KentShikama
commented
4 years ago Just a random person who read the spec, so take this with a grain of salt.
In short, the protocol (both design 1 and design 2) does not support what you're suggesting by design. "Smartphones locally store each observed EphID together with the corresponding proximity, duration, and a coarse time indication (e.g., “April 2”)." The protocol (design 1) intentionally shuffles generated EphIDs so that it makes it difficult to detect the exact X minute interval you came in contact with an infected person. Note as a "tech-savvy person" you can modify the app (even with design 2) to do this but you would be considered an "abuser" by the spec:
a proactive tech-savvy person can abuse any proximity tracing mechanism to narrow down the group of individuals they have been in contact with to infected individuals. To do so they must, 1) they keep a detailed log of who they saw when. 2) they register many accounts in the proximity tracing system, and use each account for proximity tracing during a short time window. When one of these accounts is notified, the attacker can link the account identifier back to the time-window in which the contact with an infected individual occurred. The attacker can correlate this information with the detailed log to narrow down who in their list of contacts is now infected.
That said your computed risk score should be a lot higher if you spend a few hours with an infected friend versus passing by someone at the grocery store based on number of unique infected EphIDs that have been observed, duration, and signal strength.
markusb
Is there a screen shot of the message you get if your app detects a contact with an infected person ?
I'd like to know what exactly gets reported. There is a huge difference between 'there was proximity with an infected person detected' and 'you were in proximity with infected person with id xxxxx, on at '.
I think displaying the id if the person may be problematic for privacy reason (despite it being impossible to trace back). But the timestamp and place is pretty important. There is a huge difference between time and date to correspond to a visit to a friend or a visit to a supermarket.