Are you sure about that? Previously they required the location permission to scan for nearby bluetooth devices (because of the obvious implications). Recenly they've split that into it's own separate permission. It that what you're thinking of?
Not guessing no, but I distilled what they said unfavorably. My understanding was that they thought they could not communicate to their customers the complexity of how bluetooth can be used to infer information about location. But somehow this communications barrier meant that they thought it was better to expose GPS data too? - Hence why I feel justified treating them unfavorably in this case. It was just an absurd way to reason that they presented. It should have been obvious that it's better to protect as much data as possible when the user often has no choice but to enable bluetooth.
It doesn’t. All it can do is request Google Play Services to enable distributed covid exposure notifications, which in turn means the app itself doesn’t even get bluetooth beacon data.
Why do this at this late date? A year ago it would have been useful. Now, 59% of Massachusetts's population has been fully vaccinated. About 70% have at least one shot. A bit more pushing and they'll hit 80%, which seems to be about where the epidemic dies out for lack of new carriers.
Only if coupled with a public health program that does something. We might reach the ring vaccination stage, where each case triggers contact tracing and testing and vaccination of all contacts and the people around them. That's how smallpox was wiped out.
As far as I can tell, you can't ring vaccinate for this. 1) SARS-CoV-2 vaccines don't work after exposure. 2) You don't have exceedingly obvious symptoms when you become infectious. 3) IFR is not that high for most people, and if they care about that they are already vaccinated. Smallpox is very different in all of those metrics, making ring vaccination possible. Pulse vaccination might work better, but only with vaccines that majorly reduce transmission for quite a long time (BioNTech-Pfizer, Moderna, probably NovaVax), it's possible you would have to pulse J&J too often to be practical. Hopefully the original antigenic sin issue won't be so bad that re-targeting antibodies is not effective in most people, otherwise giving up on transmission control and trying to reduce deaths might be the only option, if new strains arise.
> Only if coupled with a public health program that does something
Isn't that what this whole Massachusetts thing a step towards? But my point is that the public health program can't really do something when there's thousands of cases, but the lower case count means this can be effective once more.
> Why do this at this late date? A year ago it would have been useful.
Because it took time to develop, and now they just shipped it?
Maybe if the US had had a functional federal government prior to January then a national exposure notification app might have been developed, rather than relying on the states to do their own thing. Or not. But it's too late now.
I'm not a USAian so I don't know what the take-up of a federal government app would have been. Probably insufficient given what seems to be the ambient level of distrust and misinformation.
I've been running the UK/English NHS tracing app since the start of the second wave here, and I have no complaints. I'm happy with its approach to privacy, and that I've never had an alert from it despite living in a region with high covid incidence has been reassuring.
The US public has (ironically) a long history of being more wary about what their Federal government gets to know about them than the citizens of other nations.
A great example is the lack of any kind of proper federal identification service or registry, something that has been brought up several times over the past century and been met with mass public outcry. So instead we rely on social security numbers, which were literally designed to be bad at identification.
In general the status quo is that the states handle this stuff instead. Whether it be drivers licenses, school circiculums, road maintenance, and emergency responses to natural disasters. Pandemic response is no exception to this. Sure the Federal Goverment often provides funding and guidance but it's largely up to state governments to actually examine and enforce these guidelines.
The point I'm trying to get at here is a federal contact tracing app was never in the cards, regardless of who the President is. The Presidents powers are largely limited to transient international policy (diplomacy, tarrifs, war, border control) and various congress approved Federal agencies.
Why do most of the things governments have been doing about COVID? Not because they work or make sense, most of their policies were undermined by data showing ineffectiveness a long time ago.
There’s nothing worrying about that. You get tons of apps installed without consent (including whatever spam your network provider pushes on you).
This app can actually save lives without sacrificing any privacy, pushing it to users is something that has no drawbacks.
The largest trouble for the German version of the app was that not enough people installed it. Choosing to install it automatically isn’t something nefarious under these circumstances.
> There’s nothing worrying about that. You get tons of apps installed without consent (including whatever spam your network provider pushes on you).
That is different. They are pre-installed and I can list them and disable them. They do not install suddenly by themselves months after buying the device. If they did so, there would be an outrage.
> This app can actually save lives without sacrificing any privacy, pushing it to users is something that has no drawbacks.
Yeah, "for our own good". Next time it would be an app that sends an alarm when an excon is near you. And next time it would be an app that sends an alarm when someone who shows dangerous opinions (ie. against government) is near you. No thanks, please unsubscribe me of this Chinese dystopia.
> They do not install suddenly by themselves months after buying the device. If they did so, there would be an outrage.
They absolute can do that, and do that. For example, if you switch SIM cards, the phone can (and in some situations will) install whatever crap the ISP chooses.
In my case, inserting a SIM card from ALDI’s carrier used to auto-install some weather, news, and similar stuff. Luckily that stopped recently.
This can happen at any time, actually.
> Yeah, "for our own good".
Sometimes it is actually for your own good. I agree that it can be a slippery slope, but using the available means to save lives is sometimes necessary.
The only risk is governments not returning the power they got during this pandemic, but that’s more of a worry in 3rd-world-dictatorships.
> In my case, inserting a SIM card from ALDI’s carrier used to auto-install some weather, news, and similar stuff. Luckily that stopped recently.
Surely there is a prompt. I never had apps silently auto-install in my phone. If that is true, one more reason to go with the custom rom way.
> The only risk is governments not returning the power they got during this pandemic, but that’s more of a worry in 3rd-world-dictatorships.
In my life I've seen a lot of just-for-emergency-temporary-only laws that become permanent once the outrage subsides. In supposedly first world countries
> Surely there is a prompt. I never had apps silently auto-install in my phone. If that is true, one more reason to go with the custom rom way.
Nope, Google Play Services does this all in the background. The same happens if Google thinks you’ve reinstalled your device (e.g. by wiping the Play Services data) and it starts installing some of Google’s default apps again, without prompts
> I have an app that can save your life, trust me. And give me your email so I can send it to you ;)
Great, send me the source code, I’ll get it released on f-droid and then I’ll install the f-droid version of it, just like I’ve got the f-droid and microG version of the Corona Warn App installed :)
> This app can actually save lives without sacrificing any privacy, pushing it to users is something that has no drawbacks.
This app might have absolutely no privacy leaks; honestly, it’s too early to know that yet. The code is not published; there’s been no public auditing of the backend data handling practices.
Given that, I see drawbacks.
I did not opt-in to the MA one when prompted on iOS (and it did not install [as far as I can tell]).
It is a slippery slope, the boundaries keep getting pushed, I think no one really cares about the app but just the fact that for some people it apparently is hidden installed.
Except, the Corona Warn App is the biggest crap that I have ever seen. Yes, the code is open and free and super transparent; morally superior. But what about the effectiveness of this app? Even the German officials do not mention this app since many many many months. The app was criticised from all sides due to lack of effectiveness.
Even the freedom-loving large news outlets published their opinions that they would have wished to see some sacrifice of those high morals for at least SOME level of effectiveness.
I have the app and it is a big piece of junk since day 1. My brother is a doctor and is using this app. He has regular direct contact with Covid patients. Do you know how many "high risk contact" notifications he has received since Summer 2020? Yes, you guessed it: 0.
That's some seriously flawed logic, and a much bigger issue, if you are correct. They should have tried an information campaign first. If that didn't work then clearly people voted against it, and they have no business going against that. If they think they know better than the people they undermine democracy.
Germany had a massive ad campaign for months without much success. The issue remains that people are lazy. That’s part of why microsoft bundling IE was banned, because 90%+ of users won’t go out of their way to install something.
I can't find those ads, but most likely the ads were uninformative so people did not find them to be instructive. Suggestion without reference to fact is the norm with those campaigns.
The app was recently evaluated for effectiveness.[1] 110-230k people were tested positive as a result of a warning and therefore isolated. They found that it had about the same effect as the tracing efforts by all public health authorities combined.
The RKI estimates the contribution that the Corona-Warn-App makes to containment to be roughly as high as that of all health authorities together. [1]
I'm surprised your brother has not received any notifications. My partner is a doctor at a major university hospital and has been warned repeatedly to say the least. During the second wave, the Corona Warn App showed low or high risk warnings pretty much every week.
The Corona Warn App won’t give you a warning unless you’ve spent a minimum amount of time next to that person. In Germany, patients often spend only very few minutes near the doctors themselves. That may explain the lack of warnings.
In my country, the government re-skinned the Singaporean open source covid19 app, which appears to be about the same thing as this one.
The government didn't install it in every phone, but they made it mandatory for business-owners to check that you have the app enabled if you want to enter their premises. Everyone needs to eat/shop, so most people were forced to install the app.
Every grocery store has a greeter at the door to check you have the app running, check your temperature, and squirt sanitiser on your hands.
People just will worry about apps which suddenly appear on their phones without their action. And this is totally justified, as the chance that this could be something malicious is much higher than being something non-malicious.
Having said that, I totally agree that German government should have done more to push the Corona Warn App - but only in public relation terms. I totally think Corona Warn App does not live to its full potential in Germany because it is not installed widely enough. But you just cannot do this by force.
So the German government isn't happy with just fucking everything up locally and is now spreading globally? Did they run out of toxic masks to buy, fake tests to pay for and success statistics to falsify (by removing the leading 20 countries)? There are currently investigations against several members of the government over quite visible corruption while paying themselves with money meant to fight corona and more than enough reports around misuse of government funds because nobody checked how the money would be used.
If there is anything corona related from the German government on your phone you probably should nuke it just to be sure. The mixture of corruption and stupid involved in making it is not something you want anywhere near you.
Luckily neither Scheuer nor Spahn were involved with the CWA. Check the source code, it’s actually really neat.
Doesn’t help with the rest of the fuckups, obviously. Significantly worse is that now everyone has started switching to the luca app, which actually is a dystopian nightmare as it stores everything on its servers, forever, and sells everything to ad partners.
A quick check reveals a few things to me: a) the only thing the CWA seems to do to "protect" privacy is to send fake queries from time to time, which doesn't remove the real ones b) its 16 years and up without parental consent which implies that it does not meet the privacy requirements for children and c) it involves Google, which is one dystopian tech company too much for my comfort.
That's not a distinction most will recognize, partly because believing this is true requires you to trust Google wouldn't share sensitive data with the authorities. They just proved they will happily push code to your device without notifying you at all, if they think it's for the greater good.
I think the real question is what mechanism allows them to push a random app to some phones? google play services is actively listening for remote installation requests?
that's essentially a remote-code-execution backdoor to all android phones?
Not exactly. On the Android store you can choose exactly which device to install an application on.
For Apple as far as I know the most you can do is buy the app on desktop and, if the device is configured that way, it will receive the new app. This means it’s limited to new purchases and by the device’s settings.
Ok, but my point was that on Android and iOS it is possible to install apps without touching your phone. This qualifies as remote code execution. You need your credentials for doing this, but google and Apple apparently don't need them.
Thank you, I've even used this functionality some years ago but didn't remember it existed.
I've since de-googled my phone and sacrificed some apps that require google services, but this whole thing shows (to me) that it was the right decision.
The entire "updates" culture is essentially RCE backdoor (botnet) functionality for "trusted" tech companies.
Consent, where it is actually explicitly obtained, never rises to the level of "informed". That's because even if a user "consents", she still cannot see what is in each update.
WU allows hardware manufacturers to silently install literally anything based on hardware ID matching and the only way to prevent that is to disable WU driver updates entirely (via GPC/registry).
In my case the maker of my motherboard installed a persistent “self-repairing” (i.e. difficult to uninstall) from yet another third party. Naturally, I will not buy a product from them (MSI) again.
Another way to put this is: windows update will install malware w/o user approval in the background.
I thought this was well-known, Android is not private at all until you degoogle. Unlock your bootloader then install a ROM without Google Play Services such as GrapheneOS, CalyxOS or LineageOS.
You can consider installing microG also as an open-source minimal implementation of Google Play Services if some of it's functionality is absolutely necessary for you to keep.
Do any of the privacy oriented custom ROMs protect against that? I can't imagine their maintainers seeing code that just installs any app the ISP wants and be okay with it.
The problem is, its usually cheaper the more things you can shove into the 1 hardware item, so you have your cellular hardware in the same chip as your CPU and GPU. Not much a ROM can do about this unless the chip itself supports disabling direct memory across the two items, + does it correctly, + doesn't allow it to be reversed from the other side, + you would also need the datasheet to find out how to implement this.
Generally why privacy roms don't support more than 1 or 2 brands total, I guess.
There are also platforms with strict division between the seperate parts of hardware, la pinephone and the librem5
The factual basis of your assertion is absolutely true, but your attitude is unhelpful and defeatist.
There is a chasm between "a state actor throws an 0day at you" and "Google remotely installs an app on your phone". The latter is done at scale. The former is expensive, risky, and used relatively rarely.
If you're organizing a protest movement, it's totally reasonable to factor government 0days into your threat model. For more boring people, running GrapheneOS is a great way to reduce the attack surface they expose to the advertising and mass surveillance industrial complex.
1) http://ramtin-amin.fr/#nvmepcie, http://ramtin-amin.fr/#nvmedma (the two articles are separate but the first provides incidental context for the second) the iPhone 6 kinda maybe sorta didn't dot the Is and cross the Ts with the MMU side of things. So, USB is awesome in that the failure state is "probably can't RCE".
2) I read a comment on here, which I should be able to re-find, but hn.algolia is not cooperating, suggesting that the system design of a particular AGPS implementation (a few years ago) interposed the GPS in between the CPU and the cellular radio such that the GPS SoC could do HTTP requests to grab its almanac that all of Android, down to the kernel, had no idea about.
IMHO this level of security paranoia is at the end of the day a micro-optimization. For any given device, you're looking at maybe two or three dozen Things Containing ALUs™ (often buried inside subcomponents buried inside other things); one or two concentrations of several billion transistors; and an unknown proportion of manglement, incompetence, cost-cutting,
internal compromise (because guarantee there's none), and Agreements™. Honestly: give up, and declare that whatever makes you feel better is enough.
A core issue is that building Android ROMs is very difficult to do so in a simple and accessible manner. The build systems generally all require enterprise server level of memory and a build can easily take hours. Every device has a unique configuration, imagine if every brand of laptop ran their own variant of Ubuntu. For most "ROMs" that you find on obscure places like XDA, the builds by random people across the globe are a much greater security risk than good first-party updates.
A corollary of your question. If Google can lawfully install arbitrary apps on ordinary users' phones, can it also run arbitrary code on the personal devices of government officials investigating it for price fixing in the ad market?
"Arbitrary" is doing a lot of sneaky work here. You're implying that the law would somehow allow Google to manipulate investigators. But the law has broad allowances and exceptions in lots of areas, and competing permissions/denials that together weave specific allowances. There's little reason to think that the law couldn't allow app installation in general and also disallow either targeting of individuals or collection/manipulation of certain kinds of data.
Another question worth asking is "what is the governing law?" It is almost certainly contract law via Google's ToS. Government phones probably have different ToS, but government employee' personal phones have the same ToS we have.
If Google is asserting non-contractual rights, I'd like to know what they are.
Edit: I edited this comment because it was rude, and that was not my intent.
[Edit: the comment originally said their question wasn't implying anything] Of course you're implying something. If nothing else, you're implying the one might imply the other, and that the implication is worth attention.
The governing law that would protect people is a lot of things, and ToS is the least of it. The Wiretap Act applies, for example.
I'm afraid I disagree. Google running code on your phone implies it believes you have consented to that. That consent was not given in the app store, so it must have come from the ToS.
Consent is an exception to virtually every protection that exists: Wiretap Act, state wiretapping laws, the CFAA, and state computer trespass laws. Remember, consent is the difference between a home invasion and a dinner party.
So it seems that Google would have to cook up a pretty implausible stopping principle to argue that whatever allows them to do this does not also enable the hypothetical I described above.
If you've got a stock Android device you've obviously consented to Google running some code, and even updating to add new code after you bought it. On the other hand, apps are restricted based on permissions, and Google bypassing that would belie a consent theory.
You're making out like code is code and there aren't already existing lines and stopping principles, which just isn't true on its face.
>You're implying that the law would somehow allow Google to manipulate investigators.
Not the law. Google having root access on 2.5 billion android devices.
The law didn't allow Uber to greyball either. It did though.
This is a risk Google fully recognizes - it's why Google prevents f droid from updating apps one by one without user input. That's a privilege reserved exclusively for google play services.
> If Google can lawfully install arbitrary apps on ordinary users' phones
Of the partners in this, I think that the source of authority waa almost certainly the other one. It’s not Google, but the State of Massachusetts, whose authority is likely involved.
That also means it's going to be hard to sue over this, because the courts where you might do so are part of the same Commonwealth that authorized the action. Even if you could get a case on the docket, they'd just say the magic words "sovereign immunity" and it would disappear.
My guess is that it's the Play Store app itself that does this (con.android.vending). That app is responsible for both updating itself regularly and installing/updating other apps.
One possible way: There is a daily job run in the Play Store called "daily hygiene" that performs various configured tasks based on device state and device targeting. It would not be difficult to add some code to install this app for MA users, then push it with the next Play Store update. I am very unpleasantly surprised that this app was installed from a policy perspective, however.
They don't have to add any code or push a Play Store update or wait for a daily cronjob. Listening for remote installation requests is a core feature of Google Play Services. It is not a mystery how this was done.
>google play services is actively listening for remote installation requests?
Uh, yes? That is and always has been core functionality. You can click "install" on the Google Play website on your laptop and the app will magically appear on your phone, if both devices are signed in to Google. I triggered this behavior accidentally a good 10 years ago when I got my first Android phone, and it gave me the shivers - it really drove home the point that Google had root on my phone, not me.
In fact, this entire behavior is so normalized on phones we now have a special word for the process of downloading an app and installing it manually, the way we do on PCs: "sideloading".
That's not the behaviour of what happened here, where an app was downloaded without user initiation or intervention. There was no authorization from the user of the actions that were taken by Google or the app's vendor.
From a technical standpoint, it is the same. The phone maintains a connection to a Google server and listens for "authorized" installation requests - where "authorized" means "authorized by Google". When you click "install" on the Play Store on your laptop, you're not talking directly to your phone (how would that even work?) - you're talking to Google, who then speaks to your phone on your behalf.
Yes, of course, but this isn't a technical issue. Look at the webpage that this hn page references. When people say, "an app was installed on my device without my consent or knowledge," the exact method the device used to listen isn't important.
The first issue is that Google software allows non-authorized software installations. The second issue is that a government forced the installation of the app. The technical specifics are just implementation details.
This subthread is about the technical issue. The root comment asks "the real question is what mechanism allows them to push a random app to some phones?".
From what you've written, it appears that you are guessing as to the implementation details that correspond to the mechanism for pushing random apps to phone, which is in this case means un-authenticated apps. There may be an entirely different method used than the standard push method from selecting an app on the website.
How does the thing know you're a Massachusetts resident?
People who have the contact tracing setting disabled are reporting they still got the app, so the obvious answer seems not to apply.
Is it just getting installed on any device that enters MA? New England states are pretty small, and there's a lot of crossover, especially with states like Maine and New Hampshire, which wouldn't take this very well.
Or, if you have a layover at Boston's Logan airport, do you now end up with its contact tracing app?
Not a resident. I just found it installed due to HN. I am in MA at this time.... and have no idea when it was installed. (Of course I uninstalled it immediately)
If they're also hitting phones that were only in the state temporarily it must be using cell tower locations right? I use an always on VPN and it still auto installed (without opting in) but I have my E911 address set here so I'd have guessed that otherwise.
Just the thought of Google being able to do something like this scares the $&@*#% out of me. How on earth can you trust a company that does something like this?
Many might not have a choice. If you need a SmartPhone and can’t afford an iPhone, you’re out of options. Most of the apps people actually need has to be installed via the Play Store.
You basically get a (more) privacy focus OS from a luxury brand or you get your OS from an advertising company.
Everyone trusts Google, whether they like it or not. This is the definition of trust that security operations use: A trusts B if B is capable of doing something nasty to A.
Google has a heck-load of money. They could pay a disreputable aggregate company to deliver a load of tonne-bags of gravel to my front garden, blocking my car in, and generally destroying the landscaping. I trust them not to do this, and the reason this is true is because I haven't taken 100%-effective steps that would prevent them from doing so, and therefore they are capable of it. This example may seem a little ridiculous (there are no 100%-effective steps I could take, and I think they're trustworthy on this particular score), but it is a technically correct example of how everyone trusts Google.
Putin or Kim Jong Il or Brad Pitt could also pay to get gravel delivered to your address. You have not taken any specific 100% effective steps to prevent them, any more than you’ve done with Google, right?
To some extent, but this is beyond what is acceptable. Even if this is so support COVID notifications. Any install on an unmanaged device should be asking for permission to install something, unless you opt-in or something.
"Automatically update the programs I currently have installed when new versions are available, with a flag to disable this behavior" vs. "Arbitrarily install new programs from scratch via a separate mechanism that doesn't respect the 'disable automatic updates' flag"
Windows Update pushes all sorts of junk. At some point, Nadella must have realized, "Shit, Windows users put up with years of adware on their computers in the 90s and 00s. We're leaving money on the table by not taking advantage of this!"
Ex: In 2019, Microsoft added a shortcut Win+Ctrl+Alt+Shift that when pressed, brings up an advertisement to buy MS Office, which I have no use for, and you need to edit the registry to disable the shortcut. I already gave MS thousands of dollars for the laptop, you'd think they could leave me alone if they want me to buy another one.
Although at least with Windows, you can remove most of the damage yourself, which is more than can be said for Android. Quite honestly why does the Computer Fraud and Abuse Act exist if manufacturers remain free to abuse your machines at will?
the difference is that there is a fundamentally different power dynamic, you can just not do business with microsoft, you can't do that with the government.
It is obvious that we need better legislation to deal with all the new possibilities that technologies have opened.
The installation of this app, even done with good intent, open a lot of questions on what should be possible or not to be done by government and corporations.
When you get a device with pre-installed, uninstallable, or auto-installed apps. What are the rules?
> "By enabling this service, you can be quickly notified if you’ve likely been exposed to the virus by another MassNotify user, allowing you to reduce risk to your loved ones, seek medical attention, and slow the spread in your community."
In this case it seems that the same goal could have been better achieved by SMS that do not depend on the brand of your phone. The dependency on proprietary app stores and OSs seems a risk for the continuation of a free and reliable communications.
The only thing that is impossible to achieve without an app is to allow the user to select contacts to whom send a notification. Corporations like Google, and Apple know the list of all your contacts. So, it seems that the intention of the app is to reduce friction and send notifications as easy and effortlessly as possible to avoid that procrastination causes people to delay the warning.
But, instead of the silent install the government could have spend money in advertisement campaigns to assure a correct amount of installations. It costs money, but, people pay taxes so the government can engage on this type of initiative at a scale. This could have been a very good alternative, even if it means increasing the budged. Medical emergencies are worth the investing.
> In this case it seems that the same goal could have been better achieved by SMS that do not depend on the brand of your phone. The dependency on proprietary app stores and OSs seems a risk for the continuation of a free and reliable communications.
While installing an app without users consent can be as questionable as you want, the point about these apps are not the notifications itself but about the contact tracing which is achieved through the bluetooth functionality.
also, sending sms messages has other privacy concerns that the tracing apps have tried to avoid from the very beginning. having a person phone number can lead to eventually identify that person while that internal trace id it might use, won't.
This sounds worse to me? Rather than violation of a relatively small privacy (phone number), you instead get timestamp social graph interactions in the physical world. This seems like fat more extreme an invasion than the former.
Read up on how the contact tracing apps work. They do not upload your data to the cloud. Phones broadcast a rolling random identifier, other phones collect received identifiers, and only on confirmed infection does the person's phone upload its last two weeks of broadcast IDs to the cloud, where other phones can grab them and cross-check.
Having someone's phone number allows you (via the phone company) to trace their location at any time, forever. That is much worse.
Edit: Surely we can come up with a more approachable explanation for less technical folks, though? Here's an attempt:
"Contact tracing respects your privacy and does not send your location to the cloud.
Instead, your phone makes up a new random name every 15 minutes and broadcasts it to nearby phones. It remembers the last two weeks of names it used, as well as the last two weeks of names it heard from other phones.
When someone catches COVID-19, they register it in the app. Their phone then uploads the last two weeks' worth of names it used to the cloud, where other phones can download the data. The names aren't connected to their identity, all they represent is someone who caught COVID-19.
If your phone finds a match between a name it has recently heard and the online database, it sends you a notification. After 2 weeks the data is erased, so you are only notified if you were near an infected person in the past 2 weeks.
Since the random names change every 15 minutes, nobody can track you or know that you are the same person as last time they saw your phone. The data is only stored locally, so after it is deleted two weeks later, there is no way to go back and recover it."
How's that?
(Edited because without the intro sentence it sounded like I was trying to imply the parent didn't get it; that wasn't my intent.
Ahh apologies. It's not the wording of your paragraph, I understood both very well, they are well written.
It's a more fundamental understanding of stuff that's hard by those who are most at risk. The old, the vulnerable etc.
It's the old digital divide idea. My neighbor doesn't have any internet connected devices, for example. But she would benefit much more from the app than 40 of her mask wearing, young, self isolating, working from home fellow city inhabitants.
I didn't want to imply you didn't understand it; I was trying to come up with a more accessible explanation that might help others do so and help drive adoption.
You're right that it's not easy to explain, but surely we can come up with something that gets the idea across? :)
Still too complicated. I saw a comic version once, working through an actual example with some example IDs and it used phrases like "sends to the hospital" or "asks the hospital" etc. instead of downloading from the cloud.
Very non-technical people are not familiar with the basic concepts involved.
"Makes up a new random name and broadcasts it to nearby phones" is something they'd struggle with if they never heard or thought about random number generators, don't understand Bluetooth etc.
Also don't underestimate learned helplessness. Many will stop reading if it looks technical because they "can't understand that sort of thing. " Many such people never ever read such lengthy step by step technical documentation. It seems to them as a quantum physics experimental setup description sounds to the average programmer.
Learned helplessness is so real. My partner works at a help desk, and I constantly hear stories of older folks just mentally shutting down as soon as she has them open the start menu or a settings menu.
I even see it in myself, a super curious neophile software/hardware hacker. Sometimes I'll come across some particularly arcane API docs and it's like my brain just goes "tl;dr" to the whole thing and tries to immediately find a way to avoid interfacing with it.
That mental switch of "ah this is overwhelming, eyes glaze over" is all too easy to trip, even if you push through it and it really is not that bad after the fact.
It's also an ego-threatening thing. Often the older folks or otherwise nontechnical people are socially higher status and being lectured about something that they may not understand sounds dangerous to them or they take it as being challenged by them, especially if the person explaining it is lower social status, younger, "just a kid" etc.
It's easier for them to just refuse to participate and dismiss the topic as irrelevant, than to take up the game and then perhaps be seen as "dumb".
And this state of affairs is actually quite unnatural. The natural course of things over the millennia was that older people are more experienced and can give direction and advice to the young ones. Sure, this is still true in some "soft" topics, but the generational gap in understanding how the modern world works has never been so large.
When someone has lived 70+ years and done fine for most of those years. What is the use for them to learn what an "icon" on the "desktop" is, and why should they care about "browsers"?
This very much feels like justification for victim blaming.
Because the world changes. You don't change, you get left behind, sometimes in very important ways. (For example, my wife's licensing board now sends the renewal stuff only by e-mail, not snail mail. There are a few old-school people who have to get someone else to get the form for them.)
I prefer token over name, otherwise I think it's decent.
Here's my crack at it for fun:
Exposure Notification apps are a privacy preserving technology to help prevent the spread of COVID-19.
They don't collect or log any location data which is what makes them private.
Instead, a phone equipped with the app will continuously log and broadcast random tokens that change every 15 minutes.
Nearby phones with the app will take note of the token and the signal strength, while broadcasting a token of their own.
Each day the app downloads a public list of tokens that have been shared by people who have tested positive for COVID-19.
If your phone has been around a number of these tokens, it will notify you to get tested and self-isolate.
If you test positive for COVID-19 yourself, your doctor will give you a key to enter into the app. Entering the key will upload your tokens to the public list.
While exposure notification apps do preserve privacy, they are limited in effectiveness without widespread adoption. Additionally they are not a suitable replacement for traditional contact tracing.
Well what do we expect? We've been shoving privacy down peoples throats for years.
You can't now expect them to be rational and trust us with: "don't worry we know privacy is bad, but THIS privacy breach is okay. Again trust us this is because of covid, we're the good guys."
Right. They can change things with the next silent update anyway. In Germany they also started requiring turning on the GPS while using it. Initially it wasn't necessary and only Bluetooth was needed. Who knows what they modify all the time. I have no spare capacity to follow these developments and when they decide to stop caring about privacy and go rogue in the name of harm prevention.
The apps used around Europe, including Germany's Corona-Warn-App, do NOT use GPS. It only asks for location permissions since it utilizes the exposure notification API that indirectly tracks your "location" relative to other users (i.e. the ID exchange)
I fail to see the difference. You say it doesn't use GPS, but then continue to say that it uses location data (and thus, I assume, GPS). So which is it? Or are you saying that the app doesn't receive the user location data, only Google does?
Neither the App nor Google use location data. However, Google still prompts your for these permissions because, in their mind, the swapping of rotating IDs presents an indirect way of tracking somebody's location (although that data is solely stays on the device and is never transferred, unless a positive person decides to upload the list of IDs there were in contact with)
On android, a lot of APIs that have nothing to do with GPS (such as watching wifi networks, looking for devices on the same network, etc.) actually need the "location data" permission.
This is misleading, but it is made so because one could potentially use data harvested through those APIs to infer your location (for example, if an app has a map of wifi networks, knowing which networks are around allows it to infer your position)
Even if it is perfectly safe with no potential for abuse, I deserve to make the decision to opt-in, not have it silently downloaded and installed. If the government thinks I am too stupid to understand how safe it is or that I should just trust them more, that is totally on them. They either need to communicate well or fix the trust issues.
> only on confirmed infection does the person's phone upload its last two weeks of broadcast IDs to the cloud
Alternatively phrased: “only upon government request does the person’s phone upload…” with the implied promise that such request will only come as a result of a CV-19+ test result.
The whole protocol was designed very cleverly from the start to avoid all the privacy blocks that might inhibit people from using it [1], because the main drawback in this is that it's completely useless unless you have a critical mass of users that actually use it.
It is very difficult to explain to people that are not curious about the technology and all they hear is 'tracing = tracking = no privacy'.
I imagine this is why this app has been silently pushed, but in my mind just having it available and active on phones does not help you that much if the same users are also not aware and actively reporting their infections. So you will have a very small group that consciously install it and when they get infected they report; a lot larger group will get a notification that they have been close to an infected individual. I suppose they hope that by showing those notifications then people that subsequently get tested positive will be curious enough to find out how they should report in, etc. It's risky especially seeing this backlash about silent installations...
>It is very difficult to explain to people that are not curious about the technology and all they hear is 'tracing = tracking = no privacy'.
But this is literally true. This is an app pushed to people remotely without their consent or even knowledge. People cannot trust the claim that there is no privacy gotcha involved in this, especially when previous attempts seem to have opened the log of this information to all installed apps:
Is there something special about it being an app? Because the contact tracing framework that the app uses was already pushed to people remotely without their consent or knowledge - as well as the contents of every update ever to Google Services Framework. And in the big scheme of shady shit that Android does without the user's consent or knowledge, that's a pretty benign, privacy-respecting one.
Would it not be possible to send everyone currently in the state an SMS? I personally would be okay with the government having access to this type of PSA.
I'm not sure I get your point. The notifications are sent when system detects you were in contact with a person that tested positive, so mass messages don't make that much sense.
Unless you are referring to using the sms as a marketing way to encourage people to install the application...
> having a person phone number can lead to eventually identify that person while that internal trace id it might use, won't.
What? Many many bad people seem to somehow have my number. Practically daily I get an SMSs saying "I've been transferred $5000 to the please login to confirm your transaction .." or some such. I block but they keep on coming. Now, I think I'd rather the person who was responsible for these SMSs to have my phone number than a freaking app running on my phone, especially an app that was basically snuck on without consent.
If you think legislation is the answer, I’ve got a bridge to sell you. Who do you think writes the legislation and hands it to X representative? How niave...
HN crowd has fallen pretty far. Used to be WE build the things that make our lives better and now the top comment is calling for some ethemeral they to come up with legislation?
That’s BS. And, antithetical to any builder/havker ethic.
That was viable when computers were a tiny part of the world, but not when our power to change things became to great to be ignored.
Even back in the day when you could convince a public payphone to work for free by whistling the right way, that kind of interference in a public communications channel was enough for the powers that be to get worried. Now? Now phones are effectively universal, and every government can afford to pay developers to insert obfuscated backdoors in open source code, while the richest could do the same with the hardware from the silicon wafer up to the finished product. And they do, because they want to keep their power.
Just as you go to war with the army you have rather than the army you want, if you seek to improve our security and freedom you have to use the political power structures that exist rather than the ones you want to exist.
> This defeatist attitude toward legislating is self-perpetuating. We can at least hold our representatives accountable.
What can we do? I have no confidence that Congress will act in my best interest. Congress has some "partisan deadlock" but somehow I feel confident Intel's payday will go through without a bumpy ride
> U.S. senators propose 25% tax credit for semiconductor manufacturing (reuters.com)
We can't even get a modest broadband Internet infrastructure bill passed.
> Widespread fiber-to-the-home deployment would make a bigger difference for more Internet users than Starlink. President Joe Biden pledged to lower prices and deploy "future-proof" broadband to all Americans, but he's already scaled back his plan in the face of opposition from Republicans and incumbent ISPs. AT&T has been lobbying against nationwide fiber and funding for municipal networks, and AT&T CEO John Stankey expressed confidence last week that Congress will steer legislation in the direction that AT&T favors.
> Biden's pitch to build "future-proof" broadband technology is also facing opposition from broadband providers who don't want to build fiber-to-the-home networks in rural areas. Just before Biden announced his plan, AT&T said it opposes subsidizing fiber-to-the-home deployment across the US, arguing that rural people don't need fiber and should be satisfied with Internet service that provides only 10Mbps upload speeds.
I admit I got your comment a bit confused with another talking about local government. But the solution I think is in the same direction - start local. The few hundred people in congress aren't self-sufficient. They need support from the rest of the party machines to get campaign money and turn money into votes. Changing what the parties will support at the local level changes who gets the big money and who gets elected.
Shorter version though: campaign finance reform, oppose voter suppression, and ranked-choice voting.
Ok those other things I mentioned were still pretty daunting I guess. But corporations are still not interested in having their actions called out. Relatively low-budget operations like https://popular.info/ get good results in shifting behavior of big companies. (Note you can skip the signup page, just click "Let me read it first").
I think covid has shown that when the world is faced with a pandemic, not everyone agrees on what's common sense is in terms of how to respond as a society/government.
The difficulty of taking a government-sponsored and government-accessible substantial privacy risk (at a minimum) is something that some will find utterly unacceptable and others will think might be concerning or unacceptable in general but is righteously justified in this specific situation.
The first group’s common sense says “don’t install”; the second group’s common sense says “install via subterfuge if necessary”.
Or how about people just use GNU instead of GAFAM crapware? Turn "silently installing things in the background" off by default and maintain user control over all their hardware.
It's not like Richard Stallman hasn't been warning of this sort of thing happening for decades - the GNU project exists for a reason, and we should use their code for general purpose computing.
If people don't want to install the app, then that should be the end of it. The government's inability to convince people to install the application should not justify the application being installing it anyway. Just the contrary.
I'm not from NL, but I am someone that did not install the COVID tracing app that our government provided (for voluntary installation).
My reason was that I was not convinced by the PR that it is actually privacy safe. Just repeating "it uses a safe API, trust us/Google/Apple" was not enough for me.
The subcontractor that made the app did dump some source code on GitHub saying "see, we have nothing to hide". However it was very obviously not the same code as the app published on the Play store (for start, it had a different version number), it had a cleared out commit log, etc. Questions about that went unanswered as far as I know.
I try my best to prevent COVID spread, wear a mask, got vaccinated as soon as possible, etc. I think it's more likely that the thing with the app was just developers not wanting to bother too much with things they were not paid for than anything nefarious going on. However it raised enough red flags for me that I was not comfortable installing the app on my phone.
> While Android users can, in theory, opt to turn off Google Play Services, users of the Covid-19 contact-tracing app in Ireland cannot turn the surveillance off if they want the contact-tracing app to work. This means the collection and use of this data is unavoidable for people who wish to use the app.
> The data shared includes long-term, unchangeable identifiers of the phone users, including their phone’s IP address, WiFi MAC address, International Mobile Equipment Identity (IMEI) number, SIM serial number, phone number and Gmail address, as well as fine-grained data from other, potentially sensitive apps, such as banking, dating or health apps. This is data which, when considered together, has the potential to draw a very detailed map of our lives and activities.
This story was posted to HN last year, and received a tiny fraction of the upvotes of the story promoting the Irish / Google / Apple app's privacy features. Which would explain why you are downvoted, despite having been proven correct well over a year ago.
Still, the point I was making is that Google absolutely lied about what their app was sending; and people who distrust them are more than justified to. The privacy virtues of the Irish app in particular were the subject of much lauding - when it was shortly after :proven: to be bullshit, that story got less than 1% of the traction.
If someone has stock Android with Google Play Services disabled, the app won't work. The instructions to install the app don't mention installing a replacement, they tell users to enable Google Play Services.
> users can, in theory, opt to turn off Google Play Services, users of the Covid-19 contact-tracing app in Ireland cannot turn the surveillance off if they want the contact-trac ing app to work. This means the collection and use of this data is unavoidable for people who wish to use the app.
I would find it quite amusing if someone submitted a gdpr complaint saying that unnecessary data collection is not optional.
It's smart. The result of using these apps is that lots of people have to quarantine, even though these policies have not resulted in any impact on the virus in any way, and even though there can be test false positives (which is officially denied, so there is no way to appeal any positive test result). Why would people want to sign up for that?
“ When you get a device with pre-installed, uninstallable, or auto-installed apps.”
We’ve never had televisions in the house, but I finally broke down and bought a television so my kids could watch Disney+ on the big TV. The first television I purchased was a Samsung, and it came with these apps that I could not uninstall, did not what, and in fact used storage space that I couldn’t do anything about. I put it back in the box and took it back to the store, and got an LG. Very frustrating experience.
Google and apple install tons of software basically without consent (os updates) , so an app being pushed like that is not surprising. It is worrying however that tech people dont seem to realize how great their tools are for totalitarian states , which push apps and spying much worse than this to their subjects. We really need to talk about users owning their devices and their software rather than leasing them. There is no device that allows users to control what it does , that's scary
You are explicitly allowing to install updates in phone's settings. It is made painfully clear.
The question here is about what mechanism Google used to install an app, can it be disabled, and what other kind of apps Google is capable of installing silently on the devices?
This is just software updating software, so a switch would just be a token gesture, unless it wasn't, in which case you need to have the software be loaded from some ROM and the ROM only writable when the switch was activated, in which case that would be a fantastic device.
But it also brings up the false sense of security, a floppy drive could just choose to ignore the switch and write anyways, just as the phone could secretly write the firmware.
... which does not actually make the medium non-writable but only acts as an indicator to the drive, which with the right firmware could just ignore it.
I wonder if this is the same functionality some carriers use to install their management app on your phone. For example, I've recently bought a second hand Samsung tablet.
I've reset it to factory settings and put in a Vodafone SIM. The next time I looked though the installed apps I saw some Vodafone Services app that I didn't install. It couldn't be removed either.
So clearly, either Google with play services or the carrier over the baseband modem can install apps without user consent.
Is there any way this can be avoided? Do open ROMs like carbonROM or LineageOS protect against this?
> The next time I looked though the installed apps I saw some Vodafone Services app that I didn't install. It couldn't be removed either
Are you sure that's an actual Android App and not just the SIM Application Toolkit[0]? On iOS these show up under the Carrier menu in Settings but on Android it shows them as if they were an app, even though it's something running on your SIM card (they are backwards compatible and show up way back on old feature phones).
That's a very good point! I removed the SIM and the app was gone again. So I guess you're right, it may be installed on the SIM and not actually the device.
Calling installing a contact tracing app (which really is just a small wrapper over the existing Exposure Notification API) as "fucking evil" seems like bit over the top...
For example, depending on your cell phone plan, data transfer may incur high costs, especially when roaming etc. Therefore, owners of cell phones may be interested in limiting it to the absolute minimum.
As I see it, this consideration by itself already should have prevented this automatic installation.
Automatic app installation and updates will only trigger when charging, not in active use for >90 minutes, and on a wifi network that's not set as metered
the app doesn't use any data, just a bluetooth connection for exchanging keys with nearby devices, and wifi for downloading the keys published by people who tested positive
FYI: Google can remotely install/delete/alter any app on your phone without your notice if you have GAPPS installed, and they removed the option to disable it back in 2.* days.
This is very rampant in India. Operators keep pushing crapware like Linkedin app, clash of kings, etc for money from app vendors.
I think it baffles me that there is enthusiasts that will defend either side as an absolute. I mean I get it, people tend to fall into tribal thinking. But sometime you have to take a step back and remember that these are just gadgets.
Personally, I run Android. It is an OS. It is ok. Not great not bad. I don't really care what other people run, I just hope it doesn't treat them to poorly.
I certainly don't defend iOS and am unlikely to ever buy an iPhone. Overall I like my phone better than my previous phones, but Android is certainly designed so that manufacturers and providers can irritate their users on a whim leaving them with little recourse.
I like my phone, the Palm Phone, overall. Definitely the least annoying phone I've ever had, even less bothersome than my Windows Phones or flip phones of the past. I just find Android to have somewhat of a user-hostile design.
a government installing a software without notice or consent onto their population's devices is not something a healthy functioning democracy does, it's what a psychotic paranoid despot does. if the Mass Gov truly wants to minimize harm this is the opposite of what needs to be done. all this will do is drive conspiracy theories and deepen a very legitimate mistrust in the institutions that plague the USA (which helped give rise to people like donald trump)
>"if the Mass Gov truly wants to minimize harm this is the opposite of what needs to be done."
where is the actual evidence for this? Both Taiwan and South Korea deployed massive, digital tracking efforts to respond to covid often at the cell-provider/ infrastructure level so the entire population was covered whether they wanted to or not.
Nothing about this was despotic or paranoid, it was simply the correct, swift, and strong response to the situation at hand. Until half of Americans have voluntarily installed a tracing app on their phone, if they even know how to do it, we're five years into the pandemic.
Defaults matter. There's a nice example from organ donations in a study conducted by Johnson & Goldstein[1]. When you ask people to opt-in, even if you send everyone a letter personally, only 30% do. When you switch to opt-out, 90% stay in without any resources expended. I would like to think the first obligation of a healthy democracy is to the health of her people. What gives rise to despots is governments failing exactly at that, providng essential functions, being harmstrung by excessive checks and mistrust.
defaults absolutely matter, which is why surveillance being the default is deeply troubling to me. I do not care what the justification flavor of the day is, it's not a good trend to normalize. all it takes is another donald trump type figure to abuse this for evil. hell even a 3rd party could if this was implemented poorly, which is an all too common occurrence.
In the USA, nothing is more permanent than a temporary government program, keep that in mind.
Critics of the current US administration have been labeled as white supremacists and terrorists. Many of them are currently held in solitary confinement. Most are held on the misdemeanor of trespassing in the Capitol Building.
>"...was beaten by a prison guard and left with permanent eye damage."
That's the current climate surrounding a single politically charged incident. There's a long history of abuse, from the COINTEL program, extraordinary rendition, torture and current events. Yes, we should absolutely be concerned - regardless of the partisan takes.
>"...Arar protested that he only had a casual relationship with Almalki, having once worked with Almalki's brother at an Ottawa high-tech firm..."
in Taiwan, system base on everyone send one message to government when they into one shop or work site, and then if some infected one pass same site, government will send message to warn you. it don't need install anything and it is optional (although shop will refuse offer service...)
It's the power of defaults that make them easy to abuse. To the point of that study, Richard Thaler who has studied the subject extensively argues more easy mandated choice (i.e. you have to make a choice one way or another when you sign up for a drivers license). Opt-out is a sufficiently powerful default that it's reasonable to assume that many never made an actual reasoned decision to do so. For trivial matters, it may not matter much, but in the case of something like organ donation families can and have argued successfully that the deceased never actually made a choice in the case of opt-out.
it was neither desponic nor paranoid. Paranoia is an irrational or delusional bout of fear. Thinking the cleaning crew in front of your house is secret agents trying to kidnap you is paranoia, taking measures against a pandemic is not, because the pandemic is real and deadly. In the same vein, despotism is the tyrannical and arbitrary exercise of power, not merely the exercise of power towards legitimate ends.
In fact if anyone is paranoid then it is the public every time the issue of governance and technology converge, because in particular in the US there exists a phobia both to technology as well as government.
taking measures against a pandemic is not, because the pandemic is real and deadly
The existence of a problem does not imply that any measures taken to address it are reasonable. Child pornography is real. Should the government secretly install an app that scans your photos and reports you if it finds anything suspicious?
because in particular in the US there exists a phobia both to technology as well as government
Surreptitiously installing tracking apps is not going to help with that.
From what I've read (I don't live in Massachusetts), the app is installed via the auto update channel, but it explicitly asks permission to activate.
If you think this is bad, the commercial apps that have been auto-installing for years, without notifying the user, should have you throwing a conniption.
I live in MA, i had no prompt asking me to activate this at all. it was silently installed without any notice. this isn't an auto update, this was an unsolicited app install.
I think some of he "consent" norms we are building up are a double edged sword.
Ooh, its good to reinforce the idea that users need freedom.
OTOH, "consent" isn't really an informed consent. It's pages of TCs, UI antipatterns and take-it-or-leave-it choices. In practice, I don't think consent is genuinely increasing user sovereignty. It's more about disclosure than consent, currently. Human centIpad stuff.
This is exactly why I hate all the "app stores". The idea that anyone can just decide to install an app on my phone prevents me from using anything touched by google.
406 comments
[ 4.3 ms ] story [ 293 ms ] threadOver in reality, though, the only permissions it has are to use the internet and bluetooth: https://hastebin.com/yexoyuluzu.xml
I think that in this context, this previous issue is relevant.
You can get location in a ton of ways, but I doubt the OS will let you without the proper permission.
Your calculator app has more tracking than this.
This app has access to:
Other
view network connections
pair with Bluetooth devices
full network access
run at startup
prevent device from sleeping
https://www.mass.gov/info-details/enable-massnotify-on-your-...
1. this is not active unless activated.
2. Apple too.
3. Not communicated to the users, especially, that a os level update is served as an app install.
Isn't that what this whole Massachusetts thing a step towards? But my point is that the public health program can't really do something when there's thousands of cases, but the lower case count means this can be effective once more.
Because it took time to develop, and now they just shipped it?
Maybe if the US had had a functional federal government prior to January then a national exposure notification app might have been developed, rather than relying on the states to do their own thing. Or not. But it's too late now.
I'm not a USAian so I don't know what the take-up of a federal government app would have been. Probably insufficient given what seems to be the ambient level of distrust and misinformation.
I've been running the UK/English NHS tracing app since the start of the second wave here, and I have no complaints. I'm happy with its approach to privacy, and that I've never had an alert from it despite living in a region with high covid incidence has been reassuring.
Hm. Mandatory XKCD: https://imgs.xkcd.com/comics/tornadoguard.png
A great example is the lack of any kind of proper federal identification service or registry, something that has been brought up several times over the past century and been met with mass public outcry. So instead we rely on social security numbers, which were literally designed to be bad at identification.
In general the status quo is that the states handle this stuff instead. Whether it be drivers licenses, school circiculums, road maintenance, and emergency responses to natural disasters. Pandemic response is no exception to this. Sure the Federal Goverment often provides funding and guidance but it's largely up to state governments to actually examine and enforce these guidelines.
The point I'm trying to get at here is a federal contact tracing app was never in the cards, regardless of who the President is. The Presidents powers are largely limited to transient international policy (diplomacy, tarrifs, war, border control) and various congress approved Federal agencies.
They do these things because they can.
It’s the scarier version of the free U2 album.
Honestly, pushing the app to users isn’t anything to worry about – and in fact something I’d have loved to see other countries do as well.
________
[1] https://www.coronawarn.app/en/ [2] https://github.com/corona-warn-app
This app can actually save lives without sacrificing any privacy, pushing it to users is something that has no drawbacks.
The largest trouble for the German version of the app was that not enough people installed it. Choosing to install it automatically isn’t something nefarious under these circumstances.
That is different. They are pre-installed and I can list them and disable them. They do not install suddenly by themselves months after buying the device. If they did so, there would be an outrage.
> This app can actually save lives without sacrificing any privacy, pushing it to users is something that has no drawbacks.
Yeah, "for our own good". Next time it would be an app that sends an alarm when an excon is near you. And next time it would be an app that sends an alarm when someone who shows dangerous opinions (ie. against government) is near you. No thanks, please unsubscribe me of this Chinese dystopia.
They absolute can do that, and do that. For example, if you switch SIM cards, the phone can (and in some situations will) install whatever crap the ISP chooses.
In my case, inserting a SIM card from ALDI’s carrier used to auto-install some weather, news, and similar stuff. Luckily that stopped recently.
This can happen at any time, actually.
> Yeah, "for our own good".
Sometimes it is actually for your own good. I agree that it can be a slippery slope, but using the available means to save lives is sometimes necessary.
The only risk is governments not returning the power they got during this pandemic, but that’s more of a worry in 3rd-world-dictatorships.
Surely there is a prompt. I never had apps silently auto-install in my phone. If that is true, one more reason to go with the custom rom way.
> The only risk is governments not returning the power they got during this pandemic, but that’s more of a worry in 3rd-world-dictatorships.
In my life I've seen a lot of just-for-emergency-temporary-only laws that become permanent once the outrage subsides. In supposedly first world countries
Nope, Google Play Services does this all in the background. The same happens if Google thinks you’ve reinstalled your device (e.g. by wiping the Play Services data) and it starts installing some of Google’s default apps again, without prompts
To be this delusional, it must feel great.
So you are putting this app in the same category as spam, at least that's good.
> This app can actually save lives without sacrificing any privacy, pushing it to users is something that has no drawbacks.
I have an app that can save your life, trust me. And give me your email so I can send it to you ;)
Great, send me the source code, I’ll get it released on f-droid and then I’ll install the f-droid version of it, just like I’ve got the f-droid and microG version of the Corona Warn App installed :)
This app might have absolutely no privacy leaks; honestly, it’s too early to know that yet. The code is not published; there’s been no public auditing of the backend data handling practices.
Given that, I see drawbacks.
I did not opt-in to the MA one when prompted on iOS (and it did not install [as far as I can tell]).
Even the freedom-loving large news outlets published their opinions that they would have wished to see some sacrifice of those high morals for at least SOME level of effectiveness.
I have the app and it is a big piece of junk since day 1. My brother is a doctor and is using this app. He has regular direct contact with Covid patients. Do you know how many "high risk contact" notifications he has received since Summer 2020? Yes, you guessed it: 0.
That’s because not enough users use it. About 10% of Germans have the app installed.
Massachusetts deciding to auto-install the app on every device is the logical conclusion if you consider those statistics.
And the TV ad was shown as preroll ad for youtube videos for months, and on TV during every ad break on every channel: https://www.youtube.com/watch?v=Z4fCbuZqo6M
Just the ad budget for this app dwarfed the budgets of some hollywood blockbusters, and yet it still didn’t reach more than 10% of the population
[1] article in German about it https://www.heise.de/news/RKI-Schaetzung-Warn-App-hat-mehr-a...
See here (german): https://netzpolitik.org/2021/robert-koch-institut-widersprue...
I'm surprised your brother has not received any notifications. My partner is a doctor at a major university hospital and has been warned repeatedly to say the least. During the second wave, the Corona Warn App showed low or high risk warnings pretty much every week.
[1] https://www.heise.de/news/RKI-Schaetzung-Warn-App-hat-mehr-a... (German)
The government didn't install it in every phone, but they made it mandatory for business-owners to check that you have the app enabled if you want to enter their premises. Everyone needs to eat/shop, so most people were forced to install the app.
Every grocery store has a greeter at the door to check you have the app running, check your temperature, and squirt sanitiser on your hands.
https://www.tracetogether.gov.sg/
Having said that, I totally agree that German government should have done more to push the Corona Warn App - but only in public relation terms. I totally think Corona Warn App does not live to its full potential in Germany because it is not installed widely enough. But you just cannot do this by force.
If there is anything corona related from the German government on your phone you probably should nuke it just to be sure. The mixture of corruption and stupid involved in making it is not something you want anywhere near you.
Doesn’t help with the rest of the fuckups, obviously. Significantly worse is that now everyone has started switching to the luca app, which actually is a dystopian nightmare as it stores everything on its servers, forever, and sells everything to ad partners.
Why are you wishing harm on people ?
Is that right?
- view network connections
- pair with Bluetooth devices
- full network access
- run at startup
- prevent device from sleeping
[0]https://play.google.com/store/apps/details?id=gov.ma.covid19...
[1] https://www.9news.com.au/national/wa-police-stand-by-decisio...
that's essentially a remote-code-execution backdoor to all android phones?
For Apple as far as I know the most you can do is buy the app on desktop and, if the device is configured that way, it will receive the new app. This means it’s limited to new purchases and by the device’s settings.
I've since de-googled my phone and sacrificed some apps that require google services, but this whole thing shows (to me) that it was the right decision.
The entire "updates" culture is essentially RCE backdoor (botnet) functionality for "trusted" tech companies.
Consent, where it is actually explicitly obtained, never rises to the level of "informed". That's because even if a user "consents", she still cannot see what is in each update.
In my case the maker of my motherboard installed a persistent “self-repairing” (i.e. difficult to uninstall) from yet another third party. Naturally, I will not buy a product from them (MSI) again.
Another way to put this is: windows update will install malware w/o user approval in the background.
It's a different mechanism from Windows automatically loading drivers and/or the vendor's malware when you plug in a device.
In this case nobody actually installed this app by choice!
You can consider installing microG also as an open-source minimal implementation of Google Play Services if some of it's functionality is absolutely necessary for you to keep.
ISPs mandate certain capabilities of the cellular modem + the simcards (remember java cards? that ran java? they still exist as simcards!)
Government RCE is still 100% on the table regardless of whatever software your phone is running
Generally why privacy roms don't support more than 1 or 2 brands total, I guess.
There are also platforms with strict division between the seperate parts of hardware, la pinephone and the librem5
There is a chasm between "a state actor throws an 0day at you" and "Google remotely installs an app on your phone". The latter is done at scale. The former is expensive, risky, and used relatively rarely.
If you're organizing a protest movement, it's totally reasonable to factor government 0days into your threat model. For more boring people, running GrapheneOS is a great way to reduce the attack surface they expose to the advertising and mass surveillance industrial complex.
And this is like, literally a state actor installing an app in this case?
Modems are often isolated by being connected via USB, or if on your SoC the modem has DMA then it's isolated via IOMMU groups.
SIM cards have to implement the E911 feature which allows 911 operators to toggle a cell phone into "stay online no matter what" mode.
Some SIM cards have additional apps installed on them, which allows attacks like SIMjacker and WIBattack.
1) http://ramtin-amin.fr/#nvmepcie, http://ramtin-amin.fr/#nvmedma (the two articles are separate but the first provides incidental context for the second) the iPhone 6 kinda maybe sorta didn't dot the Is and cross the Ts with the MMU side of things. So, USB is awesome in that the failure state is "probably can't RCE".
2) I read a comment on here, which I should be able to re-find, but hn.algolia is not cooperating, suggesting that the system design of a particular AGPS implementation (a few years ago) interposed the GPS in between the CPU and the cellular radio such that the GPS SoC could do HTTP requests to grab its almanac that all of Android, down to the kernel, had no idea about.
IMHO this level of security paranoia is at the end of the day a micro-optimization. For any given device, you're looking at maybe two or three dozen Things Containing ALUs™ (often buried inside subcomponents buried inside other things); one or two concentrations of several billion transistors; and an unknown proportion of manglement, incompetence, cost-cutting, internal compromise (because guarantee there's none), and Agreements™. Honestly: give up, and declare that whatever makes you feel better is enough.
If Google is asserting non-contractual rights, I'd like to know what they are.
Edit: I edited this comment because it was rude, and that was not my intent.
The governing law that would protect people is a lot of things, and ToS is the least of it. The Wiretap Act applies, for example.
I'm afraid I disagree. Google running code on your phone implies it believes you have consented to that. That consent was not given in the app store, so it must have come from the ToS.
Consent is an exception to virtually every protection that exists: Wiretap Act, state wiretapping laws, the CFAA, and state computer trespass laws. Remember, consent is the difference between a home invasion and a dinner party.
So it seems that Google would have to cook up a pretty implausible stopping principle to argue that whatever allows them to do this does not also enable the hypothetical I described above.
You're making out like code is code and there aren't already existing lines and stopping principles, which just isn't true on its face.
Not the law. Google having root access on 2.5 billion android devices.
The law didn't allow Uber to greyball either. It did though.
This is a risk Google fully recognizes - it's why Google prevents f droid from updating apps one by one without user input. That's a privilege reserved exclusively for google play services.
Of the partners in this, I think that the source of authority waa almost certainly the other one. It’s not Google, but the State of Massachusetts, whose authority is likely involved.
Anything in the name of "improving our services".
One possible way: There is a daily job run in the Play Store called "daily hygiene" that performs various configured tasks based on device state and device targeting. It would not be difficult to add some code to install this app for MA users, then push it with the next Play Store update. I am very unpleasantly surprised that this app was installed from a policy perspective, however.
Uh, yes? That is and always has been core functionality. You can click "install" on the Google Play website on your laptop and the app will magically appear on your phone, if both devices are signed in to Google. I triggered this behavior accidentally a good 10 years ago when I got my first Android phone, and it gave me the shivers - it really drove home the point that Google had root on my phone, not me.
In fact, this entire behavior is so normalized on phones we now have a special word for the process of downloading an app and installing it manually, the way we do on PCs: "sideloading".
Yes, of course, but this isn't a technical issue. Look at the webpage that this hn page references. When people say, "an app was installed on my device without my consent or knowledge," the exact method the device used to listen isn't important.
The first issue is that Google software allows non-authorized software installations. The second issue is that a government forced the installation of the app. The technical specifics are just implementation details.
How does the thing know you're a Massachusetts resident?
People who have the contact tracing setting disabled are reporting they still got the app, so the obvious answer seems not to apply.
Is it just getting installed on any device that enters MA? New England states are pretty small, and there's a lot of crossover, especially with states like Maine and New Hampshire, which wouldn't take this very well.
Or, if you have a layover at Boston's Logan airport, do you now end up with its contact tracing app?
You basically get a (more) privacy focus OS from a luxury brand or you get your OS from an advertising company.
1. Buy a standard android but spend ages trying to de-google it.
2. Buy an iphone, but then I just have to trust another trillion $ company, and pay much more too.
3. Live my life without a phone.
I choose 1 because that seems the least worse option right now.
Google has a heck-load of money. They could pay a disreputable aggregate company to deliver a load of tonne-bags of gravel to my front garden, blocking my car in, and generally destroying the landscaping. I trust them not to do this, and the reason this is true is because I haven't taken 100%-effective steps that would prevent them from doing so, and therefore they are capable of it. This example may seem a little ridiculous (there are no 100%-effective steps I could take, and I think they're trustworthy on this particular score), but it is a technically correct example of how everyone trusts Google.
Putin or Kim Jong Il or Brad Pitt could also pay to get gravel delivered to your address. You have not taken any specific 100% effective steps to prevent them, any more than you’ve done with Google, right?
Ex: In 2019, Microsoft added a shortcut Win+Ctrl+Alt+Shift that when pressed, brings up an advertisement to buy MS Office, which I have no use for, and you need to edit the registry to disable the shortcut. I already gave MS thousands of dollars for the laptop, you'd think they could leave me alone if they want me to buy another one.
Although at least with Windows, you can remove most of the damage yourself, which is more than can be said for Android. Quite honestly why does the Computer Fraud and Abuse Act exist if manufacturers remain free to abuse your machines at will?
The installation of this app, even done with good intent, open a lot of questions on what should be possible or not to be done by government and corporations.
When you get a device with pre-installed, uninstallable, or auto-installed apps. What are the rules?
> "By enabling this service, you can be quickly notified if you’ve likely been exposed to the virus by another MassNotify user, allowing you to reduce risk to your loved ones, seek medical attention, and slow the spread in your community."
In this case it seems that the same goal could have been better achieved by SMS that do not depend on the brand of your phone. The dependency on proprietary app stores and OSs seems a risk for the continuation of a free and reliable communications.
The only thing that is impossible to achieve without an app is to allow the user to select contacts to whom send a notification. Corporations like Google, and Apple know the list of all your contacts. So, it seems that the intention of the app is to reduce friction and send notifications as easy and effortlessly as possible to avoid that procrastination causes people to delay the warning.
But, instead of the silent install the government could have spend money in advertisement campaigns to assure a correct amount of installations. It costs money, but, people pay taxes so the government can engage on this type of initiative at a scale. This could have been a very good alternative, even if it means increasing the budged. Medical emergencies are worth the investing.
While installing an app without users consent can be as questionable as you want, the point about these apps are not the notifications itself but about the contact tracing which is achieved through the bluetooth functionality. also, sending sms messages has other privacy concerns that the tracing apps have tried to avoid from the very beginning. having a person phone number can lead to eventually identify that person while that internal trace id it might use, won't.
Having someone's phone number allows you (via the phone company) to trace their location at any time, forever. That is much worse.
No wonder it's not being adopted by those who should be adopting it, but just being used by vigilant young tech savvy and already covid safe people.
So not only are only a small number of people using it, these people are least likely to make a difference using it.
"Contact tracing respects your privacy and does not send your location to the cloud.
Instead, your phone makes up a new random name every 15 minutes and broadcasts it to nearby phones. It remembers the last two weeks of names it used, as well as the last two weeks of names it heard from other phones.
When someone catches COVID-19, they register it in the app. Their phone then uploads the last two weeks' worth of names it used to the cloud, where other phones can download the data. The names aren't connected to their identity, all they represent is someone who caught COVID-19.
If your phone finds a match between a name it has recently heard and the online database, it sends you a notification. After 2 weeks the data is erased, so you are only notified if you were near an infected person in the past 2 weeks.
Since the random names change every 15 minutes, nobody can track you or know that you are the same person as last time they saw your phone. The data is only stored locally, so after it is deleted two weeks later, there is no way to go back and recover it."
How's that?
(Edited because without the intro sentence it sounded like I was trying to imply the parent didn't get it; that wasn't my intent.
It's a more fundamental understanding of stuff that's hard by those who are most at risk. The old, the vulnerable etc.
It's the old digital divide idea. My neighbor doesn't have any internet connected devices, for example. But she would benefit much more from the app than 40 of her mask wearing, young, self isolating, working from home fellow city inhabitants.
You're right that it's not easy to explain, but surely we can come up with something that gets the idea across? :)
Very non-technical people are not familiar with the basic concepts involved.
"Makes up a new random name and broadcasts it to nearby phones" is something they'd struggle with if they never heard or thought about random number generators, don't understand Bluetooth etc.
Also don't underestimate learned helplessness. Many will stop reading if it looks technical because they "can't understand that sort of thing. " Many such people never ever read such lengthy step by step technical documentation. It seems to them as a quantum physics experimental setup description sounds to the average programmer.
Learned helplessness is so real. My partner works at a help desk, and I constantly hear stories of older folks just mentally shutting down as soon as she has them open the start menu or a settings menu.
I even see it in myself, a super curious neophile software/hardware hacker. Sometimes I'll come across some particularly arcane API docs and it's like my brain just goes "tl;dr" to the whole thing and tries to immediately find a way to avoid interfacing with it.
That mental switch of "ah this is overwhelming, eyes glaze over" is all too easy to trip, even if you push through it and it really is not that bad after the fact.
It's easier for them to just refuse to participate and dismiss the topic as irrelevant, than to take up the game and then perhaps be seen as "dumb".
And this state of affairs is actually quite unnatural. The natural course of things over the millennia was that older people are more experienced and can give direction and advice to the young ones. Sure, this is still true in some "soft" topics, but the generational gap in understanding how the modern world works has never been so large.
This very much feels like justification for victim blaming.
Here's my crack at it for fun:
Exposure Notification apps are a privacy preserving technology to help prevent the spread of COVID-19.
They don't collect or log any location data which is what makes them private.
Instead, a phone equipped with the app will continuously log and broadcast random tokens that change every 15 minutes.
Nearby phones with the app will take note of the token and the signal strength, while broadcasting a token of their own.
Each day the app downloads a public list of tokens that have been shared by people who have tested positive for COVID-19.
If your phone has been around a number of these tokens, it will notify you to get tested and self-isolate.
If you test positive for COVID-19 yourself, your doctor will give you a key to enter into the app. Entering the key will upload your tokens to the public list.
While exposure notification apps do preserve privacy, they are limited in effectiveness without widespread adoption. Additionally they are not a suitable replacement for traditional contact tracing.
You can't now expect them to be rational and trust us with: "don't worry we know privacy is bad, but THIS privacy breach is okay. Again trust us this is because of covid, we're the good guys."
This is misleading, but it is made so because one could potentially use data harvested through those APIs to infer your location (for example, if an app has a map of wifi networks, knowing which networks are around allows it to infer your position)
Alternatively phrased: “only upon government request does the person’s phone upload…” with the implied promise that such request will only come as a result of a CV-19+ test result.
It is very difficult to explain to people that are not curious about the technology and all they hear is 'tracing = tracking = no privacy'.
I imagine this is why this app has been silently pushed, but in my mind just having it available and active on phones does not help you that much if the same users are also not aware and actively reporting their infections. So you will have a very small group that consciously install it and when they get infected they report; a lot larger group will get a notification that they have been close to an infected individual. I suppose they hope that by showing those notifications then people that subsequently get tested positive will be curious enough to find out how they should report in, etc. It's risky especially seeing this backlash about silent installations...
[1] https://covid19-static.cdn-apple.com/applications/covid19/cu...
But this is literally true. This is an app pushed to people remotely without their consent or even knowledge. People cannot trust the claim that there is no privacy gotcha involved in this, especially when previous attempts seem to have opened the log of this information to all installed apps:
https://themarkup.org/privacy/2021/04/27/google-promised-its...
You cannot trust them when they say that the app respects your privacy.
That's going to be hell to explain though, as you've already mentioned.
What? Many many bad people seem to somehow have my number. Practically daily I get an SMSs saying "I've been transferred $5000 to the please login to confirm your transaction .." or some such. I block but they keep on coming. Now, I think I'd rather the person who was responsible for these SMSs to have my phone number than a freaking app running on my phone, especially an app that was basically snuck on without consent.
HN crowd has fallen pretty far. Used to be WE build the things that make our lives better and now the top comment is calling for some ethemeral they to come up with legislation?
That’s BS. And, antithetical to any builder/havker ethic.
We build the world we want.
Even back in the day when you could convince a public payphone to work for free by whistling the right way, that kind of interference in a public communications channel was enough for the powers that be to get worried. Now? Now phones are effectively universal, and every government can afford to pay developers to insert obfuscated backdoors in open source code, while the richest could do the same with the hardware from the silicon wafer up to the finished product. And they do, because they want to keep their power.
Just as you go to war with the army you have rather than the army you want, if you seek to improve our security and freedom you have to use the political power structures that exist rather than the ones you want to exist.
What can we do? I have no confidence that Congress will act in my best interest. Congress has some "partisan deadlock" but somehow I feel confident Intel's payday will go through without a bumpy ride
> U.S. senators propose 25% tax credit for semiconductor manufacturing (reuters.com)
https://news.ycombinator.com/item?id=27561238
We can't even get a modest broadband Internet infrastructure bill passed.
> Widespread fiber-to-the-home deployment would make a bigger difference for more Internet users than Starlink. President Joe Biden pledged to lower prices and deploy "future-proof" broadband to all Americans, but he's already scaled back his plan in the face of opposition from Republicans and incumbent ISPs. AT&T has been lobbying against nationwide fiber and funding for municipal networks, and AT&T CEO John Stankey expressed confidence last week that Congress will steer legislation in the direction that AT&T favors.
https://arstechnica.com/information-technology/2021/06/starl...
> Biden's pitch to build "future-proof" broadband technology is also facing opposition from broadband providers who don't want to build fiber-to-the-home networks in rural areas. Just before Biden announced his plan, AT&T said it opposes subsidizing fiber-to-the-home deployment across the US, arguing that rural people don't need fiber and should be satisfied with Internet service that provides only 10Mbps upload speeds.
https://arstechnica.com/tech-policy/2021/05/biden-cuts-35b-f...
I have not met a single programmer / computer scientist who seriously defends the CFAA and yet we cannot find the votes in Congress to repeal it.
Shorter version though: campaign finance reform, oppose voter suppression, and ranked-choice voting.
How about applying common sense?
― René Descartes, Discourse on Method
- Albert Einstein [0]
0: https://quoteinvestigator.com/2014/04/29/common-sense/ yes, this CAN be attributed to him
The first group’s common sense says “don’t install”; the second group’s common sense says “install via subterfuge if necessary”.
It's not like Richard Stallman hasn't been warning of this sort of thing happening for decades - the GNU project exists for a reason, and we should use their code for general purpose computing.
https://news.ycombinator.com/item?id=25402024
This absolutely does not work. Here, the NL gov tried this and almost nobody installed the app, despite it using the privacy-safe google/apple API.
My reason was that I was not convinced by the PR that it is actually privacy safe. Just repeating "it uses a safe API, trust us/Google/Apple" was not enough for me.
The subcontractor that made the app did dump some source code on GitHub saying "see, we have nothing to hide". However it was very obviously not the same code as the app published on the Play store (for start, it had a different version number), it had a cleared out commit log, etc. Questions about that went unanswered as far as I know.
I try my best to prevent COVID spread, wear a mask, got vaccinated as soon as possible, etc. I think it's more likely that the thing with the app was just developers not wanting to bother too much with things they were not paid for than anything nefarious going on. However it raised enough red flags for me that I was not comfortable installing the app on my phone.
https://www.iccl.ie/news/serious-privacy-and-data-harvesting...
An excerpt:
> While Android users can, in theory, opt to turn off Google Play Services, users of the Covid-19 contact-tracing app in Ireland cannot turn the surveillance off if they want the contact-tracing app to work. This means the collection and use of this data is unavoidable for people who wish to use the app.
> The data shared includes long-term, unchangeable identifiers of the phone users, including their phone’s IP address, WiFi MAC address, International Mobile Equipment Identity (IMEI) number, SIM serial number, phone number and Gmail address, as well as fine-grained data from other, potentially sensitive apps, such as banking, dating or health apps. This is data which, when considered together, has the potential to draw a very detailed map of our lives and activities.
This story was posted to HN last year, and received a tiny fraction of the upvotes of the story promoting the Irish / Google / Apple app's privacy features. Which would explain why you are downvoted, despite having been proven correct well over a year ago.
Still, the point I was making is that Google absolutely lied about what their app was sending; and people who distrust them are more than justified to. The privacy virtues of the Irish app in particular were the subject of much lauding - when it was shortly after :proven: to be bullshit, that story got less than 1% of the traction.
It's the rest of Android that's the issue.
The point is that installing the contact tracing apps doesn't track you any more than before, neither on microg+fdroid than on a google stack.
I would find it quite amusing if someone submitted a gdpr complaint saying that unnecessary data collection is not optional.
We’ve never had televisions in the house, but I finally broke down and bought a television so my kids could watch Disney+ on the big TV. The first television I purchased was a Samsung, and it came with these apps that I could not uninstall, did not what, and in fact used storage space that I couldn’t do anything about. I put it back in the box and took it back to the store, and got an LG. Very frustrating experience.
It is not a new technology at all. It is the same old one that looks new and shiny, but is complete shit because the software doesn't behave.
The question here is about what mechanism Google used to install an app, can it be disabled, and what other kind of apps Google is capable of installing silently on the devices?
But it also brings up the false sense of security, a floppy drive could just choose to ignore the switch and write anyways, just as the phone could secretly write the firmware.
I've reset it to factory settings and put in a Vodafone SIM. The next time I looked though the installed apps I saw some Vodafone Services app that I didn't install. It couldn't be removed either.
So clearly, either Google with play services or the carrier over the baseband modem can install apps without user consent.
Is there any way this can be avoided? Do open ROMs like carbonROM or LineageOS protect against this?
Other comments mention embedded Java in SIM cards, that's possible, but I'm not sure.
Are you sure that's an actual Android App and not just the SIM Application Toolkit[0]? On iOS these show up under the Carrier menu in Settings but on Android it shows them as if they were an app, even though it's something running on your SIM card (they are backwards compatible and show up way back on old feature phones).
https://en.wikipedia.org/wiki/SIM_Application_Toolkit
The "Don't be evil" days are far gone.
https://en.wikipedia.org/wiki/Don%27t_be_evil
https://github.com/google/exposure-notifications-android
And here is the code for the two services it talks to:
https://github.com/google/exposure-notifications-verificatio...
https://github.com/google/exposure-notifications-server
For example, depending on your cell phone plan, data transfer may incur high costs, especially when roaming etc. Therefore, owners of cell phones may be interested in limiting it to the absolute minimum.
As I see it, this consideration by itself already should have prevented this automatic installation.
This is very rampant in India. Operators keep pushing crapware like Linkedin app, clash of kings, etc for money from app vendors.
Personally, I run Android. It is an OS. It is ok. Not great not bad. I don't really care what other people run, I just hope it doesn't treat them to poorly.
Are you using Mi phone?
where is the actual evidence for this? Both Taiwan and South Korea deployed massive, digital tracking efforts to respond to covid often at the cell-provider/ infrastructure level so the entire population was covered whether they wanted to or not.
Nothing about this was despotic or paranoid, it was simply the correct, swift, and strong response to the situation at hand. Until half of Americans have voluntarily installed a tracing app on their phone, if they even know how to do it, we're five years into the pandemic.
Defaults matter. There's a nice example from organ donations in a study conducted by Johnson & Goldstein[1]. When you ask people to opt-in, even if you send everyone a letter personally, only 30% do. When you switch to opt-out, 90% stay in without any resources expended. I would like to think the first obligation of a healthy democracy is to the health of her people. What gives rise to despots is governments failing exactly at that, providng essential functions, being harmstrung by excessive checks and mistrust.
[1]http://www.dangoldstein.com/papers/DefaultsScience.pdf
In the USA, nothing is more permanent than a temporary government program, keep that in mind.
>"...was beaten by a prison guard and left with permanent eye damage."
https://www.washingtonpost.com/nation/2021/05/13/capitol-rio...
https://www.politico.com/news/2021/04/19/capitol-riot-defend...
That's the current climate surrounding a single politically charged incident. There's a long history of abuse, from the COINTEL program, extraordinary rendition, torture and current events. Yes, we should absolutely be concerned - regardless of the partisan takes.
>"...Arar protested that he only had a casual relationship with Almalki, having once worked with Almalki's brother at an Ottawa high-tech firm..."
https://en.wikipedia.org/wiki/Maher_Arar
https://en.wikipedia.org/wiki/COINTELPRO
In fact if anyone is paranoid then it is the public every time the issue of governance and technology converge, because in particular in the US there exists a phobia both to technology as well as government.
The existence of a problem does not imply that any measures taken to address it are reasonable. Child pornography is real. Should the government secretly install an app that scans your photos and reports you if it finds anything suspicious?
because in particular in the US there exists a phobia both to technology as well as government
Surreptitiously installing tracking apps is not going to help with that.
If you think this is bad, the commercial apps that have been auto-installing for years, without notifying the user, should have you throwing a conniption.
Ooh, its good to reinforce the idea that users need freedom.
OTOH, "consent" isn't really an informed consent. It's pages of TCs, UI antipatterns and take-it-or-leave-it choices. In practice, I don't think consent is genuinely increasing user sovereignty. It's more about disclosure than consent, currently. Human centIpad stuff.