coronanet / go-coronanet

Go implementation of the Corona Network
36 stars 6 forks source link

Discussion: What are your plans with this? #23

Open corpetty opened 4 years ago

corpetty commented 4 years ago

First off, awesome project, and interesting way of doing it. I have a few questions regarding your intentions and whether or not we are doing redundant work.

To preface those questions, it's informative to know that I am attempting to build something in a similar vein. Specifically, it is a graphql-(server/client) web application to continue the process of the EthCC/Paris COVID case tracking spreadsheet that was started/stopped/continued by various people in the community.

My goal is to provide something that has more privacy and personal control over selective disclosure, as well as provide an anonymized dashboard for others to discover their COVID exposure risk based on the events they attended. Current WIP can be found at server and client repositories (repositories READMEs have not been updated from their boilerplate forks yet).

Note this application is optimized for getting out quickly with reasonable security/privacy, and uses Google/Twitter Sign-in (Oauth2) to facilitate quick on-boarding and verification of users. I need to map available data to a provable user so they can take over how much they'd like to disclose from now.

My questions finally:

karalabe commented 4 years ago

What are you medium to long term goals of this project?

The goal of the project would be that after lock-downs end, people could track the contacts they make with larger groups (events (ethcc), locations (theater yesterday)). Then if anyone self reports infection, you get semi-instant automatic notifications for everyone that might be affected so they can either self-isolate or at least keep their distance from potentially high-risk people.

Do you feel we are doing redundant work?

Pretty much yeah :D The idea came from the exact same EthCC spreadsheet, that it would be super awesome to automate all of that. My main requirement however was that I want absolute privacy. IMHO this only works if the system can guarantee that no health data leaks out, not even to your friend's friends.

Do you have plans for pulling (anonymized) network statistics out for public analysis consumption?

I definitely do see the appeal. However I think it would be a bad decision. The app would only ever be useful, if enough people use it. The more people, the more precise the prediction. Not collecting any data whatsoever sends a clear message: you can use it, we never see your data, here's the code to check it yourself. Once you start collecting any tiny bit of data, it's always a question mark.

It is a bit of a frightening world to make an app for which you have zero insight into. But I do think that if we ever want to make a decentralized world, we need to eat out own dog food sooner rather than later.

Do you have a specific timeline hopefully planned? (imo, the faster the better due to the need for up to date info of pandemic)

There are some things I need for an MVP, namely events + status updates + data exchange (+UI of course). I'm really hoping we can get something functional out maybe in a week? However I can only push hard the backend stuff, the frontend is not my world; but hopefully https://github.com/coronanet/rn-coronanet will pick up steam too now that there's a PoC flow operational.

Note this application is optimized for getting out quickly with reasonable security/privacy, and uses Google/Twitter Sign-in (Oauth2) to facilitate quick on-boarding and verification of users. I need to map available data to a provable user so they can take over how much they'd like to disclose from now.

That's not a path I'm willing to go down. For me it's either absolute privacy / anonymity, or the project failed. I do not want to be liable for processing people's data. I do not want to have access to people's data.