Support self-declared test results

[retog]

As in many cantons authorities fail to guarantee speedy delivery of COVID codes the app should support reporting a positive test result without code. Ideally the notified persons should see that the warning is based on a self-declaration.

I know, this is not how it is supposed to work, but if people have to wait days to get a code the app is essentially worthless.

[killiankeller]

I agree. A friend of mine has recently been diagnosed with COVID-19. He ended his quarantine without receiving his code. Having been in close contact with him, I went into self-imposed and later cantonal quarantine (also slow as fuck, wtf?).

I am ending my 10 day quarantine in 2 days, he probably won't have his code by then. What the hell is the purpose of this app if the central authorities do not send these codes fast enough? This is not the fault of this app but rather of the central authorities, really disappointing. As there are no feedback channels to doctors and labs, I have to post this here.

[retog]

Apparently this is still a problem, any contributor willing to take this issue? https://twitter.com/BergerWthur/status/1314522636869947394?s=19

[rachyandco]

Scenario 1:

Attacker create a beacon emitting a strong signal in multiple locations preferably in a crowed area. The beacon sends out dp3t signals which are captured by a large number of phones using Swisscovid. Few days later, attacker enter a self declared infection that generates an alert for a large amount of individuals, all false positives. This can have an impact on testing facilities and create some panic.

Scenario 2:

Attacker uses a dedicated phone, with Swisscovid installed and running. Attacker meet or stay close of victim enough (15mn). Then attacker enter fake alert (self declared infection) and forces victim to go into quarantine.

I am sure there are other possible scenarios. I believe this is a bad idea that can be easily exploited.

[killiankeller]

While valid scenarios, imo highly unlikely to actually occur. Such an exploit is usually difficult to make and therefore usually underlined by some personal benefits (money, personal vendetta, or other). There is no gain for a certain person by performing such a scenario and therefore unlikely to occur.

On the other hand, the app as it is NOW is completely useless. Either you allow self declaration or you force the labs to send these codes and sanction those who do not. But something has to be done, as this app was proclaimed to be a central to the contact tracing

[retog]

@rachyandco, of course, the scenarios you describe are possible. However, given that currently, not even an exposure that has been confirmed with a code is actually forcing people into quarantine a self-declared notification would do so far less.

It would be a new feature of the app to notify everybody you have been close with about a possible infection or a confirmed infection for which no code is available yet. It would be up to the recipients to decide what to do with this information, I highly doubt this would create panic. Also, when it comes to COVID, complacency has been been a far greater threat than the alleged panic response.

Similar attack scenarios are also possible with the code. One could for instance proxy the dp3t signals from several crowded clubs to a retirement home. Chances are that one of the clubbers will eventually enter a code, for the residents such a notification would be indistinguishable from an actual exposure.

[zukunft]

With the new test strategy this issue is getting more important. Additional it would be useful if the measured distance and time required for creating a warning can be reduced my the user. (See also https://www.srf.ch/news/schweiz/gratis-selbst-tests-fuer-alle-die-testoffensive-kommt-ein-hoffnungsvoller-tag ) Should I create a separate issue for this?