Profile picture
, 17 tweets, 3 min read
My Authors
Read all threads
Ok folks, let's talk about the Coronavirus tracking app as news of Australia adopting Singapore's "TraceTogether" gains momentum. I'd willingly run it and I want to explain why because there's also some very valid concerns. Let's begin:
Firstly, we all know this is an absolutely unprecedented time that's resulted in all sorts of unprecedented measures. When people are losing their livelihoods and in some cases, losing their *lives*, the ROI of privacy changes; we need to look at it differently today.
I'm willing to take risks with my privacy in ways that I wouldn't have only 2 months ago. I'll happily make that trade-off *if* I can see that it's going to be in the best interest of society just as I'm happy making other sacrifices today. So let's talk about that for a moment.
We all have beacons in our pockets that travel with us everywhere. They have the capability to know where we go, when we go there and who we interact with. From the perspective of establishing the possible spread of the virus, this is *amazing* technology and we already have it.
We have GPS, Bluetooth, and cellular and the fact that we could so easily just install one little piece of free software in a matter of seconds that would make this all work together in humanity's best interests is pretty cool 😎
Just for a moment, consider how different the current situation would be if we all had the ability to immediately establish if we'd been in the proximity of someone who has since tested positive. How many would have tested earlier? Self-isolated earlier? Worn a mask? Lived?
But, of course, there are concerns and chief among them is privacy. There's a bunch of different ways this can be tackled and many of the controls I've seen mentioned go a long way to addressing this. For example, only recording interactions with other people of 15 mins or more.
Anonymisation is obviously key here; you wouldn't need to know *who* you were in contact with that tested positive, only that it happened and when it was. That, of course, could still be a very narrow scope of people and frankly, the likelihood of true anonymity is low.
Decentralising the data and retaining it only on the device is another logical control. Of course there still needs to be some exchange of data either to submit your own positive status or be notified of your exposure, but it need not be masses of info on a centralised system.
Think also about the data minimisation opportunities: you *could* capture location via GPS, but is it necessary if you can already track proximity to other people via Bluetooth? Do you care *where* you were or just that you spent time with someone who was infected?
Then there's retention periods; there's only a finite usefulness of the data in managing the pandemic and the old adage of "you cannot lose what you do not have" makes a lot of sense here. Retain it for the shortest possible period.
Also, open source the whole stack. Let privacy folks, security folks and software folks go through the whole thing from top to bottom. One of the single biggest concerns is government tracking beyond intended purposes so make the whole thing as transparent as possible.
In terms of how this would roll out, obviously it'd be opt-in and equally there must be the ability to opt-out, for example once the value of it is sufficiently low (fingers crossed that time comes!) The gov should also clearly sunset it at some time, we just don't know when yet.
And while I'm here, let's not sensationalise the risks with some of the ridiculous hyperbole I've seen already in the media. For example, saying that the Singaporean software product is unsafe because of their autocratic government is just ridiculous (and again, open source it!)
Let's also stop using terms such as "giving up our privacy" as though privacy is some absolute position. This is about one small part of our overall privacy posture; nobody can read your email or see you via your webcam if you install this!
Suggesting the gov is incapable of running this safely because of incidents such as the Asutralian 2016 census getting DDoS'd is also just ridiculous. That IBM wasn't able to keep the census stable in no way indicates that this project is somehow incapable of being run well.
So in summary, this has the *potential* to be high-value and low-risk. We should all want this to work in a way that's privacy-centric and just as with social distancing, view it as something we do in the short term then put it behind us for the betterment of our long term. End.
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Troy Hunt

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @troyhunt see all

Profile picture
Troy Hunt
@troyhunt
Oh yeah, there’s my indoor Easter holiday entertainment sorted out! Time to level up the home network 😎
Alrighty, let’s do this! For the sake of completeness I’m going to keep adding pics to this thread then I’ll roll them into a blog post later on. Here’s where I got up to in my weekly update a couple of days ago: troyhunt.com/weekly-update-…
Now, as embarrassing as it may be, I have to share a pic of what the new stuff is replacing: behold my cupboard of shame!
Read 82 tweets
Profile picture
Troy Hunt
@troyhunt
I've been looking at a bunch of kid-related devices and services lately, mostly relating to how parents can monitor and control their activities. It's just consistently horrifyingly bad; FUD-ridden at best, massive privacy violations at worst (i.e. data accessible to the public).
The problem is that you've got a bunch of technically illiterate parents (understandable) being pushed things by schools that are influenced by marketers (much less understandable) and built with near zero focus on security (inexcusable).
You worried about your kids online? Talk to them. Browse the web with them. Introduce them to the wonders of the web on your terms and *physically* monitor them (you know, like exist together in the same room for a bit).
Read 7 tweets
Profile picture
Troy Hunt
@troyhunt
So that's the big one and all the details are in that blog post. This also means an updated Pwned Passwords which has gone from 517M records to 551M so there's a bunch of new ones in there
Email notifications will start going out to subscribers momentarily but with more than a third of all 2.2M of them in this breach, it might take a while. If you're impatient, everything is live and searchable on @haveibeenpwned right now: haveibeenpwned.com
Now emailing 768,253 individuals who subscribed for notifications and another 39,923 who are monitoring domains...
Read 4 tweets

Embed code for your website

×
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!