[HN Gopher] Contact-tracing data harvested from pubs and restaur... ___________________________________________________________________ Contact-tracing data harvested from pubs and restaurants being sold Author : DyslexicAtheist Score : 126 points Date : 2020-10-11 18:00 UTC (5 hours ago) (HTM) web link (www.thetimes.co.uk) (TXT) w3m dump (www.thetimes.co.uk) | pydry wrote: | The UK government doesn't even trust itself with test and trace | data privacy: https://www.bbc.com/news/technology-54328644 | | Without privacy guarantees people don't use it. If people don't | use it the whole system fails. | Gibbon1 wrote: | I feel like we need to extend the laws we have that govern | credit reporting agencies to these other businesses that | aggregate personal data. Which hopefully will put them right | out of business. | chrismatheson wrote: | Are credit bureaus any better? I mean I know equifax messed | up royally and I have no reason to believe that all the rest | aren't pushing on every conceivable limit of the law to | maximise the profit to be made from information they scrape | about me without my consent, then pay lip service to | protecting it. | Gibbon1 wrote: | You can see your credit report, challenge information you | think is incorrect. And there are restrictions on what | information they can collect on you. You can lock your | report as well. Some types of pulls require your signature. | | None of these other grey market data collection firms have | to do any of that. One thing I noticed is these guys are | collecting data that would fall under HIPPA. | | Go ahead do some searches for Hepatitis C and then look at | your ads on Facebook. | chrisseaton wrote: | > Without privacy guarantees people don't use it. | | The vast vast majority of people don't know _anything_ about | privacy guarantees and this does not factor into their | decisions in any way. | walterbell wrote: | To the contrary, contact tracers in many countries have been | having a lot of trouble getting people to give up the names | of their contacts, or even to answer contact tracers. | | "Privacy" is not an abstract generic concept. It is context | and consequence dependent. | | When "contact data" has the monetary and social value | associated with a mandatory 14-day quarantine, people | accurately consider restrictions on future movement, not | privacy. Those who don't, quickly learn the hard way or from | a friend. They don't need the word "privacy", only "don't do | that again". | [deleted] | pydry wrote: | It matters at least somewhat to 90% of the general public and | is _very_ important to almost 50%: | | https://www.instituteforgovernment.org.uk/sites/default/file. | .. | | So no, you're extremely wrong. | chrisseaton wrote: | People will say anything in response to a question. | | What do people really care about and will actually action? | Very different to what you think. | | Turns out 99% will use Google and Facebook and crack on | despite the tracking and not really care about it. | pydry wrote: | 20% said after the Snowden revelations that the way they | used their email changed "a great deal". You might have | noticed that facebook engagement has _completely_ | collapsed while whatsapp (E2E encrypted, supposedly) | popularity surged. | | I mean, yes, I get the strong impression _you_ don 't | care. | deanCommie wrote: | Facebook engagement did not collapse because of privacy | concerns. | | People stopped using it because it stopped being a good | way to keep in touch with friends and instead became a | Bazaare containing every single person you've ever met | for a millisecond. People no longer felt connected, and | gravitated to more curated communication channels where | they could choose who they talk to. | chrisseaton wrote: | > 20% said after the Snowden revelations | | I really struggle to believe that 20% of people have | _heard_ of Snowden in any meaningful way to form an | opinion. | | I'm picturing 20% of the people who live on my street. | When I talk to them I don't get the impression most of | them follow the news in that much depth. Many have been | retired and zoned out from any kind of public life for | many years. (Not a criticism - maybe they have other | interests than me. Maybe they're happier than me for | that?) | | > I get the strong impression you don't care. | | No, sorry you've imagine that out of nowhere. It isn't | implied by anything I've said - I haven't talked about my | personal beliefs at all. | | I'm just a realist about what the people around me | outside the tech and media bubble are reading and | thinking. | | Do you live on a street in the Valley with 100 Google | engineers? Most people don't. | pydry wrote: | >I really struggle to believe that 20% of people have | heard of Snowden | | 72% in the UK. | | >Do you live on a street in the Valley | | You don't... really believe in polling do you? | chrisseaton wrote: | > You don't... really believe in polling do you? | | People say all kinds of things in response to polling. | That's why polling gets it wrong again and again. For | example... the 2016 election. | | Guess what: phone my 90 year old neighbours with a | question about Edward Snowden... they aren't going to | even pick up the phone! | | Look at what people PRACTICALLY do rather than what they | poll to do. You'll find it doesn't match. | tialaramex wrote: | > People say all kinds of things in response to polling. | | That's correct. The US is currently conducting a poll to | decide most of the composition of its government | (including some local and many national political | positions) and as you claim, the voters will say "all | kinds of things". | | But the answers stick anyway. Even though they say "all | kinds of things" you live in a democracy and those "all | kinds of things" decides the rules. Now, given that I'd | be trying to maybe get them to say smarter things, but if | you prefer to just smirk about it I cannot stop you. | chrisseaton wrote: | > but if you prefer to just smirk about it I cannot stop | you | | I don't understand where this snark is coming from? | | Am I saying something that you don't wish was true? | | The reality is... most people out there don't care about | privacy nor Snowden. The reality is most of them are | trying to make enough to feed their families this week | plus pay their bills and don't have the energy to think | about anything else. I'm not smirking about it. I didn't | express any opinion about it. I'm telling you the facts! | | Are you assuming I think this is good? Where did you read | that you're imagined it. | | You're confusing a reality check with an opinion on how I | think things should be! | mattbee wrote: | People in the UK are writing their names & mobile numbers | down at the door to most restaurants now - just one big | long piece of paper that everyone can read. | | I'm sure people say it's important in the abstract, but not | in practice, and not right now. | johnr2 wrote: | > It matters at least somewhat to 90% of the general public | and is very important to almost 50%: https://www.institutef | orgovernment.org.uk/sites/default/file... | | From the linked web page: "sample size 1006 respondents". | Given the UK population of around 68 million that seems a | small sample. | azalemeth wrote: | I work in part for the NHS, and have been told to turn off the | app while in the hospital. In part, I think this is because | they are scared of the effect that false positives will have on | (already precarious) staffing numbers (just like the police -- | which, owing to austerity, are horrendously under-manned). | | That being said, _I haven 't installed the app_. I know I | "should", but I just _do not_ trust it. I 've completely and | _utterly_ lost all faith in the government, and although I have | the .apk executable sitting in my downloads folder just | _waiting_ for me to disassemble it and read through it myself, | I haven 't yet. | | It's almost as if _decades_ of sophisticated spying and "dark | practices" have conditioned the entirety of the UK to not trust | their government, or something. I use a VPN (or three) at home, | tor where appropriate, and root my phone and cut out the Google | dial-home. It's a very big ask to get me to install a | government-developed application. I just have a deep, probably | irrational, _fear_ of it watching everything I do. | gerdesj wrote: | "... have been told to turn off the app while in the | hospital." | | (This is for England only, I have no idea what the rest of | the UK is up to) | | The algorithm the app uses is pretty simple and in your case | would be going off like a siren nearly daily. It announces | itself in the vicinity via bluetooth and listens for similar | announcements. Each device has a random, self generated ID | and this is changed regularly. If someone gets a positive | test and reports via the app then their ID at the time is | sent out. Apps will compare their list of known IDs and times | they were seen with the positive list. Basically if your app | decides that it saw a "positive" ID for something like 15 | minutes or more then it will flag it to you. Then it is up to | you whether to isolate, get tested etc. It is not an offence | to ignore the app but it is if you ignore an official Check | and Trace operative. | | This is why you are told not to use it at work. The algorithm | is designed to work for people going about "normal" life and | your life in the NHS is not normal. It can't possibly work | for you or my cousin working as a matron in a hospital. The | algorithm basically measures exposure and the current | thinking is that 15 mins is long enough to flag a warning. So | don't stop and chat for ages in the supermarket/park/pub or | whatever to your mates - say hi and use a phone later. If you | do go to a pub or restaurant then you have to accept that | there is a risk. | | If you are worried about the sign in QR code thing not having | a sign out until midnight, you can create your own home "sign | in" to do the same job. See https://www.gov.uk/create- | coronavirus-qr-poster . | | There is no need for conspiracy theories! The source code is | on Github so no need to mess with the apk. You may want to | check that the source generates the .apk though. I'm not a | fan of some things that have been done here but the new app | is the right way to do it in my opinion. It's very, very | simple and has no personally identifiable data involved. It's | basically one simple rule of thumb that is good enough to | semi-automate part of the C&T function. It is not good enough | for your trade though and you should not use it at work. | | Stay safe. | aidos wrote: | Is this about the new digital menus? (Paywalled for me) | | Unbelievably, we went to a restaurant last weekend where there | was absolutely no service so we had to use their WiFi to even see | the drinks menu. Once connected, we had to go through a | convoluted process to order and before even being able to place | an order, I had to sign up for an account with the online | service. This was before we could even order tap water. Food | orders were done the regular way, with regular people, in person. | They refused to take drink orders (including for water) any other | way than online. | | Last night my wife and I went out to dinner and neither of us | brought our phones (for the first time in forever). It was great. | They had to give us regular menus, like the good old days. | walterbell wrote: | Don't use/carry phone in restaurants. Request paper menus, they | almost always have them somewhere, or posted on a wall, no | matter what the policy says. Reward a different restaurant if | they don't. Voting with your feet has market power. | benlumen wrote: | You're lucky they let you in. Many places I've seen have made | the NHS one mandatory on the door now. | wdb wrote: | Good reason not to visit pubs and restaurants which require | reservations beforehand. This is not were my contact details are | being collected fore. I think they private watchdog should look | into this. | dustinmoris wrote: | I'm proud to say that so far I have refused to give any data away | and when forced I used a fake name and fake phone number. Nobody | should participate in this idiotic attempt of trying to control a | virus. It's impossible. The only way back to normality is herd | immunity. It will have to happen sooner or later, through natural | immunity, a vaccine or most likely a combination of both. I have | it rather sooner than later. Only way back to normality is to | start acting normal now. Everything else is madness. Also the | people who make 100% of the sacrifices are working age adults and | children, basically those who are virtually at no risk of dying | from this virus. Feels plain wrong that people have to give up | everything for nothing in return. | UncleEntity wrote: | I'm proud to say I'm not dead because of people like you | clogging up the hospitals allowing me to receive emergency | surgery a couple weeks ago. | untog wrote: | > The only way back to normality is herd immunity. | | Contract tracing seems to have worked out great in many | countries. And you're entirely discounting the possibility of a | vaccine here. Given that a lot of people will have to die in | order to achieve herd immunity (and the science isn't even | clear on exactly how many yet, nor on the long term | implications for those that survive a COVID infection) I'm not | sure blanket assertions are the wisest choice right now. | MattGaiser wrote: | > Only way back to normality is to start acting normal now. | | You can do that if you wish. Nobody is really stopping you in | most countries. | | I'm not joining you though. And I would bet that I am joined by | enough people that normal cannot be achieved. | richrichardsson wrote: | Correct: working age adults and children, basically those who | are virtually at no risk of dying from this virus. | | Also correct and much more important: this virus can have | incredibly deleterious effects on otherwise healthy people | beyond killing them. | | Just because it probably won't kill you doesn't mean it can't | fuck you up. In fact I think I'd rather the virus kill me than | leave me with permanent damage that destroys any quality of | life. | nradov wrote: | What percentage of patients will have permanent damage that | destroys any quality of life? | just-juan-post wrote: | We now know for a fact that the world-wide IFR is 0.13%.[1] | | It's time to give choice back to the people. | | I'm not anti-anything. I'm pro-choice. I'm with you. | | [1] - Monday Oct 05 the WHO announced there were 750 million | cases of Covid worldwide (see tons of news sources). According | to the official WHO tracker there have been 1 million deaths. 1 | million divided by 750 million is 0.00133333 or 0.13% IFR. | lwansbrough wrote: | The rest of us are pro-choice, too. We're choosing to follow | the guidance of our well respected public health officials. | Even if you are totally free to choose (you are where I live | in Vancouver) this doesn't prevent businesses from being | impacted by the majority decision to reduce virus spread by | limiting dining out, etc. | | The solution, and the inevitable return to normalcy will come | when people feel protected. That can come with herd immunity, | which is nearly impossible (NYC had excess deaths in the same | range as the Spanish flu and only has 20% immunity in the | population to show for it) or it can come with advanced | treatment, therapeutics and at some point a vaccine. | | This is a multi year process but the result will be a return | to normalcy, as happened with the Spanish flu. | SCdF wrote: | For the love of god stay inside | lwansbrough wrote: | Maybe this is a US thing because the virus is so widespread | but the guidance here in western Canada is definitely not | "stay inside". And it doesn't help the cause to tell | narcissists who want to live normal lives again that they | can't go outside. They can. They should wear a sufficiently | protective mask to protect others, physically distance, and | avoid groups and public indoor spaces. If you're walking on a | quiet street, or in a park, etc. you definitely don't need a | mask on. And you don't need to hide inside, that's paranoia. | [deleted] | ookblah wrote: | yeah, keep acting normal, that's sure to bring back tourism and | economies. broadway just cancelled all their shows until may of | next year, a pure business decision, nothing to do with gov't | policy. | | i understand we're anxious and angry to return to a sense of | normalcy, but make no mistake, it has nothing to do with sheer | will. business cannot survive on the select few "choosing" to | be reckless. | | it will return when we get it under control and people's | perceive risk (whether valid) goes down. | recursivedoubts wrote: | The fact that the notion of contact-tracing wasn't immediately | met with howls of laughter and/or outrage is perhaps the most | depressing aspect of 2020, a year with some extremely stiff | competition in the "well, now, that's depressing" category. | untog wrote: | Eh? Contract tracing has been effective in a bunch of | countries. And the framework Apple and Google worked together | on works great and protects privacy. | | The problem is the government incompetence and/or malfeasance, | not contract tracing itself. | dividedbyzero wrote: | It's a tried and tested tool in fighting disease outbreaks. | What else would we do? | chrismatheson wrote: | It works if I'm just a number to the system though right? | TeMPOraL wrote: | When you're dealing with problems that are larger than your | city district - and a global pandemic definitely qualifies | - you're _always_ just a number to the system. There is no | other way. | andybak wrote: | No. The fact that we didn't enforce proper privacy controls | with harsh penalties is the scandal. | | Unless you're arguing we are innately incapable of doing that? | That feels like defeatism. | recursivedoubts wrote: | Even if I thought that the corporate world could be | controlled, which I don't, I admit complete defeat in | expecting the intelligence community to obey any privacy | requirements. | mns wrote: | Story from Germany. In the last 2 months I have been getting | weekly something like 1-2 calls in the beginning and now, this | week almost 10 calls from all kinds of numbers from various | german numbers. Looking into them (online, people reporting these | calls, all are ads and all kind of bullsh*t). | | I don't share my number, it was quite private, I never got these | calls, maybe I had 5 calls in 5 YEARS, now I get more than that | in one day. Why is this, I think? A lot of restaurants use lists | and then just pass them to guests at the tables or make them | visible for everyone writing on them. Recently there are places | that offer QR codes and individual forms, and it gets better, but | having these lists visible, anyone that is at the restaurant can | just take a picture of the whole list. | | I could say that I entered a different name some time ago and I | got a spam call asking "Is this different name?", but that would | be illegal and I would get a fine. :) | Fnoord wrote: | Provide a disposable number and e-mail address. For example, | use a pre-paid 2nd SIM for this purpose and discard it after a | year (mine gets cancelled after 6 months of no use). With | regards to e-mail there's various solutions for that. | ffpip wrote: | https://news.ycombinator.com/item?id=24745554 | | Hahahaha. Look at the first reply. | DyslexicAtheist wrote: | what's interesting is the question this reply is to. | | it looks like lots of EU countries are requiring pub/restaurant | owners now to collect guest lists and uhm "it goes down really | really well with intoxicated punters /s". don't know who | started it but politicians across EU seem to be copying the | policy from one another in a desperate attempt to hide their | incompetence. | whimsicalism wrote: | I mean, it's contact tracing or a shutdown.. | walterbell wrote: | There's also the option of scientific or mathematical | competence, instead of pandemic theater. | | Contact tracing was historically used at the _start_ of a | disease outbreak where it can be 100% successful. It 's | nearly useless later, with only partial visibility due to | widespread dispersion. Even a 7x24 _Person of Interest_ | panopticon could not trace every contact across urban | populations. | fennecfoxen wrote: | Given what we've seen of the response, I'm afraid this | might be an unrealistic expectation. | walterbell wrote: | There are tried and true historical responses to the | incompetence of a few affecting the lives of millions. | Even when forgotten, history shows that populations have | repeatedly reinvented those responses. | | One effort: https://gbdeclaration.org/ | | Legal cases are underway in several countries. In one | city, a $2B lawsuit against the city resulted in policy | change the same week. | whimsicalism wrote: | > Contact tracing was historically used at the start of a | disease outbreak | | Correct me if I'm wrong - but that's only true due to the | historical turnaround time of contact tracing. Even with | many cases, contact tracing at the margin can reduce | $R_t$. Even in the UK, until the last 2 weeks or so, | there were very few cases relative to how many there are | now. Especially since covid appears to spread through a | disproportionate number of super-spreading incidents | compared to say the flu (ie. very right-tailed | distribution in the number of people you infect with | covid) means that contact tracing can be particularly | effective. | kitd wrote: | That was about reporting to the government, which is, after | all, more or less a legitimate use as a contact-tracing system. | | The article is about it being sold to marketers and | advertisers. | syshum wrote: | Sorry but I do not believe government tracing every contact I | make is a "legitimate" government power | | Further it is unlikely that these companies would have either | even attempted, or if attempted would have gotten wide spread | compliance with out government mandates they collect said | info. | | Government (as always) has created this problem | ffpip wrote: | I wanted to show how the guy was downvoted for showing a | legitimate concern, which turned out to be true hours later. | | Everything will end up sold to someone someday. Just keep | your info private. | dane-pgp wrote: | > the guy | | You mean planejane9? | ffpip wrote: | Yes. Sorry for not being clear. | neonate wrote: | https://archive.is/QEm2D | nixpulvis wrote: | I honestly don't know much about Apple/Android implementations of | QR code readers... Is there any fundamental issue with using one | of these things to share a link to a menu or something? Many | restaurants are trying to avoid menus it seems (which makes | sense) and I could see a QR code making this easier for people. | | I don't like the idea that my OS/browser history basically knows | everything about me, but I don't really see how visiting a menu | is a serious problem, given that the same systems also generally | have my location data too... Is the concern that people who visit | restaurants are much more likely to be spreaders of COVID? Could | just looking at a menu (implying visiting the restaurant) be | enough to implicate me of something? | | I'm just left wondering in all this mess. Who watches the | watchmen? | Closi wrote: | The QR codes need to send you to a name & address form for | contact tracing - that's why. | | Scanning a code and putting in your name & address is mandatory | at all eat-in places in the UK (or writing it down on a list). | RL_Quine wrote: | One of the reasons QR codes don't get used much is people | simply don't know how to scan them. | fennecfoxen wrote: | Indeed, and this is one classic problem of QR code adoption | (in the US, at least), so it'll be interesting to see whether | this trend of QR-code menus actually drives adoption. | | See also: https://picturesofpeoplescanningqrcodes.tumblr.com/ | Nextgrid wrote: | > Is there any fundamental issue with using one of these things | to share a link to a menu or something? | | There is no problem with making a QR code that links to a menu | in PDF format and that would be private & secure. The problem | is that the majority of those QR codes would link to a page on | the restaurant's website where various trackers are embedded | and Zuckerberg is not far away, and most people browse without | private mode nor ad-blockers so their browser is known by those | trackers. | pjmlp wrote: | Except unless one is an happy iPhone owner, chances are they | don't have any means to scan QR codes on their phones. | | Specially elderly people with their feature phones, or plain | classic ones | benlumen wrote: | I was staggered by how quickly these QR solutions were stood up. | They aren't standardised and just take you to a webform and maybe | a PDF of the drinks menu, but the speed was impressive. | | Not surprised but still disappointed to learn that they're done | by opportunist cowboys. Most things like this in Britain are. | tgsovlerkhgsel wrote: | DPAs really need to step in here and start enforcement actions. | GDPR Art. 5 (1) b prohibits abusing data for another purpose, and | hiding a "consent" for that somewhere in the T&C is not | sufficient. | | Also, due to the incredible damage such cases cause (people will | provide fake data), there need to be _severe_ penalty for such | abuses - not just financial, serious jail time. | | Edit to add: Art. 6 GDPR is pretty clear -processing data is | legal only to the extent that one of the subclauses applies. a) | Something hidden in T&C isn't valid consent, b) selling the data | is not necessary to fulfill the contract (serving food), c) | collecting the data is but _selling_ the data isn 't necessary | for compliance with the contact tracing obligation, d) selling | the data isn't necessary to protect the interests of the | customer, e) there is no public interest in selling the data | (quite the opposite!), leaving only f) legitimate interest. | Anyone claiming that will likely learn that others disagree with | this being a _legitimate_ interest that is not overridden by the | data subject's right to privacy. | DyslexicAtheist wrote: | > there need to be severe penalty for such abuses - not just | financial, serious jail time. | | punishment for who? those making the poorly thought out policy | or the restaurant / pub owners who suddenly see themselves as | the nominated enforcers of these data collection activities? | rule #1 should be not to collect data you don't have a safe way | to process. GDPR or not this shouldn't even be collected. | dpwm wrote: | > rule #1 should be not to collect data you don't have a safe | way to process. GDPR or not this shouldn't even be collected. | | My understanding was that the law, at least in England, | required for this data to be collected and retained. ___________________________________________________________________ (page generated 2020-10-11 23:00 UTC)