Chronotope’s avatarChronotope’s Twitter Archive—№ 118,294

                        1. …in reply to @swodinsky
                          swodinsky So... I've only played a little with Bluetooth but the two things that are a concern are 1. there is an identifier on your device that says you are diagnosed. 2. there is a piece of data on your device that says if you have been close to someone who has been diagnosed...
                      1. …in reply to @Chronotope
                        swodinsky Now I guess you could advertise some sketchy shit at those signals if you could get at them, which might be difficult. I'm not sure how the data is stored here. Also... I guess if you are a bluetooth beacon run by an adversarial entity you could do a bunch of sketchy things...
                    1. …in reply to @Chronotope
                      swodinsky There's nothing I see here about stopping people from falsely reporting a diagnoses and running around causing a panic. There's also not a lot of clarity around high density housing. My phone can potentially receive bluetooth signals from the neighboring apartment...
                  1. …in reply to @Chronotope
                    swodinsky Also, if you are a rogue bluetooth beacon you could set objects to report a diagnosis potentially? It isn't clear if this requires like... a doctor's note or something...
                1. …in reply to @Chronotope
                  swodinsky Then there are the unintended side side effects of increasing bluetooth use and t/f unintentionally increasing the efficacy of ad beacons. But... I don't see this causing a ton of people who don't already have bluetooth on to turn it on, so that's sort of eh.
              1. …in reply to @Chronotope
                swodinsky The actual protocol looks pretty anonymous. Outside of who accesses the database being a major q, or someone falsely emitting a diagnosis in order to collect some sort of vague trend data it doesn't seem very useful to adtech...
            1. …in reply to @Chronotope
              swodinsky There's two major concerns outside of who gets access and false reporting: - Being a major scumbag to try and understand trends about interpersonal contact for advertising. But considering how unusual everyone's activity is now... I can't really see a use for it...
          1. …in reply to @Chronotope
            swodinsky - A healthcare provider (as opposed to a gov't entity) monitoring data, determining trends & reselling those trends as bluetooth patterns to seek for targeting for some reason. Health insurance are all scum so that could be something that occurs if they are given access, but...
        1. …in reply to @Chronotope
          swodinsky Hard to see how useful that would be and if it would really be worthwhile to anyone unless this type of project lasts beyond the end of the virus and remains accessible to those insurance providers. ADV_NONCONN_IND is the most privacy preserving bluetooth signal...
      1. …in reply to @Chronotope
        swodinsky And the rotating encryption scheme seems likely to make keys useless to any advertising technology creep-tech. However... I would never do this b/c the likelihood the data will eventually get into the hands of American Health Insurance cos and be used to fk with coverage...
    1. …in reply to @Chronotope
      swodinsky Also like.... the minute this is live some internet asshole is going to try and screw with it and false report a diagnosis. Maybe the system can be designed to secure against that (or has been) but I haven't seen a clear documented answer yet.
  1. …in reply to @Chronotope
    swodinsky So my bluetooth will be staying at its current position... off. I just don't trust the American healthcare / insurance system enough to give it this level of access.
    1. …in reply to @Chronotope
      swodinsky But yeah I don't think any ad tech creepiness is going to really build off this. The proposed methodology around timed key rotations & the exchange seems to be well grounded in existing anonymization technology and privacy-preserving approaches. The problem is who gets db access.


Search tweets' text