My Authors
Read all threads
We have published a #DP3T paper analysing the document PEPP-PT released yesterday on its NTK protocol, following the events of the last few days. We are very concerned by the potential for misuse of this system. Our conclusion, and a thread. 1/n github.com/DP-3T/document…
The protocol allows the server to track both uninfected and infected people across time. If the same person walks past two different Bluetooth recievers, the server knows. Install one at passport control? CCTV? Or just put a registration form in the app.
Users might think their IDs are random, but hidden tags can be introduced into them which make individuals emit a characteristic. These tags can be demographic (eg profiling) or can be individualised to allow long term tracking by third parties w/o access to the back-end server.
We emphasise the fundamental attack on ALL such contract tracing systems, where a determined tech-savvy, pre-motivated user can identify if someone was infected or not. Centralisation does not prevent this. In DP-3T however, secret sharing means you need 10-15 mins with them.
If you capture a famous person's broadcast identifier (or download it from an online list!) you can force their phone to tell them they are at risk. In DP-3T, you never upload anyone else's identifiers, so this attack does not work.
PEPP-PT do not discuss that iPhones will need to be unlocked, screen on to use the app. The number of phone users that have their phone stolen in a year is between 1-2%, from our research. It will now be stolen unlocked. Law enforcement will also receive it unlocked.
Critically, the centralised approach, by design, leaks the social graph of uninfected and infected people, revealing clusters of friends, family, employees, political, social and trade union gatherings, and more. This is the fabric of our societies. In DP-3T, this cannot be done.
These possibilities for function creep concern me greatly. In #DP3T, we sought to design them out. Your phone generates the random ID, you're not given it. You never upload what you see. The server never learns the graph. All this is not necessary. Why is PEPP-PT pushing it?
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Michael Veale

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!