infosec, types, and lack thereof. Principal Researcher at Unwoven Labs. he/him
Jan 5, 2021 • 17 tweets • 4 min read
Ok, seems like as good a time as any to take another look at where the data used by #TraceTogether is stored, and what are the implications of the police having access to it. 1/
First, let's talk about identities. There are 3 kinds of identities in TT. First is your actual PII: your NRIC number, contact number, etc. Second, a unique ID that is generated per user, the ttID. Third, temporary IDs that are broadcasted to other users, TempIDs. 2/
Mar 23, 2020 • 37 tweets • 9 min read
Okay, so I've been taking a look at #TraceTogether over the weekend, to see what I could find. This is still very preliminary, but since there's a lot of chatter about it, I decided to write something up on whatever I have so far.
First, a disclaimer: I've not had a lot of time to look at it (weekend time is spent with the kids), and I have limited experience looking at Android apps, especially modern ones.