I've had a bunch of discussions with people here about Signal PINs over the past day.
I don't usually spend this much time on Twitter, so parallel to the direct discussion, these are a few of the adjacent thoughts that have come up for me:
1/14
1) I think it's increasingly important to consider how discussions around technology are perceived across the full spectrum of backgrounds (from technical to non-technical) for everyone interested in the topic of their own privacy/security -- which is basically everyone now!
Its interesting that some folks who see discussion around PINs conclude "switch to app X!" where X invisibly stores the same data in plaintext rather than e2e.
Signal's efforts are a discussion b/c we're designing not to store data in plaintext, while plaintext got no discussion
First look at Apple/Google contact tracing framework:
1) Once a day, your device derives a new key ("daily tracing key").
2) It uses that to derive a new "proximity ID" every time your device's bluetooth address changes (15min), which is broadcast to nearby BT sensors.
1/10
3) Your device keeps track of all "proximity IDs" it sees.
4) If someone tests positive, they choose to publish their (previously secretly) "daily tracing keys."
5) Your device frequently DLs all published daily tracing keys and KDFs to see if they match recorded proximity IDs.
So first obvious caveat is that this is "private" (or at least not worse than BTLE), *until* the moment you test positive.
At that point all of your BTLE mac addrs over the previous period become linkable. Why do they change to begin with? Because tracking is already a problem.
When I think about why tech often fails to serve our interests, I think about rooms like this. So long as software requires large rooms of people staring at computers all day, every day, forever -- I think there will often be a mismatch b/t how we wish tech worked and how it does
Many hope to make technology serve us better by making it "distributed." I (controversially) don't think that would be the outcome, in part because distributed systems are usually *more* complex and difficult to reason about, potentially requiring even larger rooms than this one.
Like what if there were Uber, but "decentralized?" Maybe then all the money can go to the drivers instead? Okay, but so long as that requires huge rooms of people sitting in front of a computer 8hrs a day, every day, forever -- I don't think that version will be any different.