[clug] Apple-Google Contact Tracing API. V1 released May 20, 2020

jhock at iinet.net.au jhock at iinet.net.au
Tue May 26 00:56:45 UTC 2020

Sorry. I used the term "broadband" when I should have used "broadcast". It's been a while since thinking about these things. :--)

Also, I see that the "broadcast" option is not necessary and has been addressed by another post:

"The other way around: the central database only holds a list of
contact-tags uploaded by the COVID-19-positive subject. The other
participants in the contact-tracing network regularly check the central
database to fetch any new contact-tags added to it, then the local device
notifies the local user that they've had contact with a suspect and need to
get tested. There's no matching done at the server end, it's only there as
a repository of contact-tags uploaded by subject". 

Is this the way an app will work or how it may work? 


On 26 May 2020 10:41:59 am AEST, "jhock at iinet.net.au" <jhock at iinet.net.au> wrote:
>Please see below:
>On 25 May 2020 1:16:46 pm AEST, Hugh Fisher via linux
><linux at lists.samba.org> wrote:
>>On Mon, May 25, 2020 at 8:16 AM steve jenkin via linux
>><linux at lists.samba.org> wrote:
>>> The Apple-Google notification service is designed to be anonymous &
>>tracking-resistant, without a central database of user details or
>>central processing of contacts.
>>> There is a central database of rapidly (15-30 min) keys generated on
>I'm confused. In one sentence it is explained "anonymous &
>tracking-resistant, without a central database of user details or
>central processing of contacts" and then in the very next sentence,
>"There is a central database of rapidly (15-30 min) keys generated on
>Should this be "There is a database of rapidly (15-30 min) keys
>generated on devices." or is there a central database that stores the
>"keys generated on devices."? If it is the former then it seems to be
>considerate of peoples' privacy. If the latter then people's
>information is stored on a central database. 
>>> App users who are diagnosed Covid-19 positive, notify the App, which
>>uploads the last 14 days of keys ’seen’ by the device. The devices
>>those keys are sent notifications.
>>> It’s unclear to me how the keys-device connection is made within the
>>server database.
>>> The Notification side of the server must push a notification to
>>devices (presumably when they connect to upload keys).
>It would seem that a covid-19 positive person should voluntarily use
>the app (in our case, written or approved by the Department of Health
>(DoH) ) to upload the keys, that were on the covid-19 positive person's
>device, to a central database managed by DoH. The DoH database would
>then use those keys to notify the devices that contained those keys. 
>There must be some way for the DoH central database to map the keys to
>a mobile phone number which was probably stored on the DoH central
>database during registration. Doesn't that mean that the keys have to
>be regularly (possibly "15-30 min") loaded onto the central database
>for the match to occur and therefore DoH to know whom to notify of the
>possible infection?
>Or, is there a broadband notification of the possibly infected keys to
>all mobile devices that have the DoH app. Each device will then look
>for those keys in its own database and if detected then the app would
>warn the user of possible infection? 
>If the former then doesn't that contradict "without a central database
>of user details or central processing of contacts" because the keys are
>mapped to a mobile phone number, et al, in the central database?
>If the latter then there is possibly more privacy but greater pressure
>on the mobile networks because of the broadband notifications? Maybe
>someone has had his or her phone switched off and by the time the
>notifications arrive those keys have been flushed out of the device's
>I can't see how this is any better than the COVIDSafe app except for:
>> the [Bluetooth] proximity detection
>>is built
>>into the kernel as a background task.
>My confusion obviously demonstrated. 
>>        cheers,
>>        Hugh Fisher
>>linux mailing list
>>linux at lists.samba.org

More information about the linux mailing list