Profile picture
, 13 tweets, 6 min read
My Authors
Read all threads
1/ THREAD: 3 days ago, the @washingtonpost wrote about the North and South Dakota's Care19 #Covid19 app: "One of the first contact-tracing apps violates its own privacy policy".

I'm curious to see if this app respects the user privacy (spoiler: no)

washingtonpost.com/technology/202…
2/ On the South Dakota gov website we can read: "Your information is 100% anonymous and will be used in an aggregated form"

covid.sd.gov/care19app.aspx
3/ The 1st thing done by the app is to initialize @bugfenderapp. Their official description is "Remote Logger, Crash Reporter and In-App User Feedback"
4/ In an interview to MediaPost, Tim Brookins, explained his use of BugFender:
"For example, a user contacts support -- me -- and says "I went to place XYZ yesterday and Care19 didn’t work." I go to the Bugfender and look at their diagnostics [..]"

mediapost.com/publications/a…
5/ If you use BugFender in your app, you can send a key / value to the endpoint /device/keyvalue.

Care19 sends to BugFender:
- The package name
- The Android ID
- The user citizen code
6/ A citizen code, really? What is this code and where this code is used?
7/ The 1st time you open the app, you can choose between 3 studies:
- North Dakota
- South Dakota
- Other states

Yes, this is stupid. Whatever your choice, the same backend is used. The only difference is the citizen code.
8/ After clicking on 1 of the 3 choices, the app sends your choice to the server and the server is assigning you a citizen code: ND-XXX for North Dakota, SD-XXX for South Dakota.

Worth saying: If you choose "Other US States" the citizen code will be set to null.
9/ The app sends this citizen code to BugFender another time. During the device status update, the app sends:
- udid
- name
- language
- device type
- storage size
- storage available
- android id
- package id
- citizen code
- ...
10/ I almost forget, when you visit a place, the app sends the coordinates of the place but also your citizen code...
11/ To summarize:
1) The server assigned an unique citizen code to the user
2) The app sends this info among others unique and personal info about the user to BugFender
3) The app sends the citizen code with the place description you visit
12/ This is absolutely not anonymous at all.
13/ Bonus: The 1st time you use the app they ask you if your current location is your home location
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Elliot Alderson

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#Covid19

More from @fs0c131y see all

Profile picture
Elliot Alderson
@fs0c131y
I'm gonna break this thing (or at least try 😅) #StopCovid
Publier une app, la veille d'un débat parlementaire sur la question, avec lorem ipsum sur la page confidentialité est pas le truc le plus malin à faire. Je dis ca je dis rien
In fine, Orange a quand même réussi a pousser sa petite lib BLE hérité de StopC19
Read 3 tweets
Profile picture
Elliot Alderson
@fs0c131y
1/ In France, the lockdown ended 11 days ago. Today, the weather is pretty good and it’s a 4 days weekend. It’s 6pm and for the 1st time since a long time, I’m going in the center of Toulouse.

My very own personal feelings
2/ A general feeling: the streets are it very full. In this configuration, weather, 4-days weekend, time, this unusual

I never saw so much store owners outside their stores. They are waiting in front of their stores, smoking, discussing with their neighbor.
3/ More than 50% doesn’t wear a mask. One big exception, the majority of people above 50+ years old I met, wear a mask. This is a very positive thing.

A lot of people wear a mask before entering into a store because it’s mandatory. When they go out they take it off
Read 10 tweets
Profile picture
Elliot Alderson
@fs0c131y
1/ Hier, le hashtag MacronDestitution est resté dans les tendances au top de Twitter France toute la journée. Regardons ensemble pourquoi ce hashtag a connu ce succès soudain et qui l'a propulsé sur le devant de la scène.
2/ Pour répondre à ces questions j'ai capturé tous les tweets qui contiennent le mot MacronDestitution depuis le début de l'année. Je n'ai gardé que les tweets originaux et les retweets avec un commentaire.
3/ En excluant les retweets simples, sans commentaire, on se focalise sur les personnes qui fabriquent cette tendance, les producteurs de contenu. Les retweets simples propulsent une tendance, ce n'est pas notre sujet ici. On veut savoir qui se cache derrière ce hashtag
Read 20 tweets

Embed code for your website

×
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!