Specification mentions how can a social/proximity graph be constructed or avoided. It does not mention the use of such graphs.
Consider using one type of graph naming- contact graph, social graph, proximity graph is interchangeably used within and across document/s.
Contradicting statements are made w.r.t to ability of central authority in constructing these graphs:
Specification:
The authority running the system, in turn, is "honest-but-curious". Specifically, it will not deploy
spying devices or will not modify the protocols and the messages. However, it might use collected
information for other purposes such as to re-identify users or to infer their contact graphs.
Given any two random identifiers of IDTable that are flagged as \exposed", the server Srv can not
tell whether they appeared in the same or in different LocalProximityList lists (the proximity links
between identifiers are not kept and, therefore, no proximity graph can be built)
A LocalProximityList contains the EBIDs of the devices that the infected user has encountered in the last CT days. This information together with the timing information associated with each HELLO message could be used to build the de-identified social/proximity graph of the infected user. The aggregation of many such social/proximity graphs may lead, under some conditions, to the de-anonymization of its nodes, which results in the social graphs of the users.
Summary:
The authority does not learn the real identities of any user, whether diagnosed with COVID-19 (i.e., tested positive), such as Alice above, or exposed, such as Bernard and Charles. Also, the authority cannot infer the “proximity graph” of Alice, Bernard or Charles.
A few questions related to social graphs:
Specification mentions how can a social/proximity graph be constructed or avoided. It does not mention the use of such graphs.
Consider using one type of graph naming- contact graph, social graph, proximity graph is interchangeably used within and across document/s.
Contradicting statements are made w.r.t to ability of central authority in constructing these graphs:
Specification:
Summary: