Swiss1960 Posted June 8, 2020 Share Posted June 8, 2020 Dear Members: Some of you might have seen that there is a new function called "Covid-19 notifications" on your Android phone, or something similar on your iOS phone. There is a thread in the phone section of Thai Visa, but since I think that this might be of interest to all Members of ThaiVisa, I would like to post this information that I found on Swiss news: First and most important: This function does NOT track you! This function ONLY works together with a Covid-19 tracing app that you would need to download, i.e. provided from your government. And even then, it will not track you! Background: This function was developed by staff from the Swiss Federal Technical Universities ETH in Zurich and EPFL in Lausanne. They started the development out of fear for the data protection of government provided apps (big brothers) and provided a solution that does not expose your private information. How it works: This function does NOT use the location function of your phone, but bluetooth to communicate with phones near you that also have that functionality activated. ID's are exchanged (like very large numbers) and stored on your phone. Applications from your government, that agree to use the new functionality can then access those numbers and only those. IF somebody using the government app will inform the App that he is tested Covid-positive, then his trace numbers will be exposed to the app and your app will regularly check those numbers and inform you, whether you have been in close contact to that person (phone) and for how long and tell you to have a test. It will NOT give your information to anybody. This functionality on your phones was developed in Switzerland, tested and agreed upon by both Apple and Google and then delivered to all phones using Android or iOS. Nothing is or gets activated until you install an app provided by your Governments Health provider and agree to the use of the tracing functionality. Google and Apple announced this around April 10th. So here is the caveat: Every app that will use that technology will secure your privacy while giving you the peace of mind that you will get informed if you were in contact with a Covid-infected person. However the whole idea does NOT work if people don't use those apps and / or will not be honest once they are tested positive for the virus. I hope that this information is valuable for some members of this site and gives you a little bit peace of mind with regards to your data privacy. I certainly gave this peace of mind to me when I found that new functionality on my phone. 1 Link to comment Share on other sites More sharing options...
dave s Posted June 8, 2020 Share Posted June 8, 2020 59 minutes ago, Swiss1960 said: It will NOT give your information to anybody. So, you're claiming that there has never, ever, ever been a bug in any Android or IOS software, and there never, ever, ever will be. Because if that's not true, and hackers find and exploit that bug, which they are very good at, then any vestige of "privacy" immediately goes down the toilet. So, both Apple and Google have decided that they can secretly and silently trash people's phones without the "owner's" approval? "Trust us, we know much better than you what you want, and we'll do what we please with what you think is your property, but which we've decided that we really own." Gee, that gives them a lot of credibility, just inspires a ton of trust. If they had honestly and openly NOTIFIED people of the change, EXPLAINED why it was a good idea, and ASKED PERMISSION, then THAT might inspire confidence, and make people inclined to agree and comply. But appointing themselves high almighty gods will probably inspire a lot of anger, and thus non-compliance. Whatever happened to Google's founding maxim "Don't be evil"? The issue is NOT whether contact tracing is a good or a bad thing (when done correctly): the PROBLEM is Google's high handed assumption of godhood. I don't have any Bluetooth devices, and it can be a battery hog if used inadvertently, so it is turned off on my new phone. After much discussion and revision, the API that Google and Apple finally proposed uses short range Bluetooth exchanges between phones, of known or anonymous identifiers, recorded either locally or remotely, to SELECTIVELY recognize and record potential exposure to other possibly infected people (nominally within 2 meters distance and 15 minutes duration), because collecting too much data would give an impossibly large number of "contacts" to have to trace. But the first release of the ThaiChana "app", among many other problems, did NONE of the Google and Apple API design, and did little to improve upon the earlier web page system (which the daily government briefing repeatedly calls a "platform"). It didn't even speak English -- as such, it might be worth installing and never launching, waving the phone around wildly, and loudly yelling at the security guard "Cannot! Cannot! No hab passa Angrit!!!" Google and Apple have effectively declared war on the users of their operating systems. God help them if any hacker decides to fight back -- it only takes one person in the whole world with enough knowledge to create an exploit, and there's room in the protocol for quite a bit of chaos just in denial of service attacks. This article https:/www.bbc.com/news/technology-52355028 Coronavirus contact-tracing: World split between two types of app - BBC News has a simple explanation of the protocol feedback, discussion and evolution, plus a nice diagram of choices involved. 1 Link to comment Share on other sites More sharing options...
dave s Posted June 8, 2020 Share Posted June 8, 2020 The government announcer in this video https://www.youtube.com/watch?v=SslA-AAPnNU&list=PLezFsrqeLPRP_TuOHAgCgOerOe8iRDZip&index=3&t=0s Covid 19 Daily Briefing May 28, 2020 - YouTube speaks English well, and is quite consistent in calling the old ThaiChana web pages "the plaform", distinguished from calling the new one "the app". Note particularly: 2:20 And in the third phase it will be mandatory for business operators and establishments to use the ThaiChana platform as well as the consumers, the customers who visit the business establishment, to use the ThaiChana platform when entering the business establishment. 8:37 on the slide, 13 million people (about 1/3 of the customers) never check out 10:43 Now, the Ministry of Digital Economy has been developing the ThaiChana platform. The ThaiChana platform will simply of course continue to be used in terms of using the QR code reader and everything, but they have developed this further to have an alternative mode of using ThaiChana. So they are developing the ThaiChana application now for both Android and IOS systems to improve basically and fundamentally the user experience and effectiveness of contact tracing. And this will be fully operational in both modes, Android and IOS operating systems, very soon, most likely over the weekend. And the rational for upgrading into an app, as I mentioned before, the usual one, meaning the QR reader, is still possible to be used, you can use that of course, depends on which is more convenient, and aside from that platform the app is in addition to that. The rational for using the app is of course first to improve the user experience in checking in and checking out because the users do not have to have a screen to read the QR code, they can just press Check In / Check Out on a button on that application. Secondly, it does not infringe the user's privacy. It also resolves the issue of fake telephone numbers, as users will be notified with a One Time Password OTP to verify the number used, for that application. And if a case of Covid is found, they will be notified via the application itself as well. And if you forget to check out of this establishment, the application provides / facilities the easy checking out of the establishment once you already leave the establishment. So if you go home and forget to check out of three department stores and two restaurants, you can actually do that through the ThaiChana application, which will be available to be of use very soon, most likely over this weekend. So everyone is encouraged to use ThaiChana, either the platform or the application, so that they can be promptly notified of the positive cases. 16:50 How does contact tracing using ThaiChana work if a case of Covid positive is found? How will registered users be informed of the case? How will they be given the test free of charge? As I mentioned, the platform, and soon the application, serves to alert all stakeholders, owners of businesses, the customers. If the confirmed case is found the platform enables the officials of the disease control department as well to trace the movements of infected person, and they will be able to contact people who were in the same venue at the same time as the infected person through the contact number registered and the information on the platform and these people who will be those who are alerted of an infection will be elligible to receive Covid testing free of charge in designated hospitals. Link to comment Share on other sites More sharing options...
dave s Posted June 8, 2020 Share Posted June 8, 2020 2 hours ago, Swiss1960 said: This functionality on your phones was developed in Switzerland, tested and agreed upon by both Apple and Google and then delivered to all phones using Android or iOS. Nothing is or gets activated until you install an app provided by your Governments Health provider and agree to the use of the tracing functionality. Oh, but the announcer in the video said repeatedly that you will have no choice, you must install and use the "platform" or the app (note that he repeatedly says that you may use either one, but he never once mentions the sign-up clipboard -- so is that going to go away?!?). My own experience with the government decree has been that Monday last week I went to many stores all day in Central Festival, had my temperature taken at all of them (from 32 to 44 degrees Centigrade, not challenged or questioned at any), never even glanced at the QR code picture or the clipboard, and was not questioned at all. And the same this afternoon at Big C, Western Union and KFC. Link to comment Share on other sites More sharing options...
Don Mega Posted June 8, 2020 Share Posted June 8, 2020 (edited) Ive not seen a new "Covid-19 notifications" on my android phone, or an old one either. Edited June 8, 2020 by Don Mega Link to comment Share on other sites More sharing options...
Swiss1960 Posted June 8, 2020 Author Share Posted June 8, 2020 21 minutes ago, dave s said: So, you're claiming that there has never, ever, ever been a bug in any Android or IOS software, and there never, ever, ever will be. Because if that's not true, and hackers find and exploit that bug, which they are very good at, then any vestige of "privacy" immediately goes down the toilet. So, both Apple and Google have decided that they can secretly and silently trash people's phones without the "owner's" approval? "Trust us, we know much better than you what you want, and we'll do what we please with what you think is your property, but which we've decided that we really own." Gee, that gives them a lot of credibility, just inspires a ton of trust. If they had honestly and openly NOTIFIED people of the change, EXPLAINED why it was a good idea, and ASKED PERMISSION, then THAT might inspire confidence, and make people inclined to agree and comply. But appointing themselves high almighty gods will probably inspire a lot of anger, and thus non-compliance. Whatever happened to Google's founding maxim "Don't be evil"? The issue is NOT whether contact tracing is a good or a bad thing (when done correctly): the PROBLEM is Google's high handed assumption of godhood. I don't have any Bluetooth devices, and it can be a battery hog if used inadvertently, so it is turned off on my new phone. After much discussion and revision, the API that Google and Apple finally proposed uses short range Bluetooth exchanges between phones, of known or anonymous identifiers, recorded either locally or remotely, to SELECTIVELY recognize and record potential exposure to other possibly infected people (nominally within 2 meters distance and 15 minutes duration), because collecting too much data would give an impossibly large number of "contacts" to have to trace. But the first release of the ThaiChana "app", among many other problems, did NONE of the Google and Apple API design, and did little to improve upon the earlier web page system (which the daily government briefing repeatedly calls a "platform"). It didn't even speak English -- as such, it might be worth installing and never launching, waving the phone around wildly, and loudly yelling at the security guard "Cannot! Cannot! No hab passa Angrit!!!" Google and Apple have effectively declared war on the users of their operating systems. God help them if any hacker decides to fight back -- it only takes one person in the whole world with enough knowledge to create an exploit, and there's room in the protocol for quite a bit of chaos just in denial of service attacks. This article https:/www.bbc.com/news/technology-52355028 Coronavirus contact-tracing: World split between two types of app - BBC News has a simple explanation of the protocol feedback, discussion and evolution, plus a nice diagram of choices involved. Hello dave s, thank your for your comments. First to the ThaiChana "platform"... something completely different from what I talk about, so please don't confuse people and compare apples with beef. There is no need to use this QR-code based "platform", you can put a telephone number on the piece of paper. Second, I am giving information to people who would like to know where that new Covid functionality on their phones came from. It is btw not an app, it is an API (application programming interface) that can be used by apps. As such I am 100% correct that this API does NOT give out ANY data, as it is inactive without an associated app using it. Third, hackers are everywhere and every app can be hacked. BUT I rather have an app being hacked that is based on an interface that is not having and using any private information but rather anonymous numbers than trusting government apps that are notoriously weak, untested, and in many cases collection information that they would not need. I trust a Google, Apple and Swiss Technical Universities approved API 100 times more than any individual government app. Even the Swiss data protection office - who previsously trashed the Swiss Governement centralized app - approved of the decentralized approach of the API. Fourth: Yes, Google and Apple could have done a better job informing people about the new API, but they did not do it in secret, both companies announced the launch of the API on their official Twitter accounts with millions of followers... that is not very secret now, is it? However, this is not a war on any user. Do you know that there are dozends upon dozends of API's on your phone that apps can use to access your camera, contacts, pictures, texts etc etc and neither Google nor Apple EVERY informed you that those interfaces are there to be used by the apps they sell on their stores? Finally and fifth: If your Android or iOS phone is hacked on the OS level - where the API hooks on - then the information from the API - individual numbers without any location information - will be the least of your problems.. Are you using any banking applications either on your phone or computer? Are you paying lazada from your phone with your credit card? That is where you should worry about, not this API. And as in number 4, if the OS level is hacked, EVERY API will be accessible to EVERY bit of data on your phone. Link to comment Share on other sites More sharing options...
Swiss1960 Posted June 8, 2020 Author Share Posted June 8, 2020 7 minutes ago, dave s said: Oh, but the announcer in the video said repeatedly that you will have no choice, you must install and use the "platform" or the app (note that he repeatedly says that you may use either one, but he never once mentions the sign-up clipboard -- so is that going to go away?!?). My own experience with the government decree has been that Monday last week I went to many stores all day in Central Festival, had my temperature taken at all of them (from 32 to 44 degrees Centigrade, not challenged or questioned at any), never even glanced at the QR code picture or the clipboard, and was not questioned at all. And the same this afternoon at Big C, Western Union and KFC. Once more: You compare apples (the Covid function I explained in my post) with whatever not fruity... and you compare Thai developed and maintaned functionality with Thai data "protection" with an API developed and agreed upon the European GDPR (European Data Protection Law) - which is a law even the Americans are afraid of... Link to comment Share on other sites More sharing options...
Swiss1960 Posted June 8, 2020 Author Share Posted June 8, 2020 8 minutes ago, Don Mega said: Ive not seen a new "Covid-19 notifications" on my android phone, or an old one either. I do not know of course how this new functionality was rolled out and when and on which versions or even, if the rollout is completed.. but if you go to your phones Settings and search for "Covid", then either you see a "COVID-19 exposure notification" or nothing.. in which case yes, you do not have this new functionality. Do you allow your phone to automatically update apps and operating systems or are you doing this manually only? Then you might not have it based on missing updates Link to comment Share on other sites More sharing options...
Don Mega Posted June 8, 2020 Share Posted June 8, 2020 (edited) 3 minutes ago, Swiss1960 said: I do not know of course how this new functionality was rolled out and when and on which versions or even, if the rollout is completed.. but if you go to your phones Settings and search for "Covid", then either you see a "COVID-19 exposure notification" or nothing.. in which case yes, you do not have this new functionality. Do you allow your phone to automatically update apps and operating systems or are you doing this manually only? Then you might not have it based on missing updates Yeah it aint there, phoneis on auto update did an an Android 10 update a few days ago. If it does install can it be easily removed ? Might have to change phone settings to manual update. Edited June 8, 2020 by Don Mega Link to comment Share on other sites More sharing options...
Swiss1960 Posted June 8, 2020 Author Share Posted June 8, 2020 2 minutes ago, Don Mega said: Yeah it aint there, phoneis on auto update did an an Android 10 update a few days ago. If it does install can it be easily removed ? Might have to change phone settings to manual update. No, you can not remove an API (application programming interface), that is part of the basic Android operating system. What you do is NOT install any tracing apps your government asks you to install, then the API is just a piece of unused code on your phone and nothing to worry about. Google and Apple do not tell you to install an App, they only offer the API interface for Governments to develop their own app. Some governments will do that, others will develop something completely different and independent from the android/iOS API. Link to comment Share on other sites More sharing options...
Swiss1960 Posted June 8, 2020 Author Share Posted June 8, 2020 (edited) 12 minutes ago, Don Mega said: Yeah it aint there, phoneis on auto update did an an Android 10 update a few days ago. If it does install can it be easily removed ? Might have to change phone settings to manual update. Another question: How many Apps do you have on your phone? How many times in the past have you given your phone number or email or google account or facebook information to apps to login? How many times in the past have you pressed "yes yes yes yes yes" when a new app asked about access to your contacts, texts, files, pictures, camera, even making calls etc... and you never worried about those? Now there is an API that does nothing and it worries you suddenly. Your worries should start when your government MANDATES the use of a tracing app and THEN you have to see what kind of permissions your governments app will ask for... the API does not need any information about you. Edit: I would actually also want to ask the same question to @dave s Edited June 8, 2020 by Swiss1960 Link to comment Share on other sites More sharing options...
Swiss1960 Posted June 8, 2020 Author Share Posted June 8, 2020 23 minutes ago, Don Mega said: Might have to change phone settings to manual update. About this: NOT installing updates for your OS means that you might miss security patches to protect your phone... And THAT should scare you, not this new API which -again - is useless without an app from your government. Link to comment Share on other sites More sharing options...
Don Mega Posted June 9, 2020 Share Posted June 9, 2020 1 hour ago, Swiss1960 said: Another question: How many Apps do you have on your phone? How many times in the past have you given your phone number or email or google account or facebook information to apps to login? How many times in the past have you pressed "yes yes yes yes yes" when a new app asked about access to your contacts, texts, files, pictures, camera, even making calls etc... and you never worried about those? Now there is an API that does nothing and it worries you suddenly. Your worries should start when your government MANDATES the use of a tracing app and THEN you have to see what kind of permissions your governments app will ask for... the API does not need any information about you. Edit: I would actually also want to ask the same question to @dave s Q: How many Apps do you have on your phone? A: Only what ever comes with the phone Q: How many times in the past have you given your phone number or email or google account or facebook information to apps to login? A: Never Q: How many times in the past have you pressed "yes yes yes yes yes" when a new app asked about access to your contacts, texts, files, pictures, camera, even making calls etc... A: Ive Never allowed access. Now there is an API that does nothing and it worries you suddenly. Your worries should start when your government MANDATES the use of a tracing app and THEN you have to see what kind of permissions your governments app will ask for... the API does not need any information about you. Ok, when the Thai government does that I will go back to using my Nokia 3310. Link to comment Share on other sites More sharing options...
dave s Posted June 9, 2020 Share Posted June 9, 2020 1 hour ago, Swiss1960 said: I do not know of course how this new functionality was rolled out and when and on which versions or even, if the rollout is completed.. but if you go to your phones Settings and search for "Covid", then either you see a "COVID-19 exposure notification" or nothing.. in which case yes, you do not have this new functionality. Do you allow your phone to automatically update apps and operating systems or are you doing this manually only? Then you might not have it based on missing updates The link https://forum.thaivisa.com/topic/1167361-android-covid-19-exposure-notificaation-already-on-your-phone/?do=findComment&comment=15499223 points to another discussion in TVF on this subject. I have posted pictures of what the installed Covid update looks like. Link to comment Share on other sites More sharing options...
Swiss1960 Posted June 9, 2020 Author Share Posted June 9, 2020 35 minutes ago, dave s said: The link https://forum.thaivisa.com/topic/1167361-android-covid-19-exposure-notificaation-already-on-your-phone/?do=findComment&comment=15499223 points to another discussion in TVF on this subject. I have posted pictures of what the installed Covid update looks like. As far as I know, the new API came with then May Update for most phones, but that depends of course on the phone manufacturer also. Going back to a previous version of your OS will only do one thing: It will expose you to ALL currently know security vulnerabilities on your phones OS and manufacturer apps, there were around 40 security fixes delivered by Samsung in the April 2020 update. The Covid-19 API will be the least of our problems.. and since Android and iOS both have it, what is your alternative? The new Huawei with the Chinese OS full of tracking software? again about security... here is the website Google set up for this API: https://www.google.com/covid19/exposurenotifications/ You find ALL the Open Source informations, including cryptograhy, bluetooth etc. NOTHING secret, everything fully transparent. Again, communication for the roll-out was not good, there I agree. Link to comment Share on other sites More sharing options...
Swiss1960 Posted June 9, 2020 Author Share Posted June 9, 2020 1 hour ago, Don Mega said: Q: How many Apps do you have on your phone? A: Only what ever comes with the phone Q: How many times in the past have you given your phone number or email or google account or facebook information to apps to login? A: Never Q: How many times in the past have you pressed "yes yes yes yes yes" when a new app asked about access to your contacts, texts, files, pictures, camera, even making calls etc... A: Ive Never allowed access. Now there is an API that does nothing and it worries you suddenly. Your worries should start when your government MANDATES the use of a tracing app and THEN you have to see what kind of permissions your governments app will ask for... the API does not need any information about you. Ok, when the Thai government does that I will go back to using my Nokia 3310. So based on above, you have around 50-100 Apps on your phone from Android, Google and your phone manufacturer. All of which have access to the data on your phone. Minimum you have a phone app, a foto app, a contact app, google play, probably a mail app (gmail or outlook?), all of which have access to the data on your phone by default. You have agreed to those through accepting the Terms of Use. Are you using google maps? Are you sure you have turned off ALL location history? Just one basic question most people do not think about Link to comment Share on other sites More sharing options...
Don Mega Posted June 9, 2020 Share Posted June 9, 2020 2 hours ago, Swiss1960 said: So based on above, you have around 50-100 Apps on your phone from Android, Google and your phone manufacturer. All of which have access to the data on your phone. Minimum you have a phone app, a foto app, a contact app, google play, probably a mail app (gmail or outlook?), all of which have access to the data on your phone by default. You have agreed to those through accepting the Terms of Use. Are you using google maps? Are you sure you have turned off ALL location history? Just one basic question most people do not think about A quick count tells me there is 45 apps in total. Yes a phone, photo, contact app. Probably a mail app and google play too but Ive never used either. don't use google maps and location is turned off along with bluetooth and internet, Bluetooth is turned on when Iam in the car so I can listen to music but turned off again outside of the car. Link to comment Share on other sites More sharing options...
Bender Rodriguez Posted June 9, 2020 Share Posted June 9, 2020 if you believe tech news, the latest IPHONE update has automatic tracking in its core and not possible to disable it, than you APPLE Link to comment Share on other sites More sharing options...
Max69xl Posted June 9, 2020 Share Posted June 9, 2020 13 hours ago, Don Mega said: Ive not seen a new "Covid-19 notifications" on my android phone, or an old one either. It's in Settings under Google. It's just a Notification Service and nothing else. Don't believe what paranoid people posts here. The service has nothing to do with any Thai apps or platforms online. Link to comment Share on other sites More sharing options...
timkeen08 Posted June 10, 2020 Share Posted June 10, 2020 My wife does not use her phone to sign in. If asked, she says (in Thai), old phone no reader. If they tell her she can use Line she says old phone old Line. We go directly to sign in but now she motions me away and says (in english) no no I take care, you no take care. The staff just look up at me standing aside smiling. She just signs herself in and the same for signing out. Works for me. Usually, after the temp check and hand sanitizer the staff just motion people towards the sign in. Most walk past the code anyway and very few use it. But we are upcountry in Isaan across the river from Vientiane. My wife refuses to buy a new phone or even an SD card. No WIFI service and just borrows my WIFI if there's none available. Very frugal except for when it comes to me. Link to comment Share on other sites More sharing options...
Bender Rodriguez Posted June 10, 2020 Share Posted June 10, 2020 you always have smart a..... that think they know better than all the rest, even without info https://www.google.com/search?q=Apple+iOS+13.5+Is+Ready+For+Covid-19+Contact+Tracing Link to comment Share on other sites More sharing options...
connda Posted June 10, 2020 Share Posted June 10, 2020 On 6/9/2020 at 2:43 AM, Swiss1960 said: So here is the caveat: Every app that will use that technology will secure your privacy while giving you the peace of mind that you will get informed if you were in contact with a Covid-infected person. Of course it will... Link to comment Share on other sites More sharing options...
.png.3b3332cc2256ad0edbc2fe9404feeef0.png)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now