@Ljungman Singapore is promoting an app that records your interactions but keeps them on your device. If a case is detected, their identifier is broadcast and you can check if you were in close contact, at which point you can elect to share *your* contact history. https://t.co/hZyFs0PfYZ
RT @ArthurB: It's a clever idea. Records your interactions but keeps them on your device. If a case is detected, their identifier is broadcast and you can check if you were in close contact, at which point you can elect to share *your* contact history. https://t.co/F2joRe6SCh
Released 22 July 2019
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic (Key Negotiation of Bluetooth – KNOB)
Description: An input validation issue existed in Bluetooth. **This issue was addressed with improved input validation**.
CVE-2019-9506: *Daniele Antonioli of SUTD, Singapore*, Dr. Nils Ole Tippenhauer of CISPA, Germany and Prof. Kasper Rasmussen of University of Oxford, England
Entry added 13 August 2019
Was thinking why it only interacts with nearby devices that has the app installed. They could've stored all Bluetooth addresses of nearby devices irregardless of whether the other party installed the app. The person that had contracted virus can then provide their Bluetooth address even if they didn't install the app which can then be used to track if you've been near that particular person, under the assumption that that person had his/her Bluetooth on. This way, u can also check if you've been near someone that contracted coronavirus through the data provided by anothrr person that had already installed the app in the first place. Maybe it's to save battery
> please download because the way this will work as intended will requires crowdsourced data for reasonable sampled size and variety.
I will too. The app will be effective only when a large number of people use it.
>If i ever very unfortunately got infected with COVID-19, i will very much like to know who infected me and the prospective people that can be infected by me and contributes to this contact tracing..
It seems the app would not be able to identify "who" infected "who". Rather, the app simply identify "who" and "who" belongs to the same cluster (thus are at risk or infected).
And as long as not 100% of the population use it, the few people who don't use it could be the hidden "link" that spread the infection.
I'm inclined to download this just as a part of doing my civic duty, but I've some concerns about how secure the location data is kept (considering many govt services was hacked in the past ~3yrs) and the privacy aspect of the app.
Any tech-inclined redditor willing to chime in on the security and privacy aspect of TraceTogether?
For now I turned on location history on my google maps instead.
At least in the unlikely case that I kenna, I can readily hand over my movement and travels.
It's stored locally, and MOH needs to seek your consent to obtain the data. https://tracetogether.zendesk.com/hc/en-sg/articles/360043735693-What-data-is-collected-Are-you-able-to-see-my-personal-data-
That's what they said but without reviewing the source, we will not know if this is true. Anyway, this app is developed by a public agency with public monies, they should release the source to the public.
... And expose the code to reverse engineering and abuse? How's that gonna help keep people's data safe?
Some things should remain black boxes.
And at the end of the day, if one has doubts about tech (not that people aren't already Instagramming everything they do, for eg) or the people that run the tech (hi Google and FB) *then don't use it*. We just have to take the cost of imprecise and incomplete contact tracing as a sunk cost. And hopefully not blame the Gahmen when the inevitable occurs.
When the source is release, there is no need to "reverse engineer". Opening the source to the public make the code more secure and robust, not less, which makes abusing much more difficult. Releasing the source does not equate to exposing data (which they claim is stored locally anyway). Claiming open source is less secure and susceptible to abuse is pure FUD with a ostrich mentality.
Without knowing the exact implementation, there’s no way to tell.
But I imagine the app would store ur movement and transient bluetooth contacts (including their contact # or unique identifier) locally on ur phone. So if you’re a confirmed case, they’ll pull the local data from ur phone in order to extract the previously mentioned contact # or unique identifer and contact every single one of them to inform them of possible transmission.
At least that’ll be how I will implement it. No backend storage and privacy issues to work with.
Gov.sg have stated that they are not pulling loc. data and they would require your consent to extract the encrypted contact ID if you are a confirmed case. I would not worry about this app except that Bluetooth sucks juice like crazy and there are privacy controls for Apple devices that might limit effectiveness .
Anyway the State has the existing capability of pulling loc. data from Telcos for national security and criminal cases.
I see, I might install it then, considering GPS sucks more juice.
Just a little weird keeping bluetooth on all the time since it keeps randomly connecting to my other devices / playback devices when I move away for a bit (eg. get some water from pantry and come back to my workstation)
To anyone who wants to complain about how you need to leave the iPhone app running for it to work, blame Apple instead of the developers.
It’s a technical limitation imposed by Apple to protect your privacy. There’s nothing anyone can do about it, short of leaving out the Apple ecosystem and just develop it for Android. It’s a “better-than-nothing” situation.
Facebook links are not allowed on this subreddit.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/singapore) if you have any questions or concerns.*
Yes, Apple is renown for protecting privacy. But app developers must highlight limitations as not all apps are covered by these limitations. For all we know Gov.sg might have be allowed to bypass like navigation apps. Good for the developer to clarify.
Unless this app is open sourced or the source code is given to Apple, no way in hell Apple will allow a government to enable mass surveillance on their platform that runs in the background 24/7. (I’m all for this idea but this probably won’t happen).
App developers have to submit their app (not the plain source code) for Apple’s review before it is approved to be listed on app store. Which means that Apple actually more or less has the capability to scrutinise an app to a certain extent, even without the source code.
If the government were to openly request, it would be extremely bad PR for Apple to turn them down, considering the current situation.
Welcome to r/Coronavirus! We have a very specific set of rules here. Here are the highlights:
Be civil. Personal attacks and accusations are not allowed. Repeated offences may lead to a ban.
Avoid off-topic political discussions. Comments must be related to the ongoing coronavirus outbreak. Comments focused on politicians rather than public policy will be locked/removed at our discretion and repeat offenders may be banned.
Please use reliable sources. Unverified twitter/youtube accounts, facebook pages, or just general unverified personal accounts are not acceptable.
General questions and prepping info should be kept to the Daily Discussion Thread.
No giving or soliciting medical advice. This includes verified health/medical professionals.
If you are feeling anxious, depressed, or overwhelmed please see our list of support resources
so what if it is? you’re gonna lock urself down at home for the next 3 months?
we do our best to minimize contact, the govt. do their best to control and treat new cases. we’ll get thru this eventually.
what’s the point of worrying about things u cannot control and spreading fear?
“Close contact is defined as—
a) being within approximately 6 feet (2 meters) of a COVID-19 case for a prolonged period of time; close contact can occur while caring for, living with, visiting, or sharing a healthcare waiting area or room with a COVID-19 case
– or –
b) having direct contact with infectious secretions of a COVID-19 case (e.g., being coughed on)”
“A close contact is someone who has been face to face for at least 15 minutes, or been in the same closed space for at least 2 hours, as someone who has tested positive for the COVID-19 when that person was infectious.”
I think being next to someone who is talking for 15 mins or longer, for example on public transport, would also count, since that would expose us to enough saliva droplets from that person.
Transient contact on the other hand, would refer more to people we pass by (who aren’t sneezing or coughing during the encounter), or the persons next to us on our public transport commute who aren’t talking for at least 15mins/sneezing/coughing.
definitely gonna help
i am gonna guess it will detect the bluetooth devices in your radius periodically, and cross reference cross paths and duration of "meeting".
I would probably analyze the signal strength if there is the data to see how close the person was.
When iOS app runs in background mode, the information it can include in its broadcast are limited so any useful identifying information are removed. However, this is based on my understanding a couple of years back like 2015. Maybe things have changed!
Will be cool if the developers give info on this. Otherwise I am inclined to think that Apple still values privacy.
For iOS users have to keep the app in the foreground without closing or putting the device to sleep. iOS no longer permit apps to run in the background for longer than 7 seconds anymore.
The exception to this is navigation applications and music playback.
Also apps can barely pull out any device hardware identification now. Things like MAC address or serial no are a no no now.
I just downloaded it; the app explicitly says that for iOS users, the app has to be kept open for it to work. The app’s “home screen” also specifies the following:
“How you can help stop the spread of COVID-19:
Keep app open in power saver mode, especially in meetings, public spaces, and public transport.”
I’ll prolly start bringing my iPad mini out with me to use on my commutes so that I can leave the TraceTogether app open. (and also disable auto-lock)
You should be wary about more than battery life.
The Government can already track everyone with your cellphone (every SIM card is registered), and all the cctvs around, this gives them yet another way to track you. We're slowly turning into China. Companies can't misuse data but PDPA doesn't apply to govt, Presidential election is... Not really an election, cannot say the wrong thing (POFMA), soon the government will have even more data on us.
And yes, it's a crisis, but this is how the slippery slope begins. We've already done so well with contact tracing so far, there's no need for something like this.
Realised some time ago that my HDB have CCTV at ground floor of lift landing and staircase of level 2 after lift upgrading program. This means even without carrying a phone, it is not possible for my movement in and out of my house to be untracked unless I rappel out of my house. It's at this moment that I realised big brother is watching.
He's possibly reading this too. Hi.
I installed this app though.
I agree with you privacy is a major concern for such apps.
>The Government can already track everyone with your cellphone (every SIM card is registered), and all the cctvs around, this gives them yet another way to track you.
As you already said, the government already has means to track us. Thus this is no "increased in privacy loss" compared to before. To me, this app just seems to be a more efficient (and may be automated) way to make tracing easier.
>We've already done so well with contact tracing so far, there's no need for something like this.
Perhaps this is in anticipation of greater number of cases that needs to be traced/ monitored now that more people are returning to Singapore from overseas. Current ways of contact tracing would have a upper limit, but having an app would move the upper limit higher.
An analogy is a solving simultaneous equation. With 2 unknowns, it can be solved relatively easily. But if there are more unknowns, the time taken to solve would increase exponentially.
As more people return from overseas or more un-linked local cases are identified in a single time frame, I imagine the complexity of contact tracing increases exponentially. So greater use of technology would enable it to be kept manageable.
>and all the cctvs around, this gives them yet another way to track you. We're slowly turning into China. Companies can't misuse data but PDPA doesn't apply to govt, Presidential election is... Not really an election, cannot say the wrong thing (POFMA), soon the government will have even more data on us.
>And yes, it's a crisis, but this is how the slippery slope begins. We've already done so well with
How do you know that PDPA doesn't apply to govt?
> How do you know that PDPA doesn't apply to govt?
It's literally [written in the law](https://sso.agc.gov.sg/Act/PDPA2012#pr4-):
> “public agency” includes —
> (a) the Government, including any ministry, department, agency, or organ of State;
> 4.—(1) Parts III to VI shall not impose any obligation on —
> (c) any public agency or an organisation in the course of acting on behalf of a public agency in relation to the collection, use or disclosure of the personal data; or
My Bluetooth is on all the time. I don't notice any significant battery drain. My smart watch (Amazfit Stratos) lasts almost a month even though Bluetooth is on whenever the watch is on (a few hours each day).
Nowadays, Bluetooth Low Energy is really efficient.
>Anyone near by can get all your contacts.
This is a bold claim. Source?
If we're just talking about security in general, Wi-Fi also has risks. Even mobile connection itself has risks. The golden rule is to keep your device updated with the latest security updates (easier on Apple and some Android vendors).
Besides, we are fighting a more urgent enemy here.
Help stop the spread of COVID-19 in Singapore by using your phone’s Bluetooth
TraceTogether supports Singapore’s efforts to mitigate the spread of COVID-19 through community-driven contact tracing.
TraceTogether uses Bluetooth signals to determine if you are near another TraceTogether user.
If you have been in close contact with a COVID-19 case, TraceTogether allows the Ministry of Health (MOH) to contact you and provide guidance on what to do.
Your data is encrypted and stored on your mobile phone. If a TraceTogether user is a confirmed case (touch wood!), they will be asked by MOH to upload their logs, so that the MOH can reach out to close contacts to provide care.
TraceTogether helps us protect our loved ones and families so that we do not spread the virus to them unknowingly. It also helps us support the work of contact tracers and healthcare workers by combating the spread of COVID-19 together.
TraceTogether's functionality will be suspended after the epidemic subsides.