinion_brigades
|
| [2] https://www.blogger.com/profile/17567201928186857755
|
| [3] http://phichnuocnong.blogspot.com/
| dkdk8283 wrote:
| Contract tracing is a disaster. I've secured a forensic RF
| shielding bag for my phone. I refuse to participate
___________________________________________________________________
(page generated 2020-04-26 23:00 UTC)