Would you install and use an NHS Covid tracking app?
Poll: Would you install and use an NHS Covid tracking app?
Total Members Polled: 875
Discussion
pip t said:
Interesting article in Wired on this, examining some of the problems with it.
https://www.wired.com/story/apple-google-contact-t...
Interesting to note that the inclusion of GPS/ other metrics in each health authority’s end app would merely be against ‘policy’ - no real indication of whether this would be enforced or not.
Good article, looks ok & no major worries there for me.https://www.wired.com/story/apple-google-contact-t...
Interesting to note that the inclusion of GPS/ other metrics in each health authority’s end app would merely be against ‘policy’ - no real indication of whether this would be enforced or not.
Edited by pip t on Monday 20th April 01:55
Edited by pip t on Monday 20th April 01:56
Reasonable chance that Facebook Google & maybe Amazon know if you're +ve already... (assuming you use these apps of course).
Everyone is worried about privacy, but avoiding the problem that it won't actually work - nothing to do with perfection, you can't really model infectious transmission with Bluetooth, sometimes "there's an app for that" is the wrong answer.
All you can interpret from Bluetooth is signal strength. You have no clue if you're shielded, the other person is shielded, or you're just a long way away. You can try and match cellular signal degradation to work out if you are shielded, but that's about it - the other two factors are completely unknown. Bluetooth signal strength cannot differentiate between you walking next to someone, holding your laptop in front of your phone to block the signal, and walking 5 metres from them. So the claim "we can work out if you're within infectious range using Bluetooth" is rubbish.
Then you get to the timing issue. We appear to have an arbitrary "10 minute" factor that means the app will only alert you if you've been close to someone for 10 minutes. That's clearly rubbish - you can get it from a single cough, or grabbing a handrail that someone has grabbed a second ago. The 10 minutes is a random number someone has put in to avoid a tidal wave of false positives. If 10 minutes was "real" the lock down rules would be different...
So, we've got a detection mechanism that is fundamentally flawed, and a false positive filter that has no basis in science. According to this app, you can't catch it on the tube, a bus or in a lift. You can catch it talking to someone for 10 minutes, who you probably know well enough to be told if they have it by your colleagues or friends.
All you can interpret from Bluetooth is signal strength. You have no clue if you're shielded, the other person is shielded, or you're just a long way away. You can try and match cellular signal degradation to work out if you are shielded, but that's about it - the other two factors are completely unknown. Bluetooth signal strength cannot differentiate between you walking next to someone, holding your laptop in front of your phone to block the signal, and walking 5 metres from them. So the claim "we can work out if you're within infectious range using Bluetooth" is rubbish.
Then you get to the timing issue. We appear to have an arbitrary "10 minute" factor that means the app will only alert you if you've been close to someone for 10 minutes. That's clearly rubbish - you can get it from a single cough, or grabbing a handrail that someone has grabbed a second ago. The 10 minutes is a random number someone has put in to avoid a tidal wave of false positives. If 10 minutes was "real" the lock down rules would be different...
So, we've got a detection mechanism that is fundamentally flawed, and a false positive filter that has no basis in science. According to this app, you can't catch it on the tube, a bus or in a lift. You can catch it talking to someone for 10 minutes, who you probably know well enough to be told if they have it by your colleagues or friends.
France now asking Apple to lift the privacy restrictions on blue tooth.
https://www.bloomberg.com/news/articles/2020-04-20...
Not long after they fined them a billon and a bit for some anti trust reasons (not read fully, not sure what that spat was about apart from this article).
https://www.reuters.com/article/us-apple-competiti...
https://www.bloomberg.com/news/articles/2020-04-20...
Not long after they fined them a billon and a bit for some anti trust reasons (not read fully, not sure what that spat was about apart from this article).
https://www.reuters.com/article/us-apple-competiti...
Zirconia said:
France now asking Apple to lift the privacy restrictions on blue tooth.
https://www.bloomberg.com/news/articles/2020-04-20...
I hope Apple tell them to do one. And the NHS.https://www.bloomberg.com/news/articles/2020-04-20...
I might have to look at the new SE...
Zirconia said:
France now asking Apple to lift the privacy restrictions on blue tooth.
https://www.bloomberg.com/news/articles/2020-04-20...
Not long after they fined them a billon and a bit for some anti trust reasons (not read fully, not sure what that spat was about apart from this article).
https://www.reuters.com/article/us-apple-competiti...
Just spotted this in the Guardian and was about to post it here but already seen!https://www.bloomberg.com/news/articles/2020-04-20...
Not long after they fined them a billon and a bit for some anti trust reasons (not read fully, not sure what that spat was about apart from this article).
https://www.reuters.com/article/us-apple-competiti...
It's an interesting situation, largely I imagine resolving itself based on who doesn't blink first with pressure applied. I hope Apple/ Google maintain it. Quite apart from this particular tracking app, allowing more access to the core systems of the phone enables other governments, with possibly less good records in human rights to do the same thing.
If it's going to work at all, this app hinges on getting the most people to download it that they possibly can. Any sniff of invasive data collection will put a huge amount of people off using it. I would certainly be thinking carefully about it, and while I have slight tin foil tendencies, I'd class myself as a very mild example.
I too, hope Apple/ Google stick to their guns.
grumbledoak said:
I hope Apple tell them to do one. And the NHS.
I might have to look at the new SE...
Not really for this thread, but if you're in the iOS ecosystem and don't need the best camera/biggest screen etc, the new SE is a stonking bargain. You're getting the latest processor, which should keep it viable for a good few years, for a fraction of the price of the flagships.I might have to look at the new SE...
rxe said:
Everyone is worried about privacy, but avoiding the problem that it won't actually work - nothing to do with perfection, you can't really model infectious transmission with Bluetooth, sometimes "there's an app for that" is the wrong answer.
All you can interpret from Bluetooth is signal strength. You have no clue if you're shielded, the other person is shielded, or you're just a long way away. You can try and match cellular signal degradation to work out if you are shielded, but that's about it - the other two factors are completely unknown. Bluetooth signal strength cannot differentiate between you walking next to someone, holding your laptop in front of your phone to block the signal, and walking 5 metres from them. So the claim "we can work out if you're within infectious range using Bluetooth" is rubbish.
Then you get to the timing issue. We appear to have an arbitrary "10 minute" factor that means the app will only alert you if you've been close to someone for 10 minutes. That's clearly rubbish - you can get it from a single cough, or grabbing a handrail that someone has grabbed a second ago. The 10 minutes is a random number someone has put in to avoid a tidal wave of false positives. If 10 minutes was "real" the lock down rules would be different...
So, we've got a detection mechanism that is fundamentally flawed, and a false positive filter that has no basis in science. According to this app, you can't catch it on the tube, a bus or in a lift. You can catch it talking to someone for 10 minutes, who you probably know well enough to be told if they have it by your colleagues or friends.
While I agree with all of that, we shouldn’t let perfect be the enemy of useful. All you can interpret from Bluetooth is signal strength. You have no clue if you're shielded, the other person is shielded, or you're just a long way away. You can try and match cellular signal degradation to work out if you are shielded, but that's about it - the other two factors are completely unknown. Bluetooth signal strength cannot differentiate between you walking next to someone, holding your laptop in front of your phone to block the signal, and walking 5 metres from them. So the claim "we can work out if you're within infectious range using Bluetooth" is rubbish.
Then you get to the timing issue. We appear to have an arbitrary "10 minute" factor that means the app will only alert you if you've been close to someone for 10 minutes. That's clearly rubbish - you can get it from a single cough, or grabbing a handrail that someone has grabbed a second ago. The 10 minutes is a random number someone has put in to avoid a tidal wave of false positives. If 10 minutes was "real" the lock down rules would be different...
So, we've got a detection mechanism that is fundamentally flawed, and a false positive filter that has no basis in science. According to this app, you can't catch it on the tube, a bus or in a lift. You can catch it talking to someone for 10 minutes, who you probably know well enough to be told if they have it by your colleagues or friends.
This isn’t going to pick up that you crossed paths with someone in the street.
It will pick up that you shared a bus/tube/office whatever with them, and could be used to reduce risk and drive the R0 down.
I’ve briefly scanned the documentation from google/Apple and can’t see an obvious privacy risk if they do what they say they do.
Mr E said:
rxe said:
Everyone is worried about privacy, but avoiding the problem that it won't actually work - nothing to do with perfection, you can't really model infectious transmission with Bluetooth, sometimes "there's an app for that" is the wrong answer.
All you can interpret from Bluetooth is signal strength. You have no clue if you're shielded, the other person is shielded, or you're just a long way away. You can try and match cellular signal degradation to work out if you are shielded, but that's about it - the other two factors are completely unknown. Bluetooth signal strength cannot differentiate between you walking next to someone, holding your laptop in front of your phone to block the signal, and walking 5 metres from them. So the claim "we can work out if you're within infectious range using Bluetooth" is rubbish.
Then you get to the timing issue. We appear to have an arbitrary "10 minute" factor that means the app will only alert you if you've been close to someone for 10 minutes. That's clearly rubbish - you can get it from a single cough, or grabbing a handrail that someone has grabbed a second ago. The 10 minutes is a random number someone has put in to avoid a tidal wave of false positives. If 10 minutes was "real" the lock down rules would be different...
So, we've got a detection mechanism that is fundamentally flawed, and a false positive filter that has no basis in science. According to this app, you can't catch it on the tube, a bus or in a lift. You can catch it talking to someone for 10 minutes, who you probably know well enough to be told if they have it by your colleagues or friends.
While I agree with all of that, we shouldn’t let perfect be the enemy of useful. All you can interpret from Bluetooth is signal strength. You have no clue if you're shielded, the other person is shielded, or you're just a long way away. You can try and match cellular signal degradation to work out if you are shielded, but that's about it - the other two factors are completely unknown. Bluetooth signal strength cannot differentiate between you walking next to someone, holding your laptop in front of your phone to block the signal, and walking 5 metres from them. So the claim "we can work out if you're within infectious range using Bluetooth" is rubbish.
Then you get to the timing issue. We appear to have an arbitrary "10 minute" factor that means the app will only alert you if you've been close to someone for 10 minutes. That's clearly rubbish - you can get it from a single cough, or grabbing a handrail that someone has grabbed a second ago. The 10 minutes is a random number someone has put in to avoid a tidal wave of false positives. If 10 minutes was "real" the lock down rules would be different...
So, we've got a detection mechanism that is fundamentally flawed, and a false positive filter that has no basis in science. According to this app, you can't catch it on the tube, a bus or in a lift. You can catch it talking to someone for 10 minutes, who you probably know well enough to be told if they have it by your colleagues or friends.
This isn’t going to pick up that you crossed paths with someone in the street.
It will pick up that you shared a bus/tube/office whatever with them, and could be used to reduce risk and drive the R0 down.
I’ve briefly scanned the documentation from google/Apple and can’t see an obvious privacy risk if they do what they say they do.
fblm said:
Mr E said:
rxe said:
Everyone is worried about privacy, but avoiding the problem that it won't actually work - nothing to do with perfection, you can't really model infectious transmission with Bluetooth, sometimes "there's an app for that" is the wrong answer.
All you can interpret from Bluetooth is signal strength. You have no clue if you're shielded, the other person is shielded, or you're just a long way away. You can try and match cellular signal degradation to work out if you are shielded, but that's about it - the other two factors are completely unknown. Bluetooth signal strength cannot differentiate between you walking next to someone, holding your laptop in front of your phone to block the signal, and walking 5 metres from them. So the claim "we can work out if you're within infectious range using Bluetooth" is rubbish.
Then you get to the timing issue. We appear to have an arbitrary "10 minute" factor that means the app will only alert you if you've been close to someone for 10 minutes. That's clearly rubbish - you can get it from a single cough, or grabbing a handrail that someone has grabbed a second ago. The 10 minutes is a random number someone has put in to avoid a tidal wave of false positives. If 10 minutes was "real" the lock down rules would be different...
So, we've got a detection mechanism that is fundamentally flawed, and a false positive filter that has no basis in science. According to this app, you can't catch it on the tube, a bus or in a lift. You can catch it talking to someone for 10 minutes, who you probably know well enough to be told if they have it by your colleagues or friends.
While I agree with all of that, we shouldn’t let perfect be the enemy of useful. All you can interpret from Bluetooth is signal strength. You have no clue if you're shielded, the other person is shielded, or you're just a long way away. You can try and match cellular signal degradation to work out if you are shielded, but that's about it - the other two factors are completely unknown. Bluetooth signal strength cannot differentiate between you walking next to someone, holding your laptop in front of your phone to block the signal, and walking 5 metres from them. So the claim "we can work out if you're within infectious range using Bluetooth" is rubbish.
Then you get to the timing issue. We appear to have an arbitrary "10 minute" factor that means the app will only alert you if you've been close to someone for 10 minutes. That's clearly rubbish - you can get it from a single cough, or grabbing a handrail that someone has grabbed a second ago. The 10 minutes is a random number someone has put in to avoid a tidal wave of false positives. If 10 minutes was "real" the lock down rules would be different...
So, we've got a detection mechanism that is fundamentally flawed, and a false positive filter that has no basis in science. According to this app, you can't catch it on the tube, a bus or in a lift. You can catch it talking to someone for 10 minutes, who you probably know well enough to be told if they have it by your colleagues or friends.
This isn’t going to pick up that you crossed paths with someone in the street.
It will pick up that you shared a bus/tube/office whatever with them, and could be used to reduce risk and drive the R0 down.
I’ve briefly scanned the documentation from google/Apple and can’t see an obvious privacy risk if they do what they say they do.
fblm said:
The ability to map disparate infections back to a single source or place through asymptomatic 3rd parties should increase our understanding of what to target to help guard against future outbreaks too.
Just to pick up this point, this is one thing it won't do, provided it's created as advertised. It'll let each individual 'potential infectee' know that they need to self isolate, but it won't allow the data to be used by authorities to trace the people concerned, or to map infection through the data. That's part of the privacy aspect. It simply works to reduce secondary infections through the individual, not through reporting, unless the individual chooses to allow this.Edited by pip t on Tuesday 21st April 20:08
pip t said:
Just to pick up this point, this is one thing it won't do, provided it's created as advertised. It'll let each individual 'potential infectee' know that they need to self isolate, but it won't allow the data to be used by authorities to trace the people concerned, or to map infection through the data. That's part of the privacy aspect. It simply works to reduce secondary infections through the individual, not through reporting, unless the individual chooses to allow this.
Thanks. Missed opportunity then it seems. Given the data google, apple, amazon and facebook already have on us I'm really struggling to see what the privacy problem is. Like anyone gives a crap where i am or who i meet.Edited by pip t on Tuesday 21st April 20:08
pip t said:
Just to pick up this point, this is one thing it won't do, provided it's created as advertised. It'll let each individual 'potential infectee' know that they need to self isolate, but it won't allow the data to be used by authorities to trace the people concerned, or to map infection through the data. That's part of the privacy aspect. It simply works to reduce secondary infections through the individual, not through reporting, unless the individual chooses to allow this.
It's been designed to maximise privacy with inevitable limits on the effectiveness. I'm convinced that if you started with the objective of saving lives (or lifting the lockdown with the least threat) then you would end up in a completely different place. Edited by pip t on Tuesday 21st April 20:08
Respect for privacy is very likely to contribute towards killing people, or imposing huge economic cost. It's not free.
Mr E said:
While I agree with all of that, we shouldn’t let perfect be the enemy of useful.
This isn’t going to pick up that you crossed paths with someone in the street.
It will pick up that you shared a bus/tube/office whatever with them, and could be used to reduce risk and drive the R0 down.
I’ve briefly scanned the documentation from google/Apple and can’t see an obvious privacy risk if they do what they say they do.
It won’t pick up that you shared a bus or tube with someone on a typical London journey. It won’t be able to detect that you stood behind someone in a queue for a few minutes. If it is going to do those things, then the timeout will have to drop to less than a minute. Drop the timeout to less than a minute, and you’ll get an alert every day.This isn’t going to pick up that you crossed paths with someone in the street.
It will pick up that you shared a bus/tube/office whatever with them, and could be used to reduce risk and drive the R0 down.
I’ve briefly scanned the documentation from google/Apple and can’t see an obvious privacy risk if they do what they say they do.
Most people share office space with people they know - as in the people they work with. Thus they will know someone is ill when they call in sick - which they will probably do before updating the app.
The only people this works for are the tech bros who think everyone works in WeWork, and that sitting next to complete strangers in the office is normal. Very few people work like that.
Just imagine yourself as infectious and going about your normal working day. This would certainly miss >90% of my infection opportunities as currently designed.
I won't be installing it. Primarily but not only because of the privacy angle and specifically the sharing of data; it didn't even (iirc) list what data it/they would share. Also it relies on humans being accurate doesn't it, in declaring symptoms. Seems susceptible to abuse/stupidity.
fblm said:
Thanks. Missed opportunity then it seems. Given the data google, apple, amazon and facebook already have on us I'm really struggling to see what the privacy problem is. Like anyone gives a crap where i am or who i meet.
Indeed, Google, Amazon, Facebook suck down your data like it's going out of fashion. Apple takes rather less, but granted, it's not entirely as angelic as it likes to present itself. However, there's a fundamental difference between a commercial company harvesting your data, and a government agency doing so. Commercial companies can target advertising. Governments can lock you up. That's an extreme argument I realise, and in this case one would hope it would go to PHE and no further, and not be subject to any mission creep. But you can't guarantee that, and there's a strong argument for not allowing governments to track the movements of their citizens in this manner.richie99 said:
It's been designed to maximise privacy with inevitable limits on the effectiveness. I'm convinced that if you started with the objective of saving lives (or lifting the lockdown with the least threat) then you would end up in a completely different place.
Respect for privacy is very likely to contribute towards killing people, or imposing huge economic cost. It's not free.
Undoubtably. And your opinion on that will vary from person to person, on their attitude to privacy, tolerance of data gathering, suspicion of authority and how they balance life/ the economy/ privacy. The issue here is that to have a chance of having any effect, we need to maximise the uptake of this. Granted, it may have more effect and utility if it provided location data, and personal details to PHE/ NHS, but that may massively reduce the uptake. Better surely to get a lot of people downloading it and get at least some effect from it, even if it's not the full potential?Respect for privacy is very likely to contribute towards killing people, or imposing huge economic cost. It's not free.
Mr E said:
It occurs to me that there’s a risk of people crying wolf, and nothing apparently to stop them.
There is that risk yes. If I recall correctly, the proposed NHS app will have two levels of alert - yellow, if triggered by someone self declaring they've got CV19, or red if they've been tested. If they've been tested, the idea is the doctor/official that tests them gives them a code to input into the app to confirm it's genuine, and the app will only trigger red alerts with a code entered. The idea being I guess is if your phone pings you with yellow, you use your judgement on what you need to do, if it pings you with red you're obliged to self isolate. How that's enforced I'm not really sure.....?!bmwmike said:
I won't be installing it. Primarily but not only because of the privacy angle and specifically the sharing of data; it didn't even (iirc) list what data it/they would share. Also it relies on humans being accurate doesn't it, in declaring symptoms. Seems susceptible to abuse/stupidity.
So the way this works is by phones exchanging cryptographic keys over bluetooth. There's no identifying information attached to them, so no meaningful data to share. The only data it shares, with the users permission, is the list of your keys from the last 14 days if you start to experience CV19 symptoms/have a test. A central server stores these lists of 'infected keys' which your phone downloads periodically. If any of them matches the keys your phone has generated, it alerts you. Yes, there is a risk of abuse of the system, but see above for the way that's to an extent mitigated through two levels of alerts.
Edited by pip t on Tuesday 21st April 23:51
rxe said:
It won’t pick up that you shared a bus or tube with someone on a typical London journey. It won’t be able to detect that you stood behind someone in a queue for a few minutes. If it is going to do those things, then the timeout will have to drop to less than a minute. Drop the timeout to less than a minute, and you’ll get an alert every day.
There was a study earlier in this whole saga, which indicated that you realistically needed 10-15 minutes of exposure to an infected person to run a real risk of catching it. So if you share your bus or tube for less than this, sure, it won't alert you, but you also have a fairly low risk of picking it up. Share your bus or tube with them for 10-15 mins or longer, then yes it will detect it. Of course, if something extreme happens - if you have only passing contact with someone but they cough all over you, there's a high risk there that it won't detect....but that's a bit of an edge case.rxe said:
Most people share office space with people they know - as in the people they work with. Thus they will know someone is ill when they call in sick - which they will probably do before updating the app.
The only people this works for are the tech bros who think everyone works in WeWork, and that sitting next to complete strangers in the office is normal. Very few people work like that.
Just imagine yourself as infectious and going about your normal working day. This would certainly miss >90% of my infection opportunities as currently designed.
The aspect it can help with is in pre-symptomatic transmission. Sure, if you work with someone, you probably will find out they started getting symptoms through other means, but imagine you meet a prospective client for a meeting. They are infected, but have no symptoms yet. 3 days later, they start showing symptoms. Its not someone you work with, so you're unlikely to find out they've phoned in sick, but your app will alert you.The only people this works for are the tech bros who think everyone works in WeWork, and that sitting next to complete strangers in the office is normal. Very few people work like that.
Just imagine yourself as infectious and going about your normal working day. This would certainly miss >90% of my infection opportunities as currently designed.
At the end of the day, your points are very valid, it's far from perfect. But it can help in some circumstances. Surely that's better than not having it at all?
Edited by pip t on Tuesday 21st April 23:54
pip t said:
So the way this works is by phones exchanging cryptographic keys over bluetooth. There's no identifying information attached to them, so no meaningful data to share. The only data it shares, with the users permission, is the list of your keys from the last 14 days if you start to experience CV19 symptoms/have a test. A central server stores these lists of 'infected keys' which your phone downloads periodically. If any of them matches the keys your phone has generated, it alerts you.
Yes, there is a risk of abuse of the system, but see above for the way that's to an extent mitigated through two levels of alerts.
I've searched but cannot seem to find any third party security assessment of the app, do you know of any? Would be good if they made the code available for public review.Yes, there is a risk of abuse of the system, but see above for the way that's to an extent mitigated through two levels of alerts.
Edited by pip t on Tuesday 21st April 23:51
bmwmike said:
I've searched but cannot seem to find any third party security assessment of the app, do you know of any? Would be good if they made the code available for public review.
I don't know of any third party audits yet, no. There's quite a lot of comment on it from pretty reputable tech journalists/ outlets, but it's all a rather recent development for a full assessment/ audit to have taken place.. I believe Andy Greenberg has an article in The Wired about it, which is probably the closest you'll get.Edited to add link: https://www.wired.com/story/apple-google-contact-t...
Hancock did say when announcing it that the NHS app would be open sourced - whether that actually happens or not....we'll see!
Bear in mind what Apple/ Google are doing is creating a protocol and an API, not an app. Individual health bodies will be responsible for building the front end - in our case NHSX. Eventually they are intending to incorporate this into iOS/ Android as part of the OS, but that's not what's happening initially.
Edited by pip t on Wednesday 22 April 00:35
Gassing Station | News, Politics & Economics | Top of Page | What's New | My Stuff