I just saw this on LAINCHAN /sec/. Do you know if the US govt is really trying to do this? I wouldn't put it past them..
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
USA wants to make a mobile app that tracks the user's location, notifies users who were near infected users.
Obviously, this has severe privacy implications; probably it'll stay after the epidemic ends, further degrading our privacy. (This is a classic tactic by governments: during ``difficult times,'' implementing a ``temporary'' policy meant to ``ameliorate the situation,'' but, then, after the ``difficult times'' are over, the ``temporary'' policy remains in effect, effectively granting the government greater power at the expense of it's citizens. Naturally, I'm opposed to this coronavirus espionage app.
The challenge I present to you, fellow lainons, is to design a programme for such an app that does not give any power to anyone, except the end user. What should such a programme do? The idea is to notify users that were in proximity to an infected user, perhaps with some suggestions as to what to do, such as self-quarantine, how to access medical aid in a safe (to oneself, and to others) manner. A user who is uninfected and was far from any infected user should remain unaffected by this programme.
Here is an idea: the user has an instance of the programme on his phone. The programme does a local radio (e.g. via BlueTooth or WiFi) scan, requesting a public key from each other instance of the programme that it found (and sending, to each found instance, an (for each such scan, for each found instance, for each scan, a different key is sent) his public key). A user that is diagnosed with coronavirus can send a message, via a few of many known servers (or, part of the key exchange includes a list of transmission methods), encrypted to that public key; an instance can check those servers to see if there are any messages to any it's keys.
Such a programme can have uses beyond this epidemic, such as for the same thing but about other infections. Maybe we can develop such a programme (open source, naturally) that respects the privacy and freedom of it's users.
This idea may be wrong, but I'd like to hear your thoughts, other ideas, criticisms about it.
If we're gonna make this a project, we should sign our posts, so that, if it becomes a more formal project or gets a repositiory, then we can remember who contriuted what, to make it easier to continue such a project.
Here's my public key:
- -----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEXpSALhYJKwYBBAHaRw8BAQdA/EUv//gzeE6xcbQqtkOYWfzUtK6LgZOmDn4D
/bj0IGK0C3RoZUhlYWRDYXNliJAEExYIADgWIQSjO/VoBmGXNh5borHrZSoSRF6B
UQUCXpSALgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDrZSoSRF6BUZnL
AP9RlxYhjEBZxnivLWKLex9O+QWsEUirrxkSIq4Em9MFagD/Zw3cs4XFoz3xJhDY
y2TZ95xYQ+49ZIeqWBaATIdsIAi4OARelIAuEgorBgEEAZdVAQUBAQdAG7V6rJp+
nj45Z94iScsmvoN/HRN26mJsVfZv99kUzxgDAQgHiHgEGBYIACAWIQSjO/VoBmGX
Nh5borHrZSoSRF6BUQUCXpSALgIbDAAKCRDrZSoSRF6BUQlSAP9TpE/wc5l2AXbA
9pRVxNoclRjl8qtA0KurUR8f5SdYTgEA2cfDcE4pQ0MxH1MTm+1EUFCgKw3QB7aa
a7ic/+ynNg4=
=nDZ/
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQSjO/VoBmGXNh5borHrZSoSRF6BUQUCXpSEqwAKCRDrZSoSRF6B
UWtIAP4l3EcTFAjn4Ilqy7kLSb5pIuhL6ErMxQfh/KHPHjlw/AD+Ply6JoDk0m7j
UgXTpXdw6xa5M+M/mUwbHKliR3PUgQ4=
=hay6
-----END PGP SIGNATURE-----