[HN Gopher] Contact-tracing data harvested from pubs and restaur...
___________________________________________________________________
Contact-tracing data harvested from pubs and restaurants being sold
Author : DyslexicAtheist
Score : 126 points
Date : 2020-10-11 18:00 UTC (5 hours ago)
(HTM) web link (www.thetimes.co.uk)
(TXT) w3m dump (www.thetimes.co.uk)
| pydry wrote:
| The UK government doesn't even trust itself with test and trace
| data privacy: https://www.bbc.com/news/technology-54328644
|
| Without privacy guarantees people don't use it. If people don't
| use it the whole system fails.
| Gibbon1 wrote:
| I feel like we need to extend the laws we have that govern
| credit reporting agencies to these other businesses that
| aggregate personal data. Which hopefully will put them right
| out of business.
| chrismatheson wrote:
| Are credit bureaus any better? I mean I know equifax messed
| up royally and I have no reason to believe that all the rest
| aren't pushing on every conceivable limit of the law to
| maximise the profit to be made from information they scrape
| about me without my consent, then pay lip service to
| protecting it.
| Gibbon1 wrote:
| You can see your credit report, challenge information you
| think is incorrect. And there are restrictions on what
| information they can collect on you. You can lock your
| report as well. Some types of pulls require your signature.
|
| None of these other grey market data collection firms have
| to do any of that. One thing I noticed is these guys are
| collecting data that would fall under HIPPA.
|
| Go ahead do some searches for Hepatitis C and then look at
| your ads on Facebook.
| chrisseaton wrote:
| > Without privacy guarantees people don't use it.
|
| The vast vast majority of people don't know _anything_ about
| privacy guarantees and this does not factor into their
| decisions in any way.
| walterbell wrote:
| To the contrary, contact tracers in many countries have been
| having a lot of trouble getting people to give up the names
| of their contacts, or even to answer contact tracers.
|
| "Privacy" is not an abstract generic concept. It is context
| and consequence dependent.
|
| When "contact data" has the monetary and social value
| associated with a mandatory 14-day quarantine, people
| accurately consider restrictions on future movement, not
| privacy. Those who don't, quickly learn the hard way or from
| a friend. They don't need the word "privacy", only "don't do
| that again".
| [deleted]
| pydry wrote:
| It matters at least somewhat to 90% of the general public and
| is _very_ important to almost 50%:
|
| https://www.instituteforgovernment.org.uk/sites/default/file.
| ..
|
| So no, you're extremely wrong.
| chrisseaton wrote:
| People will say anything in response to a question.
|
| What do people really care about and will actually action?
| Very different to what you think.
|
| Turns out 99% will use Google and Facebook and crack on
| despite the tracking and not really care about it.
| pydry wrote:
| 20% said after the Snowden revelations that the way they
| used their email changed "a great deal". You might have
| noticed that facebook engagement has _completely_
| collapsed while whatsapp (E2E encrypted, supposedly)
| popularity surged.
|
| I mean, yes, I get the strong impression _you_ don 't
| care.
| deanCommie wrote:
| Facebook engagement did not collapse because of privacy
| concerns.
|
| People stopped using it because it stopped being a good
| way to keep in touch with friends and instead became a
| Bazaare containing every single person you've ever met
| for a millisecond. People no longer felt connected, and
| gravitated to more curated communication channels where
| they could choose who they talk to.
| chrisseaton wrote:
| > 20% said after the Snowden revelations
|
| I really struggle to believe that 20% of people have
| _heard_ of Snowden in any meaningful way to form an
| opinion.
|
| I'm picturing 20% of the people who live on my street.
| When I talk to them I don't get the impression most of
| them follow the news in that much depth. Many have been
| retired and zoned out from any kind of public life for
| many years. (Not a criticism - maybe they have other
| interests than me. Maybe they're happier than me for
| that?)
|
| > I get the strong impression you don't care.
|
| No, sorry you've imagine that out of nowhere. It isn't
| implied by anything I've said - I haven't talked about my
| personal beliefs at all.
|
| I'm just a realist about what the people around me
| outside the tech and media bubble are reading and
| thinking.
|
| Do you live on a street in the Valley with 100 Google
| engineers? Most people don't.
| pydry wrote:
| >I really struggle to believe that 20% of people have
| heard of Snowden
|
| 72% in the UK.
|
| >Do you live on a street in the Valley
|
| You don't... really believe in polling do you?
| chrisseaton wrote:
| > You don't... really believe in polling do you?
|
| People say all kinds of things in response to polling.
| That's why polling gets it wrong again and again. For
| example... the 2016 election.
|
| Guess what: phone my 90 year old neighbours with a
| question about Edward Snowden... they aren't going to
| even pick up the phone!
|
| Look at what people PRACTICALLY do rather than what they
| poll to do. You'll find it doesn't match.
| tialaramex wrote:
| > People say all kinds of things in response to polling.
|
| That's correct. The US is currently conducting a poll to
| decide most of the composition of its government
| (including some local and many national political
| positions) and as you claim, the voters will say "all
| kinds of things".
|
| But the answers stick anyway. Even though they say "all
| kinds of things" you live in a democracy and those "all
| kinds of things" decides the rules. Now, given that I'd
| be trying to maybe get them to say smarter things, but if
| you prefer to just smirk about it I cannot stop you.
| chrisseaton wrote:
| > but if you prefer to just smirk about it I cannot stop
| you
|
| I don't understand where this snark is coming from?
|
| Am I saying something that you don't wish was true?
|
| The reality is... most people out there don't care about
| privacy nor Snowden. The reality is most of them are
| trying to make enough to feed their families this week
| plus pay their bills and don't have the energy to think
| about anything else. I'm not smirking about it. I didn't
| express any opinion about it. I'm telling you the facts!
|
| Are you assuming I think this is good? Where did you read
| that you're imagined it.
|
| You're confusing a reality check with an opinion on how I
| think things should be!
| mattbee wrote:
| People in the UK are writing their names & mobile numbers
| down at the door to most restaurants now - just one big
| long piece of paper that everyone can read.
|
| I'm sure people say it's important in the abstract, but not
| in practice, and not right now.
| johnr2 wrote:
| > It matters at least somewhat to 90% of the general public
| and is very important to almost 50%: https://www.institutef
| orgovernment.org.uk/sites/default/file...
|
| From the linked web page: "sample size 1006 respondents".
| Given the UK population of around 68 million that seems a
| small sample.
| azalemeth wrote:
| I work in part for the NHS, and have been told to turn off the
| app while in the hospital. In part, I think this is because
| they are scared of the effect that false positives will have on
| (already precarious) staffing numbers (just like the police --
| which, owing to austerity, are horrendously under-manned).
|
| That being said, _I haven 't installed the app_. I know I
| "should", but I just _do not_ trust it. I 've completely and
| _utterly_ lost all faith in the government, and although I have
| the .apk executable sitting in my downloads folder just
| _waiting_ for me to disassemble it and read through it myself,
| I haven 't yet.
|
| It's almost as if _decades_ of sophisticated spying and "dark
| practices" have conditioned the entirety of the UK to not trust
| their government, or something. I use a VPN (or three) at home,
| tor where appropriate, and root my phone and cut out the Google
| dial-home. It's a very big ask to get me to install a
| government-developed application. I just have a deep, probably
| irrational, _fear_ of it watching everything I do.
| gerdesj wrote:
| "... have been told to turn off the app while in the
| hospital."
|
| (This is for England only, I have no idea what the rest of
| the UK is up to)
|
| The algorithm the app uses is pretty simple and in your case
| would be going off like a siren nearly daily. It announces
| itself in the vicinity via bluetooth and listens for similar
| announcements. Each device has a random, self generated ID
| and this is changed regularly. If someone gets a positive
| test and reports via the app then their ID at the time is
| sent out. Apps will compare their list of known IDs and times
| they were seen with the positive list. Basically if your app
| decides that it saw a "positive" ID for something like 15
| minutes or more then it will flag it to you. Then it is up to
| you whether to isolate, get tested etc. It is not an offence
| to ignore the app but it is if you ignore an official Check
| and Trace operative.
|
| This is why you are told not to use it at work. The algorithm
| is designed to work for people going about "normal" life and
| your life in the NHS is not normal. It can't possibly work
| for you or my cousin working as a matron in a hospital. The
| algorithm basically measures exposure and the current
| thinking is that 15 mins is long enough to flag a warning. So
| don't stop and chat for ages in the supermarket/park/pub or
| whatever to your mates - say hi and use a phone later. If you
| do go to a pub or restaurant then you have to accept that
| there is a risk.
|
| If you are worried about the sign in QR code thing not having
| a sign out until midnight, you can create your own home "sign
| in" to do the same job. See https://www.gov.uk/create-
| coronavirus-qr-poster .
|
| There is no need for conspiracy theories! The source code is
| on Github so no need to mess with the apk. You may want to
| check that the source generates the .apk though. I'm not a
| fan of some things that have been done here but the new app
| is the right way to do it in my opinion. It's very, very
| simple and has no personally identifiable data involved. It's
| basically one simple rule of thumb that is good enough to
| semi-automate part of the C&T function. It is not good enough
| for your trade though and you should not use it at work.
|
| Stay safe.
| aidos wrote:
| Is this about the new digital menus? (Paywalled for me)
|
| Unbelievably, we went to a restaurant last weekend where there
| was absolutely no service so we had to use their WiFi to even see
| the drinks menu. Once connected, we had to go through a
| convoluted process to order and before even being able to place
| an order, I had to sign up for an account with the online
| service. This was before we could even order tap water. Food
| orders were done the regular way, with regular people, in person.
| They refused to take drink orders (including for water) any other
| way than online.
|
| Last night my wife and I went out to dinner and neither of us
| brought our phones (for the first time in forever). It was great.
| They had to give us regular menus, like the good old days.
| walterbell wrote:
| Don't use/carry phone in restaurants. Request paper menus, they
| almost always have them somewhere, or posted on a wall, no
| matter what the policy says. Reward a different restaurant if
| they don't. Voting with your feet has market power.
| benlumen wrote:
| You're lucky they let you in. Many places I've seen have made
| the NHS one mandatory on the door now.
| wdb wrote:
| Good reason not to visit pubs and restaurants which require
| reservations beforehand. This is not were my contact details are
| being collected fore. I think they private watchdog should look
| into this.
| dustinmoris wrote:
| I'm proud to say that so far I have refused to give any data away
| and when forced I used a fake name and fake phone number. Nobody
| should participate in this idiotic attempt of trying to control a
| virus. It's impossible. The only way back to normality is herd
| immunity. It will have to happen sooner or later, through natural
| immunity, a vaccine or most likely a combination of both. I have
| it rather sooner than later. Only way back to normality is to
| start acting normal now. Everything else is madness. Also the
| people who make 100% of the sacrifices are working age adults and
| children, basically those who are virtually at no risk of dying
| from this virus. Feels plain wrong that people have to give up
| everything for nothing in return.
| UncleEntity wrote:
| I'm proud to say I'm not dead because of people like you
| clogging up the hospitals allowing me to receive emergency
| surgery a couple weeks ago.
| untog wrote:
| > The only way back to normality is herd immunity.
|
| Contract tracing seems to have worked out great in many
| countries. And you're entirely discounting the possibility of a
| vaccine here. Given that a lot of people will have to die in
| order to achieve herd immunity (and the science isn't even
| clear on exactly how many yet, nor on the long term
| implications for those that survive a COVID infection) I'm not
| sure blanket assertions are the wisest choice right now.
| MattGaiser wrote:
| > Only way back to normality is to start acting normal now.
|
| You can do that if you wish. Nobody is really stopping you in
| most countries.
|
| I'm not joining you though. And I would bet that I am joined by
| enough people that normal cannot be achieved.
| richrichardsson wrote:
| Correct: working age adults and children, basically those who
| are virtually at no risk of dying from this virus.
|
| Also correct and much more important: this virus can have
| incredibly deleterious effects on otherwise healthy people
| beyond killing them.
|
| Just because it probably won't kill you doesn't mean it can't
| fuck you up. In fact I think I'd rather the virus kill me than
| leave me with permanent damage that destroys any quality of
| life.
| nradov wrote:
| What percentage of patients will have permanent damage that
| destroys any quality of life?
| just-juan-post wrote:
| We now know for a fact that the world-wide IFR is 0.13%.[1]
|
| It's time to give choice back to the people.
|
| I'm not anti-anything. I'm pro-choice. I'm with you.
|
| [1] - Monday Oct 05 the WHO announced there were 750 million
| cases of Covid worldwide (see tons of news sources). According
| to the official WHO tracker there have been 1 million deaths. 1
| million divided by 750 million is 0.00133333 or 0.13% IFR.
| lwansbrough wrote:
| The rest of us are pro-choice, too. We're choosing to follow
| the guidance of our well respected public health officials.
| Even if you are totally free to choose (you are where I live
| in Vancouver) this doesn't prevent businesses from being
| impacted by the majority decision to reduce virus spread by
| limiting dining out, etc.
|
| The solution, and the inevitable return to normalcy will come
| when people feel protected. That can come with herd immunity,
| which is nearly impossible (NYC had excess deaths in the same
| range as the Spanish flu and only has 20% immunity in the
| population to show for it) or it can come with advanced
| treatment, therapeutics and at some point a vaccine.
|
| This is a multi year process but the result will be a return
| to normalcy, as happened with the Spanish flu.
| SCdF wrote:
| For the love of god stay inside
| lwansbrough wrote:
| Maybe this is a US thing because the virus is so widespread
| but the guidance here in western Canada is definitely not
| "stay inside". And it doesn't help the cause to tell
| narcissists who want to live normal lives again that they
| can't go outside. They can. They should wear a sufficiently
| protective mask to protect others, physically distance, and
| avoid groups and public indoor spaces. If you're walking on a
| quiet street, or in a park, etc. you definitely don't need a
| mask on. And you don't need to hide inside, that's paranoia.
| [deleted]
| ookblah wrote:
| yeah, keep acting normal, that's sure to bring back tourism and
| economies. broadway just cancelled all their shows until may of
| next year, a pure business decision, nothing to do with gov't
| policy.
|
| i understand we're anxious and angry to return to a sense of
| normalcy, but make no mistake, it has nothing to do with sheer
| will. business cannot survive on the select few "choosing" to
| be reckless.
|
| it will return when we get it under control and people's
| perceive risk (whether valid) goes down.
| recursivedoubts wrote:
| The fact that the notion of contact-tracing wasn't immediately
| met with howls of laughter and/or outrage is perhaps the most
| depressing aspect of 2020, a year with some extremely stiff
| competition in the "well, now, that's depressing" category.
| untog wrote:
| Eh? Contract tracing has been effective in a bunch of
| countries. And the framework Apple and Google worked together
| on works great and protects privacy.
|
| The problem is the government incompetence and/or malfeasance,
| not contract tracing itself.
| dividedbyzero wrote:
| It's a tried and tested tool in fighting disease outbreaks.
| What else would we do?
| chrismatheson wrote:
| It works if I'm just a number to the system though right?
| TeMPOraL wrote:
| When you're dealing with problems that are larger than your
| city district - and a global pandemic definitely qualifies
| - you're _always_ just a number to the system. There is no
| other way.
| andybak wrote:
| No. The fact that we didn't enforce proper privacy controls
| with harsh penalties is the scandal.
|
| Unless you're arguing we are innately incapable of doing that?
| That feels like defeatism.
| recursivedoubts wrote:
| Even if I thought that the corporate world could be
| controlled, which I don't, I admit complete defeat in
| expecting the intelligence community to obey any privacy
| requirements.
| mns wrote:
| Story from Germany. In the last 2 months I have been getting
| weekly something like 1-2 calls in the beginning and now, this
| week almost 10 calls from all kinds of numbers from various
| german numbers. Looking into them (online, people reporting these
| calls, all are ads and all kind of bullsh*t).
|
| I don't share my number, it was quite private, I never got these
| calls, maybe I had 5 calls in 5 YEARS, now I get more than that
| in one day. Why is this, I think? A lot of restaurants use lists
| and then just pass them to guests at the tables or make them
| visible for everyone writing on them. Recently there are places
| that offer QR codes and individual forms, and it gets better, but
| having these lists visible, anyone that is at the restaurant can
| just take a picture of the whole list.
|
| I could say that I entered a different name some time ago and I
| got a spam call asking "Is this different name?", but that would
| be illegal and I would get a fine. :)
| Fnoord wrote:
| Provide a disposable number and e-mail address. For example,
| use a pre-paid 2nd SIM for this purpose and discard it after a
| year (mine gets cancelled after 6 months of no use). With
| regards to e-mail there's various solutions for that.
| ffpip wrote:
| https://news.ycombinator.com/item?id=24745554
|
| Hahahaha. Look at the first reply.
| DyslexicAtheist wrote:
| what's interesting is the question this reply is to.
|
| it looks like lots of EU countries are requiring pub/restaurant
| owners now to collect guest lists and uhm "it goes down really
| really well with intoxicated punters /s". don't know who
| started it but politicians across EU seem to be copying the
| policy from one another in a desperate attempt to hide their
| incompetence.
| whimsicalism wrote:
| I mean, it's contact tracing or a shutdown..
| walterbell wrote:
| There's also the option of scientific or mathematical
| competence, instead of pandemic theater.
|
| Contact tracing was historically used at the _start_ of a
| disease outbreak where it can be 100% successful. It 's
| nearly useless later, with only partial visibility due to
| widespread dispersion. Even a 7x24 _Person of Interest_
| panopticon could not trace every contact across urban
| populations.
| fennecfoxen wrote:
| Given what we've seen of the response, I'm afraid this
| might be an unrealistic expectation.
| walterbell wrote:
| There are tried and true historical responses to the
| incompetence of a few affecting the lives of millions.
| Even when forgotten, history shows that populations have
| repeatedly reinvented those responses.
|
| One effort: https://gbdeclaration.org/
|
| Legal cases are underway in several countries. In one
| city, a $2B lawsuit against the city resulted in policy
| change the same week.
| whimsicalism wrote:
| > Contact tracing was historically used at the start of a
| disease outbreak
|
| Correct me if I'm wrong - but that's only true due to the
| historical turnaround time of contact tracing. Even with
| many cases, contact tracing at the margin can reduce
| $R_t$. Even in the UK, until the last 2 weeks or so,
| there were very few cases relative to how many there are
| now. Especially since covid appears to spread through a
| disproportionate number of super-spreading incidents
| compared to say the flu (ie. very right-tailed
| distribution in the number of people you infect with
| covid) means that contact tracing can be particularly
| effective.
| kitd wrote:
| That was about reporting to the government, which is, after
| all, more or less a legitimate use as a contact-tracing system.
|
| The article is about it being sold to marketers and
| advertisers.
| syshum wrote:
| Sorry but I do not believe government tracing every contact I
| make is a "legitimate" government power
|
| Further it is unlikely that these companies would have either
| even attempted, or if attempted would have gotten wide spread
| compliance with out government mandates they collect said
| info.
|
| Government (as always) has created this problem
| ffpip wrote:
| I wanted to show how the guy was downvoted for showing a
| legitimate concern, which turned out to be true hours later.
|
| Everything will end up sold to someone someday. Just keep
| your info private.
| dane-pgp wrote:
| > the guy
|
| You mean planejane9?
| ffpip wrote:
| Yes. Sorry for not being clear.
| neonate wrote:
| https://archive.is/QEm2D
| nixpulvis wrote:
| I honestly don't know much about Apple/Android implementations of
| QR code readers... Is there any fundamental issue with using one
| of these things to share a link to a menu or something? Many
| restaurants are trying to avoid menus it seems (which makes
| sense) and I could see a QR code making this easier for people.
|
| I don't like the idea that my OS/browser history basically knows
| everything about me, but I don't really see how visiting a menu
| is a serious problem, given that the same systems also generally
| have my location data too... Is the concern that people who visit
| restaurants are much more likely to be spreaders of COVID? Could
| just looking at a menu (implying visiting the restaurant) be
| enough to implicate me of something?
|
| I'm just left wondering in all this mess. Who watches the
| watchmen?
| Closi wrote:
| The QR codes need to send you to a name & address form for
| contact tracing - that's why.
|
| Scanning a code and putting in your name & address is mandatory
| at all eat-in places in the UK (or writing it down on a list).
| RL_Quine wrote:
| One of the reasons QR codes don't get used much is people
| simply don't know how to scan them.
| fennecfoxen wrote:
| Indeed, and this is one classic problem of QR code adoption
| (in the US, at least), so it'll be interesting to see whether
| this trend of QR-code menus actually drives adoption.
|
| See also: https://picturesofpeoplescanningqrcodes.tumblr.com/
| Nextgrid wrote:
| > Is there any fundamental issue with using one of these things
| to share a link to a menu or something?
|
| There is no problem with making a QR code that links to a menu
| in PDF format and that would be private & secure. The problem
| is that the majority of those QR codes would link to a page on
| the restaurant's website where various trackers are embedded
| and Zuckerberg is not far away, and most people browse without
| private mode nor ad-blockers so their browser is known by those
| trackers.
| pjmlp wrote:
| Except unless one is an happy iPhone owner, chances are they
| don't have any means to scan QR codes on their phones.
|
| Specially elderly people with their feature phones, or plain
| classic ones
| benlumen wrote:
| I was staggered by how quickly these QR solutions were stood up.
| They aren't standardised and just take you to a webform and maybe
| a PDF of the drinks menu, but the speed was impressive.
|
| Not surprised but still disappointed to learn that they're done
| by opportunist cowboys. Most things like this in Britain are.
| tgsovlerkhgsel wrote:
| DPAs really need to step in here and start enforcement actions.
| GDPR Art. 5 (1) b prohibits abusing data for another purpose, and
| hiding a "consent" for that somewhere in the T&C is not
| sufficient.
|
| Also, due to the incredible damage such cases cause (people will
| provide fake data), there need to be _severe_ penalty for such
| abuses - not just financial, serious jail time.
|
| Edit to add: Art. 6 GDPR is pretty clear -processing data is
| legal only to the extent that one of the subclauses applies. a)
| Something hidden in T&C isn't valid consent, b) selling the data
| is not necessary to fulfill the contract (serving food), c)
| collecting the data is but _selling_ the data isn 't necessary
| for compliance with the contact tracing obligation, d) selling
| the data isn't necessary to protect the interests of the
| customer, e) there is no public interest in selling the data
| (quite the opposite!), leaving only f) legitimate interest.
| Anyone claiming that will likely learn that others disagree with
| this being a _legitimate_ interest that is not overridden by the
| data subject's right to privacy.
| DyslexicAtheist wrote:
| > there need to be severe penalty for such abuses - not just
| financial, serious jail time.
|
| punishment for who? those making the poorly thought out policy
| or the restaurant / pub owners who suddenly see themselves as
| the nominated enforcers of these data collection activities?
| rule #1 should be not to collect data you don't have a safe way
| to process. GDPR or not this shouldn't even be collected.
| dpwm wrote:
| > rule #1 should be not to collect data you don't have a safe
| way to process. GDPR or not this shouldn't even be collected.
|
| My understanding was that the law, at least in England,
| required for this data to be collected and retained.
___________________________________________________________________
(page generated 2020-10-11 23:00 UTC)