Stop the Apple and Google contact tracing platform(blog.xot.nl)
blog.xot.nl
Stop the Apple and Google contact tracing platform
https://blog.xot.nl/2020/04/11/stop-the-apple-and-google-contact-tracing-platform-or-be-ready-to-ditch-your-smartphone/
123 comments
I'm afraid someone has to tell the author that what is already possible is worse than the concerns raised here.
This technology is actually an effort to not use the available methods that would ignore privacy.
The author (and anyone half awake about what their phone is) is well of aware of the technology. Currently there are laws and legal standards that stop a lot of this. This is an attempt to soften up the public to the idea of having every movement, purchase, contact, and interaction go into a database and then passed on to the government when they don't do necessarily what the government wants. In the walled garden of helping with covid there is no doubt that this could do good. Outside those walls are governments hoping such tactics soften up the populace to the idea that this is actually a good idea for everyday life.
Ding ding ding. It’s sad how quickly we forget that we live under dragnet digital surveillance. We haven’t even really internalized it.
Yet, still there is a conscious effort on the part of these companies/orgs/governments to slang the "we're protecting your privacy™" narrative because it's always easier to these leverage tools against others when they don't see it as a threat and aren't willing to mitigate against it to any degree.
That's a useful perspective to be aware of, and if this were a pure susbtitution of one mechanism for another then that could be a clearer win.
I think it's also true that deploying yet another potentially privacy-invading technology makes it more difficult for privacy advocates and lawmakers to deal with and reduce existing overreaches.
I think it's also true that deploying yet another potentially privacy-invading technology makes it more difficult for privacy advocates and lawmakers to deal with and reduce existing overreaches.
Indeed, combined with the authors stream of consciousness rant made this an infuriating read. I've met people like this before, usually their paranoia is made worse by their lack of technical knowledge. This also makes them difficult to convince that they are wrong. Since they don't have enough knowledge to tell who is right in a discussion, they often just listen to the loudest voice that is reinforcing their world view.
> The police could quickly see who has been close to a murder victim: simply report the victims phone as being ‘infected’.
> A company could install Bluetooth beacons equipped with this software at locations of interest (e.g. shopping malls). By reporting a particular beacon as ‘infected’ all phones (that have been lured into installing a loyalty app or that somehow have the SDK of the company embedded in some of the apps they use) will report that they were in the area.
I see these as possible exploits indeed. But the points are a bit confusing. I would love for the police to be able to stop a serial killer from killing more people. But they will do by exploiting a COVID-19 contact tracing app? And we will be mad at them?
> Some might say this is not a bug but a feature, but the same mechanism could be used to find whistleblowers, or the sources of a journalist.
It's been some time since I read Snowdens' Permanent Record, but I don't remember him getting in close contact with journalists to hand over information.
> If you have Google Home at home, Google could use this mechanism to identify all people that have visited your place.
That's the reality already.
> Jealous partners could secretly install an app on the phone of their significant other, to allow them to monitor who they have been in contact with. Overzealous parents could use this spy on their children.
Maybe drill down a bit into your relationship and figure out the core issue.
> A company could install Bluetooth beacons equipped with this software at locations of interest (e.g. shopping malls). By reporting a particular beacon as ‘infected’ all phones (that have been lured into installing a loyalty app or that somehow have the SDK of the company embedded in some of the apps they use) will report that they were in the area.
I see these as possible exploits indeed. But the points are a bit confusing. I would love for the police to be able to stop a serial killer from killing more people. But they will do by exploiting a COVID-19 contact tracing app? And we will be mad at them?
> Some might say this is not a bug but a feature, but the same mechanism could be used to find whistleblowers, or the sources of a journalist.
It's been some time since I read Snowdens' Permanent Record, but I don't remember him getting in close contact with journalists to hand over information.
> If you have Google Home at home, Google could use this mechanism to identify all people that have visited your place.
That's the reality already.
> Jealous partners could secretly install an app on the phone of their significant other, to allow them to monitor who they have been in contact with. Overzealous parents could use this spy on their children.
Maybe drill down a bit into your relationship and figure out the core issue.
Correction: Snowden did indeed met with journalists when he was in Hong Kong and first disclosed the story.
They are trying to prevent both millions of deaths and and worst economic collapse in modern age. Privacy isn't as important. Fight this thing when corona-virus is over.
This is exactly the kind of dumb mentally the government wants, and you fell right into the trap. They always use situations like that to push bad stuff that won't be easy to ditch later...
People can't literally exit their houses right now. Much more basic freedoms are taken. If you think ditching that later will be hard, ditching it now when it's desperately needed is impossible.
> They always use situations like that
There has never been a situation like this in the modern age. Last time it happened 50 million people died.
There has never been a situation like this in the modern age. Last time it happened 50 million people died.
How many deaths is worth the increased privacy?
That's a good question. It depends on how many deaths would the increased privacy save. In the future it won't be as easy to burn the papers documenting whatever group needs saving before the invasion. On the other hand, a lot of it is already in so many private systems, that this likely makes little difference.
I'm not even sure I'm against the current application, but the question is not a simple one.
I'm not even sure I'm against the current application, but the question is not a simple one.
Same exact thing could be (and was) said about terrorism and the patriot act.
I agree, anyone who thinks they have privacy whilst carrying a mini communications computer in their pocket is dumb.
Remember https://en.wikipedia.org/wiki/WARRIOR_PRIDE, Pepperide Farms does.
There is no point trying to remain private whilst there is a phone where you have little control over private data. If you want privacy then you should look more towards using a collection of VPNs and fuzz your browser each time you use it. Change the installed fonts, randomize the browser window and destroy the user account that started it.
You can't do this reliably with a phone. All surveillance relies upon the user favouring convenience.
Remember https://en.wikipedia.org/wiki/WARRIOR_PRIDE, Pepperide Farms does.
There is no point trying to remain private whilst there is a phone where you have little control over private data. If you want privacy then you should look more towards using a collection of VPNs and fuzz your browser each time you use it. Change the installed fonts, randomize the browser window and destroy the user account that started it.
You can't do this reliably with a phone. All surveillance relies upon the user favouring convenience.
> They are trying to prevent both millions of deaths and and worst economic collapse in modern age.
Are you implying we are not already in the worst economic collapse? Is there something to prevent at this point in time?
Are you implying we are not already in the worst economic collapse? Is there something to prevent at this point in time?
[deleted]
[deleted](1)
Surely this technology has many useful applications beyond just the pandemic. It could be used to trace the networks of terrorists, the associates and contacts of criminals, child pornographers, anti-government insurgents, political opponents, environmental protesters...
Once governments have these tools, they will want to keep them around.
Once governments have these tools, they will want to keep them around.
Terrorists won't voluntarily publish their keys.
That's an important difference. If you want to argue against Covid contact tracking, at least do it reasonably.
That's an important difference. If you want to argue against Covid contact tracking, at least do it reasonably.
Too late. If governments ever want to make a Bluetooth contact tracking app mandatory, they can already do so, and could have done so before this platform was created. All Google and Apple are doing is making it very marginally easier.
I read somewhere that there are beacon detectors throughout many retail stores that track people throughout the store.
That’s been in place for some time.
That’s been in place for some time.
That's been also done via cameras in the past: https://augustcapital.typepad.com/news/2012/08/e-commerce-st...
But it's likely wifi pings and bluetooth details would be added to the mix these days.
But it's likely wifi pings and bluetooth details would be added to the mix these days.
Yes, estimote[0] for example is one example of this.
0: https://estimote.com/
0: https://estimote.com/
The technology used for this is the same as for locating your lost device and takes care of privacy in a very smart way, more info: https://www.wired.com/story/apple-find-my-cryptography-bluet...
"Apple says an elaborate rotating key scheme will soon let you track down your stolen laptop, but not let anyone track you. Not even Apple."
"Apple says an elaborate rotating key scheme will soon let you track down your stolen laptop, but not let anyone track you. Not even Apple."
> In other words, certain governments or companies ... can create an app that report the fact that they have been close to a person of interest in the last few weeks.
So this assumes that any random app installed by a user will have open access to the contact database? That seems unlikely to me, but I have not read the full spec.
So this assumes that any random app installed by a user will have open access to the contact database? That seems unlikely to me, but I have not read the full spec.
Governments don't need it. The model suggested links nearby bluetooth mac addresses which get linked to the phones IMEI, and governments already have multitudes of legal ways to link names to IMEIs.
Cell tower based contact tracking is already used to infer someone's social graph and pattern-of-life. Bluetooth association data - even with opaque tokens - can easily be correlated with cell tower movement to refine CO-TRAVELER style analysis.
Cell-tower-resolution analysis is already very powerful - it can trivially reveal someone's associations and overall behavior. When correlated with short-range proximity data, I suspect the same analysis might reveal behavioral details within a organization ("which meetings you attend" instead of merely "what address you work at").
https://www.washingtonpost.com/world/national-security/nsa-t...
https://www.eff.org/deeplinks/2013/12/meet-co-traveler-nsas-...
Cell-tower-resolution analysis is already very powerful - it can trivially reveal someone's associations and overall behavior. When correlated with short-range proximity data, I suspect the same analysis might reveal behavioral details within a organization ("which meetings you attend" instead of merely "what address you work at").
https://www.washingtonpost.com/world/national-security/nsa-t...
https://www.eff.org/deeplinks/2013/12/meet-co-traveler-nsas-...
In a previous life we we also able to identify the owners of anonymous (burner) SIM cards.
Even crooks and anarchists lead very predictable lives.
Even crooks and anarchists lead very predictable lives.
Where did you read that it links to the phone's MAC Address/IMEI? I can't find IMEI being mentioned in any of Apple's spec documents.
There isn't any IMEI linkage. I think the post you reply to is implying the link between Bluetooth MAC address to IMEI could be established by a state actor.
That isn't the case though, due to Bluetooth MAC address randomisation, which the paper does address - the 10-minutely identifiers advertised are updated in sync with the local device updating its own MAC address, to prevent correlation between the last MAC address and next one.
That isn't the case though, due to Bluetooth MAC address randomisation, which the paper does address - the 10-minutely identifiers advertised are updated in sync with the local device updating its own MAC address, to prevent correlation between the last MAC address and next one.
quezzle(2)
It seems well thought out from privacy side but I acknowledge their could be unintended consequences and bad actors that take advantage - but - I feel this is a price worth paying given the magnitude of the situation we are all in.
??? I don't think anybody who catches the coronavirus wants to be anonymous. There is no social stigma.
The problem is exactly the reverse: infected people would gladly tell everybody exposed, but they can't reach them since the virus spreads so easily and the exposed could be delivery drivers, people in the grocery store, etc
The problem is exactly the reverse: infected people would gladly tell everybody exposed, but they can't reach them since the virus spreads so easily and the exposed could be delivery drivers, people in the grocery store, etc
Unfortunately in my country - Croatia - the social stigma exists. While we have a very good situation (total of 1500 cases on population of 4M, with 20 deaths), and we are geographicaly very close to Italy, there were multiple reports of patients’ families being harassed.
[deleted]
This article isn't about covid, this is about the longer term prospects of having corporate-government cooperation in sharing data about your day to day activities, contacts, any other information on your phone and building infrastructure to make that even easier than it is now. AND it will be deeply buried into the operating system and not a simple app that can be uninstalled, it will become integral to it's operation and always on. They also seem to have no plans mentioned about ripping its hooks out after the covid emergency is over, or a 3rd party monitoring what they are up to or the source code being open for investigation for 3rd parties.
Moxie Marlinspike has an interesting analysis on this:
https://twitter.com/moxie/status/1248707315626201088
He objects to two things:
1. Doing it globally would require download of too much data, thus (contra promise of the spec) location data will have to enter. However, from what I can tell, that could be very coarse data, on the level of country and/or time zone (thus, not even necessitating access to GPS location data). I don’t see it as a major problem.
2. The “prank” danger: someone just pressing “I’m infected” for fun. One could introduce a tiered system where “I’m infected” requires some sort of authentication from a hospital/lab (a QR code on positive test results for example). There would also need to be a tier for “I have symptoms”, and yes, that could be abused/“pranked”.
Would be interesting to see a deeper analysis on both points. I don’t think they’re deal breakers.
1. Doing it globally would require download of too much data, thus (contra promise of the spec) location data will have to enter. However, from what I can tell, that could be very coarse data, on the level of country and/or time zone (thus, not even necessitating access to GPS location data). I don’t see it as a major problem.
2. The “prank” danger: someone just pressing “I’m infected” for fun. One could introduce a tiered system where “I’m infected” requires some sort of authentication from a hospital/lab (a QR code on positive test results for example). There would also need to be a tier for “I have symptoms”, and yes, that could be abused/“pranked”.
Would be interesting to see a deeper analysis on both points. I don’t think they’re deal breakers.
I don't think there is any suggestion of using any kind of granular location data, be it GPS or cellular network location. Doing it per region could certainly work, and only reveal maybe 4 bits of information about location. I imagine for Europe and some parts of the world, per country could be too granular due to localised travel (at least as things ease back), but at region level you would be revealing more from your (even cellular) IP address than actually passing on a rough region of interest.
His argument No. 1 is self-defeating. If you have rapid exponential growth and would have to publish hundreds of megabytes of keys per day (and phones only need to download the delta to the previous day), this approach of contact tracing is useless and you must instead get the entire population under lockdown. If everybody is sheltering at home, nobody needs notifications of possible contacts, because everybody is doing what would be the response to such a notification already. So you can simply disable the app in a certain country or don't accept submissions to the diagnosis server during that time.
This approach, just like the manual approach of tracking potential contacts via paper and phone, is only of use in a scenario with a very limited number of transmissions and an R (reproduction rate) of around or below 1. Its purpose is not to reach such a situation, but to aid in keeping that situation in effect without severe measures. But severe lockdowns must first suppress the infection counts to such levels before any contact tracing may work at all.
This approach, just like the manual approach of tracking potential contacts via paper and phone, is only of use in a scenario with a very limited number of transmissions and an R (reproduction rate) of around or below 1. Its purpose is not to reach such a situation, but to aid in keeping that situation in effect without severe measures. But severe lockdowns must first suppress the infection counts to such levels before any contact tracing may work at all.
I think the point with this is when the curve starts to flatten, we can _safely_ reopen the economy. Contract tracing and rapid response can end this.
> The “prank” danger: someone just pressing “I’m infected” for fun.
How about you can only check the "I'm infected" box if your phone is near the phone of a health worker?
Another idea is that you get a code in the mail from the hospital which you have to enter in the app.
How about you can only check the "I'm infected" box if your phone is near the phone of a health worker?
Another idea is that you get a code in the mail from the hospital which you have to enter in the app.
In the UK, most supermarkets have an hour where only health workers can enter (quite right, give them priority). But this makes it trivial to get close enough to health-worker to execute your prank, just join that queue.
Published keys are 16 bytes, one for each day. If moderate numbers of smartphone users are infected in any given week, that's 100s of MBs for all phones to DL.
That seems untenable.
It's a lot, but untenable? If 300 million report as infected, that's 4.8 GB, coincidently the size of a DVD. So 2 hours of Netflix, 1 hour at 4k. Very easy to cache this data close to the edge, too.
That seems untenable.
It's a lot, but untenable? If 300 million report as infected, that's 4.8 GB, coincidently the size of a DVD. So 2 hours of Netflix, 1 hour at 4k. Very easy to cache this data close to the edge, too.
> Published keys are 16 bytes, one for each day. If moderate numbers of smartphone users are infected in any given week, that's 100s of MBs for all phones to DL.
> That seems untenable.*
> It's a lot, but untenable? If 300 million report as infected, that's 4.8 GB, coincidently the size of a DVD. So 2 hours of Netflix, 1 hour at 4k. Very easy to cache this data close to the edge, too.
Just doing the math here, assuming a perfectly efficient wire protocol was used, each infected person would amount to (16 x 14 = 224 bytes) of data to be transmitted.
Assuming we see 150k new cases per day, worldwide (worldometers is reporting 100k new cases per day as the peak, and let's factor in 50% margin), this would be 33.6 MB of data per day.
Since you only need to transmit that day's data rather than the full database, a very basic sync protocol could be used here - the phone simply stores the sequence number of the last identifier handled, and it can be given subsequent data. This could even be done with a static (and thus cacheable) server if cases are chunked sequentially into 1MB chunks, and addressed by filename based on the last case ID.
For clarity here, case ID would be simply be the sequential number that a given tracing ID has in the server-side record, so you only need to fetch data you haven't already checked against.
> That seems untenable.*
> It's a lot, but untenable? If 300 million report as infected, that's 4.8 GB, coincidently the size of a DVD. So 2 hours of Netflix, 1 hour at 4k. Very easy to cache this data close to the edge, too.
Just doing the math here, assuming a perfectly efficient wire protocol was used, each infected person would amount to (16 x 14 = 224 bytes) of data to be transmitted.
Assuming we see 150k new cases per day, worldwide (worldometers is reporting 100k new cases per day as the peak, and let's factor in 50% margin), this would be 33.6 MB of data per day.
Since you only need to transmit that day's data rather than the full database, a very basic sync protocol could be used here - the phone simply stores the sequence number of the last identifier handled, and it can be given subsequent data. This could even be done with a static (and thus cacheable) server if cases are chunked sequentially into 1MB chunks, and addressed by filename based on the last case ID.
For clarity here, case ID would be simply be the sequential number that a given tracing ID has in the server-side record, so you only need to fetch data you haven't already checked against.
300 million each day would be the whole world population on less than a month. At current numbers ( 13000 per day ) that’s a few megabytes without compression.
Yes. That's my point. Even if you chose a ludicrously high value -- in this case approximately the entire population of the US --, you still get an amount of data that's manageable as evidenced by the fact that various companies manage it every day.
> Or be ready to ditch your smartphone and get yourself a dumbphone.
Isn't this the standard prescription for the extreme privacy conscious individuals anyways? For the rest of us, we can always turn off bluetooth. Maybe this will bring back headphone jacks or replace the standards all together. In the mean time, some of us want security over privacy. Many of us never valued the latter much in the first place.
Isn't this the standard prescription for the extreme privacy conscious individuals anyways? For the rest of us, we can always turn off bluetooth. Maybe this will bring back headphone jacks or replace the standards all together. In the mean time, some of us want security over privacy. Many of us never valued the latter much in the first place.
> However any decentralised scheme can be turned into a centralised scheme by forcing the phone to report to the authorities that it was at some point in time close to the phone of an infected person.
If the system was different, it would be bad?
This is a slippery-slope argument that I do not find compelling. The amount of surveillance that this is supposedly guarding against--govt tracking of an individual's location--is already possible with no changes to any system.
It is no more slippery a slope for raw unscrambled BTLE identifiers to be reported to a centralized system. I don't think that the encrypted system makes it any easier in the least.
These devices that we carry everywhere are huge privacy concerns, but I don't think this author is even warning about the right things. Does the author even know the amount of location tracking going on in stores, currently? The amount of data that is sold back and forth with no user knowledge or understanding?
The concerns raised here ignore the much worse reality that already exists!!
If the system was different, it would be bad?
This is a slippery-slope argument that I do not find compelling. The amount of surveillance that this is supposedly guarding against--govt tracking of an individual's location--is already possible with no changes to any system.
It is no more slippery a slope for raw unscrambled BTLE identifiers to be reported to a centralized system. I don't think that the encrypted system makes it any easier in the least.
These devices that we carry everywhere are huge privacy concerns, but I don't think this author is even warning about the right things. Does the author even know the amount of location tracking going on in stores, currently? The amount of data that is sold back and forth with no user knowledge or understanding?
The concerns raised here ignore the much worse reality that already exists!!
Generally I agree that location tracking is already relatively widely done, and the Apple/ Google protocol makes reasonable efforts to preserve privacy.
I do share some caution, however -- tracing 'personal contacts' by BTLE is likely much more personally specific, and hence significantly more intrusive, than just location.
If such mechanisms became more generally available they would likely become used as part of the machinery of repression in states such as China. Or everywhere (depending on our future).
Location is fairly imprecise as to social contact, but I guess the concern would be that this will be accurate enough to track dissenters, find their contacts, and accuse/ imprison you.
I do share some caution, however -- tracing 'personal contacts' by BTLE is likely much more personally specific, and hence significantly more intrusive, than just location.
If such mechanisms became more generally available they would likely become used as part of the machinery of repression in states such as China. Or everywhere (depending on our future).
Location is fairly imprecise as to social contact, but I guess the concern would be that this will be accurate enough to track dissenters, find their contacts, and accuse/ imprison you.
[deleted]
There are legal/ethical barriers though between google and apple sharing this stuff with the government. This is an effort to soften up the populace on "what a good thing" tracking and activity sharing with the government is and why next it should be permanent rather than just an emergency tactic. "Imagine all the good we could do if we had all the data of things you buy, where you go, who you interact with and provided that to government in a package with a bow on it". Kind of like the sunset clause on the "Patriot Act" which keeps getting renewed and is a travesty.
I'm for this. I'll opt into anything that can give us a chance to slow this thing without crippling the global economy.
You can stay safe by putting your phone in a Faraday cage if you must.
You can stay safe by putting your phone in a Faraday cage if you must.
Would you rather be forced to stay at home for all foreseeable future?
I mean surely mobile phone operators already have this information? I never hear about them being subpoenaed or attempting to deny requests, makes me think the make this information fully available.
Operators currently have handset location data, based on cell tower triangulation. I imagine many will store this, but this may vary by network. The absolute minimum you need, in order to run a network, is to know the current location of the handset, so you can route calls to it. Historical data isn't required for delivery of the service. I imagine in countries with weaker privacy laws, data like this can be used like we saw with the "tracking spring break beach-goers heading home".
Triangulated location data is far from precise however. It would let you determine roughly where someone is, but nothing like accurately enough to do contact tracing or infection monitoring. You'd also need to start storing historical location data on a huge scale, but it would be accurate to a few hundred metres typically. Not ideal for contact tracing.
Triangulated location data is far from precise however. It would let you determine roughly where someone is, but nothing like accurately enough to do contact tracing or infection monitoring. You'd also need to start storing historical location data on a huge scale, but it would be accurate to a few hundred metres typically. Not ideal for contact tracing.
DNS + WiFi + Mobile phone masts etc. You could probably get some real location data by augmentation with coopted social networks add in some AI for expected locations and regular appointments. Do iPhone photos include location data in the exif data? I think the information exists but it’s just used by spooks right now is all.
Disagree.
The argument seems to be: the spec is fine and presents little danger, but if an app went rogue, or a government mandated an app with further capabilities, then it would be problematic. Yeah, sure. But that also describes the status quo, and everyone still carries their smartphone around.
The argument seems to be: the spec is fine and presents little danger, but if an app went rogue, or a government mandated an app with further capabilities, then it would be problematic. Yeah, sure. But that also describes the status quo, and everyone still carries their smartphone around.
If the authors come up with a better spec that achieves the same thing with improved privacy then sure, let's not use the Apple/Google one. But until then, this is the best we have.
You are starting from the premise “we must implement this feature”
I don’t find this convincing at all. Proposed system is incredibly privacy-conscious, with all the control of self-reporting left to the user.
Let’s not stop this initiative that protects health and safety of societies that can trust their health authorities— and there are many.
We should be vigilant and try to stop autocratical implementations or misuses of the system. But it seems that even that will be difficult considering how the system is designed. And if governments can compel you to install some app on your phone, no amount of stopping Apple / Google will help.
Let’s not stop this initiative that protects health and safety of societies that can trust their health authorities— and there are many.
We should be vigilant and try to stop autocratical implementations or misuses of the system. But it seems that even that will be difficult considering how the system is designed. And if governments can compel you to install some app on your phone, no amount of stopping Apple / Google will help.
Wait until this fellow hears about Apple's "Find My" feature:
> In upcoming versions of iOS and macOS, the new Find My feature will broadcast Bluetooth signals from Apple devices even when they're offline, allowing nearby Apple devices to relay their location to the cloud. That should help you locate your stolen laptop even when it's sleeping in a thief's bag. And it turns out that Apple's elaborate encryption scheme is also designed not only to prevent interlopers from identifying or tracking an iDevice from its Bluetooth signal, but also to keep Apple itself from learning device locations, even as it allows you to pinpoint yours.
* https://arstechnica.com/information-technology/2019/06/the-c...
* https://blog.cryptographyengineering.com/2019/06/05/how-does...
> In upcoming versions of iOS and macOS, the new Find My feature will broadcast Bluetooth signals from Apple devices even when they're offline, allowing nearby Apple devices to relay their location to the cloud. That should help you locate your stolen laptop even when it's sleeping in a thief's bag. And it turns out that Apple's elaborate encryption scheme is also designed not only to prevent interlopers from identifying or tracking an iDevice from its Bluetooth signal, but also to keep Apple itself from learning device locations, even as it allows you to pinpoint yours.
* https://arstechnica.com/information-technology/2019/06/the-c...
* https://blog.cryptographyengineering.com/2019/06/05/how-does...
This guy is wrong about the Apple/Google contact tracing program.
As created, it’s opt-in only and does not report matches to a central authority.
This guy says, yeah, but the gubment could abuse the tracing mechanism for things besides an epidemic, force your phone to report matches centrally, and force the removal of the opt-in part of it.
...except, if a government can pull those off, they don’t need this new contact tracing platform. These assume the government already has deep, control of the details of the operating system.
In other words, this contact tracing platform has nothing to do with his privacy concerns.
There are always people who see a tragic pandemic and just see a chance to use the concern and attention to highlight their own cause. And then there are the ones who fight against the efforts to mitigate the suffering to promote their cause, like this guy. Whew.
As created, it’s opt-in only and does not report matches to a central authority.
This guy says, yeah, but the gubment could abuse the tracing mechanism for things besides an epidemic, force your phone to report matches centrally, and force the removal of the opt-in part of it.
...except, if a government can pull those off, they don’t need this new contact tracing platform. These assume the government already has deep, control of the details of the operating system.
In other words, this contact tracing platform has nothing to do with his privacy concerns.
There are always people who see a tragic pandemic and just see a chance to use the concern and attention to highlight their own cause. And then there are the ones who fight against the efforts to mitigate the suffering to promote their cause, like this guy. Whew.
I'm not sure why you need to be so condescending in a healthy discussion like this.
> This guy says, yeah, but the gubment could abuse the tracing mechanism for things besides an epidemic, force your phone to report matches centrally, and force the removal of the opt-in part of it.
> ...except, if a government can pull those off, they don’t need this new contact tracing platform. These assume the government already has deep, control of the details of the operating system.
If your system has one RCE, you don't care about another one because it already has one? Perhaps you can work around the one, mitigating it? Also, "the government" (any in the world) can ask Google or Apple to share the data of a suspect. As they're not a one way hash, that is possible. Furthermore, an attacker can certainly gather the Bluetooth addresses and correlate these to one way hashes. If the API is public, they can correlate these hashes and detect which Bluetooth addresses got the disease. Together with the location, even an outsider can learn more about this issue.
Also, lets not forget there's recently an RCE in Bluetooth on Android (which many people still run with unpatched), and the problem of iOS not working with Bluetooth when the application isn't open on the foreground with screen open.
> This guy says, yeah, but the gubment could abuse the tracing mechanism for things besides an epidemic, force your phone to report matches centrally, and force the removal of the opt-in part of it.
> ...except, if a government can pull those off, they don’t need this new contact tracing platform. These assume the government already has deep, control of the details of the operating system.
If your system has one RCE, you don't care about another one because it already has one? Perhaps you can work around the one, mitigating it? Also, "the government" (any in the world) can ask Google or Apple to share the data of a suspect. As they're not a one way hash, that is possible. Furthermore, an attacker can certainly gather the Bluetooth addresses and correlate these to one way hashes. If the API is public, they can correlate these hashes and detect which Bluetooth addresses got the disease. Together with the location, even an outsider can learn more about this issue.
Also, lets not forget there's recently an RCE in Bluetooth on Android (which many people still run with unpatched), and the problem of iOS not working with Bluetooth when the application isn't open on the foreground with screen open.
I think it's only opt-in on the surface. I could see governments requiring users to be opted-into the program in order to get tested for COVID.
> This guy says, yeah, but the gubment could abuse the tracing mechanism for things besides an epidemic..
> ...except, if a government can pull those off, they don’t need this new contact tracing platform. These assume the government already has deep, control of the details of the operating system.
It doesn't have to be about the security services having root on your phone - they can use legislation, forcing Apple/Google to hand over location data so they can hoover it up. Alternatively, they can use legal loopholes - as we've seen before after Snowden.
Honestly, it's naive to think they wouldn't try to get this data.
> ...except, if a government can pull those off, they don’t need this new contact tracing platform. These assume the government already has deep, control of the details of the operating system.
It doesn't have to be about the security services having root on your phone - they can use legislation, forcing Apple/Google to hand over location data so they can hoover it up. Alternatively, they can use legal loopholes - as we've seen before after Snowden.
Honestly, it's naive to think they wouldn't try to get this data.
You’re missing the main point: if the government can do this, it will, independent of this contact tracing platform.
Also, there is no location data in this platform, and Google and Apple don’t have the data that does exist.
> naive
I think you need to understand what’s going on here before you start throwing around words like that.
Also, there is no location data in this platform, and Google and Apple don’t have the data that does exist.
> naive
I think you need to understand what’s going on here before you start throwing around words like that.
> You’re missing the main point: if the government can do this, it will, independent of this contact tracing platform
How? I'm not talking about getting a warrant to infiltrate a single suspect's device, I'm talking about mass surveillance. They need a means, and depending on how they approach it, they need to soften up the public so they are willing.
Apps like this provide a means - maybe they don't collect everything the security services want from the beginning, but we could see a creeping escalation, especially under coercion by the security services.
As for softening up, western governments are already very good at keeping the general populace fearful, whether it be the commies, Russians, Chinese, Islam, terrorists, etc, there is always some boogeyman de jour.
Apps like this could be the opportunity they need - the straw that broke the camel's back, convincing people it's all to save lives. "good citizens will use these apps to save lives - what have you got to hide?".
How? I'm not talking about getting a warrant to infiltrate a single suspect's device, I'm talking about mass surveillance. They need a means, and depending on how they approach it, they need to soften up the public so they are willing.
Apps like this provide a means - maybe they don't collect everything the security services want from the beginning, but we could see a creeping escalation, especially under coercion by the security services.
As for softening up, western governments are already very good at keeping the general populace fearful, whether it be the commies, Russians, Chinese, Islam, terrorists, etc, there is always some boogeyman de jour.
Apps like this could be the opportunity they need - the straw that broke the camel's back, convincing people it's all to save lives. "good citizens will use these apps to save lives - what have you got to hide?".
We’re already at the bottom of the hill of that slippery slope argument. Nearly everyone already carries the tools of mass surveillance around with them everywhere they go already.
What may or may not be partially missing (don’t forget, cell towers are already tracking everyone’s general location and governments can get that data in various ways) is the software and backend systems to collect that data and make it available to governments... and this contact tracing system isn’t that software and doesn’t have back end components.
So again: while these privacy concerns are valid, they have nothing to do with this contact tracing system
What may or may not be partially missing (don’t forget, cell towers are already tracking everyone’s general location and governments can get that data in various ways) is the software and backend systems to collect that data and make it available to governments... and this contact tracing system isn’t that software and doesn’t have back end components.
So again: while these privacy concerns are valid, they have nothing to do with this contact tracing system
A key difference for me is that it is way easier for the government to get a company or individual to give up keys or data than it is to get them to write the code to gather data in the first place. I'm sure there are those in government that are quite pleased that Apple and Google are doing it willingly.
First, you make some good points but you could have made them without rudely characterizing the author ("...but the gubment could.." etc.)
Second, the author is not wrong - when you build in tracking at such a deep-level it is open to abuse. Read the authors bio, he is not a naive techie. This is an area he has strong background in and deep technical knowledge.
Maybe this is the path forward, but Apple and Google appear to be rushing into this without considering the larger picture.
Second, the author is not wrong - when you build in tracking at such a deep-level it is open to abuse. Read the authors bio, he is not a naive techie. This is an area he has strong background in and deep technical knowledge.
Maybe this is the path forward, but Apple and Google appear to be rushing into this without considering the larger picture.
It’s exactly because of the Author’s bio that I come down hard on him.
He knows what he’s saying is wrong, and he knows that if the FUD he’s spreading catches on, a lot of suffering will happen that otherwise would not have.
> when you build in tracking at such a deep-level it is open to abuse.
True, which is why he should do an analysis of this system rather than this. He could be using his platform as an authority and presumed skills as a teacher to explain the system rather than spread misinformation.
He knows what he’s saying is wrong, and he knows that if the FUD he’s spreading catches on, a lot of suffering will happen that otherwise would not have.
> when you build in tracking at such a deep-level it is open to abuse.
True, which is why he should do an analysis of this system rather than this. He could be using his platform as an authority and presumed skills as a teacher to explain the system rather than spread misinformation.
No, what he is saying is very plausible and very likely correct. It is not mis-information. It is a well founded concern. I've been in tech long enough to know that what he is proposing is very possible.
Other commenters here go into better detail than I.
Other commenters here go into better detail than I.
Please do read comments by others. There are some good ones that go through, point by point, places where the author is wrong.
Also, the government already has this capability in place, they can track and bug individuals and groups via telecom networks.
Yes but previously they would have needed a law passed to do such monitoring without a warrant, now people are just volunteering it with the drive by apple and google to publically and very openly track who you hang out with, where you're going, where you've been and then enthusiastically sharing it with the government. This is the softening up. Once covid is over in a few months or years they will be like "well look at all the good we can do, now we can use it to track all sorts of diseases, crime patterns, what you had for dinner and how that ties in with your other webs of interaction TO HELP MAKE YOU SAFER"
Is a rubber stamped warrant which allows mass surveillance really a warrant at all? How many requests has the fisa court denied? Which law allows for warrantless collection of all this data?
There's quite a difference between either forcing Apple and Google to build such a feature, which seems hard, vs. just forcing them to turn an existing feature on.
Same for turning such a feature on surreptitiously vs. installing such a feature surreptitiously.
Same for turning such a feature on surreptitiously vs. installing such a feature surreptitiously.
It’s not just turning something on though.
This system doesn’t do what the author is talking about. It’s decentralized, opt-in, and transparent. The government would have to force Apple and Google to make it centralized, automatic, and secret. In others, force them to make a completely different platform.
This system doesn’t do what the author is talking about. It’s decentralized, opt-in, and transparent. The government would have to force Apple and Google to make it centralized, automatic, and secret. In others, force them to make a completely different platform.
The other thing is lets say the government decided to bring in this system and Google/Apple didn't give any feedback.
Then they just get a contractor to build an app that just broadcasts "I am Bob and I am at <location>" to nearby people and a central server. suddenly you have something way more open to abuse
Then they just get a contractor to build an app that just broadcasts "I am Bob and I am at <location>" to nearby people and a central server. suddenly you have something way more open to abuse
Exactly right. And as civil libertarian as I am, I'd rather have Google and Apple tracking my location for this prosocial cause than serving targeted ads. And it's not like Apple and Google aren't already tracking iOS and Android users anyway (albeit user-tweakable).
> There are always people who see a tragic pandemic and just see a chance to use the concern and attention to highlight their own cause
You say that like it's not a PR exercise for large corporations.
> the ones who fight against the efforts to mitigate the suffering
There's more than a few billions floating around off-shore that could have helped establish universal healthcare and social safety programs, but just being a good corporate citizen doesn't get headlines, so let's focus on panic situations and instead sell our new slogan:
"Nefarious, for good!"
("good" defined as "not as evil as a global health crisis"; disclaimers may apply)
You say that like it's not a PR exercise for large corporations.
> the ones who fight against the efforts to mitigate the suffering
There's more than a few billions floating around off-shore that could have helped establish universal healthcare and social safety programs, but just being a good corporate citizen doesn't get headlines, so let's focus on panic situations and instead sell our new slogan:
"Nefarious, for good!"
("good" defined as "not as evil as a global health crisis"; disclaimers may apply)
It’s opt-in.
App based on this technology has started working here at Bharat (a.k.a. India ) ( population 1.3 Billion ).
I hope the government uses it wisely.
https://play.google.com/store/apps/details?id=nic.goi.aarogy...
This seems to misunderstand or dismiss a lot of important details about the proposal.
> The current specifications allow phones to learn when and where they were in contact with another device.
That's over simplifying it massively. First the spec clearly states that no location data is recorded, since the location is not necessary for the application of contact tracing.
> By pushing a button on one phone, by reporting it as infected, all other phones that were recently in close proximity reveal themselves to the central server
This is not true, they clearly state that matches with a Diagnosis key is not uploaded to the diagnosis server.
> The current specifications allow phones to learn when and where they were in contact with another device. It is unclear whether the actual identity of that device is also revealed.
This is just not true, they make it abundantly clear in their specifications, that the identity of the device is never revealed.
> A company could install Bluetooth beacons equipped with this software at locations of interest (e.g. shopping malls). By reporting a particular beacon as ‘infected’ all phones (that have been lured into installing a loyalty app or that somehow have the SDK of the company embedded in some of the apps they use) will report that they were in the area.
This is not how this works, this is not how any of this works! It is highly speculative and extremely unlikely that any random APP will have access to the tracing key to make that even remotely plausible.
This criticism is obviously written by somebody who has not read the specification[1] or did not understood key aspects of it.
[1] https://www.apple.com/covid19/contacttracing/
> The current specifications allow phones to learn when and where they were in contact with another device.
That's over simplifying it massively. First the spec clearly states that no location data is recorded, since the location is not necessary for the application of contact tracing.
> By pushing a button on one phone, by reporting it as infected, all other phones that were recently in close proximity reveal themselves to the central server
This is not true, they clearly state that matches with a Diagnosis key is not uploaded to the diagnosis server.
> The current specifications allow phones to learn when and where they were in contact with another device. It is unclear whether the actual identity of that device is also revealed.
This is just not true, they make it abundantly clear in their specifications, that the identity of the device is never revealed.
> A company could install Bluetooth beacons equipped with this software at locations of interest (e.g. shopping malls). By reporting a particular beacon as ‘infected’ all phones (that have been lured into installing a loyalty app or that somehow have the SDK of the company embedded in some of the apps they use) will report that they were in the area.
This is not how this works, this is not how any of this works! It is highly speculative and extremely unlikely that any random APP will have access to the tracing key to make that even remotely plausible.
This criticism is obviously written by somebody who has not read the specification[1] or did not understood key aspects of it.
[1] https://www.apple.com/covid19/contacttracing/
You trust them to not log that information when it is all clearly available to them? You are trusting apple, google, and the US government to not do the wrong thing? Or to not use this as a stepping stone to a permanent and more invasive "feature" to insure your safety?
You can argue this without having to misrepresent or lie about what their proposal says. It hurts your credibility if you do even if you were to have a perfectly valid argument.
Note: In China it's private businesses, not the government, that force people to install the tracing apps on their phones before being let into their establishments. The same thing can and probably will happen here : get tracked or be denied service.
The government doesn't have to do anything.
The government doesn't have to do anything.
Wait a minute, aren't all private businesses owned or controlled by the CCP?
These hand waving, overly dismissive, FUD articles need to stop. Propose an alternative or shut up and sit down. Complaining about a tactic to combat a pandemic without a solution of your own is the lowest form of civic participation.
I'm sure they'll become illegal soon.
Why do we need apple and google to do this and not support an open project like https://www.pepp-pt.org/ ?
Improving healthcare outcomes is crucially important at the moment, and technology can help with that.
That said, there's risk in globally deploying platform-level technology changes which could be difficult to roll back and are not held democratically accountable.
It may be worth considering time-limits on rapidly-introduced technology changes like this. We cannot always anticipate all the side-effects of technology, and if we do need to introduce them suddenly, we should be thoughtful and deliberate about evaluating their effect as we do.
It seems apparent that Apple and Google are the entities holding the reins on this particular implementation. Yes the technology is opt-in; but that could be seen as a way to make a potentially bitter pill palatable for both citizens and their governments.
After a global recovery, imagine what the world might be like if nearly all daily interactions between people with Android or Apple smart devices have to be assumed known to their local authorities (including in locations with repressive regimes).
Perhaps that would appear acceptable, under some circumstances, to some people in some cultures. I think it'd be hard for almost anyone to quantify.
I'd suspect that an environment like this would lead to a significant loss of privacy and a resulting chilling effect in the types of activities and relationships that people build.
Even if that's a pessimistic outlook, it may be worth questioning whether two corporations from a single country should have the power to effect such large changes without at least constraining their effect to the duration of the COVID-19 crisis.
That said, there's risk in globally deploying platform-level technology changes which could be difficult to roll back and are not held democratically accountable.
It may be worth considering time-limits on rapidly-introduced technology changes like this. We cannot always anticipate all the side-effects of technology, and if we do need to introduce them suddenly, we should be thoughtful and deliberate about evaluating their effect as we do.
It seems apparent that Apple and Google are the entities holding the reins on this particular implementation. Yes the technology is opt-in; but that could be seen as a way to make a potentially bitter pill palatable for both citizens and their governments.
After a global recovery, imagine what the world might be like if nearly all daily interactions between people with Android or Apple smart devices have to be assumed known to their local authorities (including in locations with repressive regimes).
Perhaps that would appear acceptable, under some circumstances, to some people in some cultures. I think it'd be hard for almost anyone to quantify.
I'd suspect that an environment like this would lead to a significant loss of privacy and a resulting chilling effect in the types of activities and relationships that people build.
Even if that's a pessimistic outlook, it may be worth questioning whether two corporations from a single country should have the power to effect such large changes without at least constraining their effect to the duration of the COVID-19 crisis.
Maybe the best thing to come out of this crisis is a chip in the armor for the privacy-over-everything crowd.
This is a particular problem in the US where in the name of "freedom" people feel entitled to do whatever they want. I've come around to thinking that this is little more than a mass rationalization for selfishness and cruelty.
I think back to things like the Trump administration separating children from parents in detention facilities, a measure so cruel that it was one of the few times such a policy of this government has been reversed. This has long term harm on children (seriously, google it) but yet it's justified by some out of a sense of fear that somehow these immigrants are criminals or just "stealing their jobs" or "jumping the queue" when most are just trying to escape pretty terrible situations.
Honestly, I see more outrage over animal cruelty than I did from removing three year olds from their parents.
In years passed, we as a society endured a lot when required. In the World Wars, there was rationing and a lot of sacrifice to support the war effort.
But we've somehow transitioned into a society where we don't want to do anything for anyone. And we want to call that "liberty".
What we have here is something that may help tracking contacts for a disease we need to fight. That seems like a good thing to me. I don't give an F that some privacy nut may think "but the government might use this to track us".
Not every surface is a slippery slope.
Just like we had curfews, rations, shortages, blackout blinds and so forth in WW2 and now we don't. Not everything has to get worse.
This is a particular problem in the US where in the name of "freedom" people feel entitled to do whatever they want. I've come around to thinking that this is little more than a mass rationalization for selfishness and cruelty.
I think back to things like the Trump administration separating children from parents in detention facilities, a measure so cruel that it was one of the few times such a policy of this government has been reversed. This has long term harm on children (seriously, google it) but yet it's justified by some out of a sense of fear that somehow these immigrants are criminals or just "stealing their jobs" or "jumping the queue" when most are just trying to escape pretty terrible situations.
Honestly, I see more outrage over animal cruelty than I did from removing three year olds from their parents.
In years passed, we as a society endured a lot when required. In the World Wars, there was rationing and a lot of sacrifice to support the war effort.
But we've somehow transitioned into a society where we don't want to do anything for anyone. And we want to call that "liberty".
What we have here is something that may help tracking contacts for a disease we need to fight. That seems like a good thing to me. I don't give an F that some privacy nut may think "but the government might use this to track us".
Not every surface is a slippery slope.
Just like we had curfews, rations, shortages, blackout blinds and so forth in WW2 and now we don't. Not everything has to get worse.
> But we've somehow transitioned into a society where we don't want to do anything for anyone. And we want to call that "liberty".
Agreed - rights without responsibilities are just privileges.
> Not every surface is a slippery slope.
Maybe, maybe not. The whole point of the slippery slope metaphor is that it's hard to know when to stop. I think this is a better trade-off than the economy sinking though.
Agreed - rights without responsibilities are just privileges.
> Not every surface is a slippery slope.
Maybe, maybe not. The whole point of the slippery slope metaphor is that it's hard to know when to stop. I think this is a better trade-off than the economy sinking though.
If governments and cellular service providers already have the capability to track cell phones users and generate lists of people in close proximity, then why does Apple and Google need to create this contact tracing platform? Why are governments and cellular service providers not using this existing capability if they possess it?
I am not trying to imply that they do not have this capability. It just seems odd.
I also have a question: can this feature disabled simply via disabling Bluetooth?
I am not trying to imply that they do not have this capability. It just seems odd.
I also have a question: can this feature disabled simply via disabling Bluetooth?
In my humble opinion, this platform aims to track if people had got contact by bluetooth with other people that might have the virus.
The virus can remain in surfaces up to 3 days(https://www.immedicohospitalario.es/noticia/18729/new-corona...).
With bluetooth you can not track the surfaces, so the ratio of false positives and false negatives will be high.
The best way to stop possible infections remains in individual measures anyone can take. For this reason, I think that the objective of this platform is to track people, not stop the virus.
The virus can remain in surfaces up to 3 days(https://www.immedicohospitalario.es/noticia/18729/new-corona...).
With bluetooth you can not track the surfaces, so the ratio of false positives and false negatives will be high.
The best way to stop possible infections remains in individual measures anyone can take. For this reason, I think that the objective of this platform is to track people, not stop the virus.
That's a logical fallacy. This app not being able to prevent all possible infections and having false positives / false negatives does not automatically mean that its sole purpose is to track users.
There are multiple scientific studies that support the use of an app as one of many measures for ending the lockdown which already takes away many basic rights at the moment. Even though viral RNA can be found on surfaces after hours this does not mean that surfaces are an important vector for transmission and all studies so far point in the opposite direction. What is very concerning however is that close to 50% of all tranmissions happen during the first few days of infection when the host is not experiencing any symptoms. In the absence of symptoms and given the many limitations of personal follow-up through the authorities (which gives them much more data on your person than this app ever could btw) an automatic notification system is the only way short of a complete shutdown to quarantine infected but currently asymptomatic patients and halt the spread of the virus.
Privacy-wise you would be worse of in any other situation as well. Do you want the shutdown to continue and police to be able to control you at any time when you leave your appartement? Do you want government workers asking the infected who they have been in contact with during the last weeks and them to give your name, address and contact details to the government? Do you want the economical crisis to continue and people to have to share all possible details with the government in order to get unemployment benefits? Also, Apple and Google already control your operating system and have much more data on you than this app could provide them with through their OSs and all their apps. What they could gain would at most be the knowledge of wether you could have been in contact with an infected person. Leaving aside that their system as outlined atm would not even allow them to do that, what would they gain? For most people there won't be any lasting effects so there ara no charateristics inherent to the group that can be targeted. It will also affect a huge chunk of the world's population, chances are that most people will have to quarantine at some point and then that data will be almost worthless.
There are multiple scientific studies that support the use of an app as one of many measures for ending the lockdown which already takes away many basic rights at the moment. Even though viral RNA can be found on surfaces after hours this does not mean that surfaces are an important vector for transmission and all studies so far point in the opposite direction. What is very concerning however is that close to 50% of all tranmissions happen during the first few days of infection when the host is not experiencing any symptoms. In the absence of symptoms and given the many limitations of personal follow-up through the authorities (which gives them much more data on your person than this app ever could btw) an automatic notification system is the only way short of a complete shutdown to quarantine infected but currently asymptomatic patients and halt the spread of the virus.
Privacy-wise you would be worse of in any other situation as well. Do you want the shutdown to continue and police to be able to control you at any time when you leave your appartement? Do you want government workers asking the infected who they have been in contact with during the last weeks and them to give your name, address and contact details to the government? Do you want the economical crisis to continue and people to have to share all possible details with the government in order to get unemployment benefits? Also, Apple and Google already control your operating system and have much more data on you than this app could provide them with through their OSs and all their apps. What they could gain would at most be the knowledge of wether you could have been in contact with an infected person. Leaving aside that their system as outlined atm would not even allow them to do that, what would they gain? For most people there won't be any lasting effects so there ara no charateristics inherent to the group that can be targeted. It will also affect a huge chunk of the world's population, chances are that most people will have to quarantine at some point and then that data will be almost worthless.
> all studies so far point in the opposite direction
Do you have any source of this information?
> close to 50% of all tranmissions happen during the first few days
What's the source of this information?
Do you have any source of this information?
> close to 50% of all tranmissions happen during the first few days
What's the source of this information?
For the second point, take a look at these studies:
Ferretti et al. (2020). Quantifying dynamics of SARS-CoV-2 transmission suggests that epidemic control and avoidance is feasible through instantaneous digital contact tracing. Science. https://science.sciencemag.org/content/early/2020/04/09/scie...
Ganyani, Tapiwa, et al. "Estimating the generation interval for COVID-19 based on symptom onset data." medRxiv (2020). https://www.medrxiv.org/content/10.1101/2020.03.05.20031815v...
The first study also touches on the point of transmission through surfaces which they argue should be at the very most 10% of all cases but probably less and a German virologist who's one of the leading experts in coronaviruses, Prof. Dr. Drosten, said that he and many others believe that surface transmission is almost negligible: https://www.ndr.de/nachrichten/info/coronaskript162.pdf (in German).
Ferretti et al. (2020). Quantifying dynamics of SARS-CoV-2 transmission suggests that epidemic control and avoidance is feasible through instantaneous digital contact tracing. Science. https://science.sciencemag.org/content/early/2020/04/09/scie...
Ganyani, Tapiwa, et al. "Estimating the generation interval for COVID-19 based on symptom onset data." medRxiv (2020). https://www.medrxiv.org/content/10.1101/2020.03.05.20031815v...
The first study also touches on the point of transmission through surfaces which they argue should be at the very most 10% of all cases but probably less and a German virologist who's one of the leading experts in coronaviruses, Prof. Dr. Drosten, said that he and many others believe that surface transmission is almost negligible: https://www.ndr.de/nachrichten/info/coronaskript162.pdf (in German).