> First, in May, both companies will release APIs that enable interoperability between Android and iOS devices using apps from public health authorities. These official apps will be available for users to download via their respective app stores.
On iOS, entitlements?
The nefarious ad actor can do far more with the existing stack.
The thing created here is a standard BLE characteristic that says I’M PERSON X and your phone is always looking for PEOPLE and recording when it sees them... then uploading that to Google and Apple.
You can decide for yourself if a contact recording system could ever be abused.
So now this nightmare is going to give historical tracking data to government entities without warrants forever.
And Barr is going to get encryption backdoors with his theater.
How about just making a test that costs a few cents in million quantities that you can take at home. It won't be the last time we need that tech for a virus.
If we as a society agree to ubiquitous, mandatory location tracking and a complete suspension of the right to assembly in response to this virus then we never deserved a democracy in the first place.
Why add a technological fig-leaf to what is by now a deplorable privacy situation? Just roll with it, change whatever laws need to be changed, and be done with it. The data collection capabilities already exist to do contact tracing, it seems.
- Did contact tracing apps really save anything in singapore/taiwan/israel?
- Is sweden really doing that bad without this kind of surveillance?
- What is tracing going to help anyway? it will warn people to go to the hospital early ? To do what? there is no cure and they 'd better stay away from infection nests like hospitals anyway. It's not like people don't get symptoms days before they need hospitalization
- Is tracing really going to be workable? this is a highly infectious virus, and people networks have very short path length, which means that, without social distancing, 100% of the people will get notified that they might have been infected in any day
- This data does not need to reach anyone's servers. Infected people could just publicly and anonymously upload their location in a public server for other users to crosscheck. The less data are hidden behind walls, the less chance of abuse.
Even if tracing might slow down the curve, this slowdown shouldnt last forever and it should be targetted, not anonymous. It is important that the spread speeds up in the parts of the population that carry less risk (children, women). There is really no good way to do that other than specific , local measures of SD.
It would be very different if these phones had a thermometer, but i think some regulator removed them.
In order for contact tracing to work as advertised, each person's device has to keep a log of daily ids that they contacted that has a TTL of at least a few weeks. That means that whenever a law breaker gets arrested, law enforcement would be able to confiscate their device and be able to construct a list of everyone that they've been in contact with in the last few weeks.
Furthermore, it's not the same as a phone's location implicating you in a crime. It's a persistent log of your in-person social network that can be reverse engineered every time you get arrested or go through customs at the airport.
Is there a plan to verify test results? Are public health authorities in small countries/regions expected to build and maintain an app and a server from scratch?
http://jan-sampark.nic.in/campaigns/2020/04-Apr/Arogya/index...
For contact tracing to have an impact at all, we need a quite large percentage of the population to use one of these apps. Even if 60% of the population had some kind of app installed and this app worked properly, we would still only detect just 36% of all new infections, since both parties (infected person and person to be infected) need to use the app. There is a significant portion of the population that does not want to or cannot use such an app, e.g. the elderly, kids too young to have their own smartphone, people with certain disabilities, people that can't carry their phone with them all the time (e.g. while doing sports / working) etc. This population can still be relevant in spreading the virus - for instance, when loosening lockdowns, young children attending kindergarten / school can bridge the gap between families.
Moreover, even among those that own a smartphone and that want to use the app, I just can't see it all work flawlessly. Outside of the tech bubble, I see many people with older Android / iOS versions that don't receive updates (which might be crucial for contact tracing to function without having to keep the app open at all times) or people simply failing to install updates. We also don't want the app to be too sensitive (an infected person that happens to be at the opposite end of the same subway car shouldn't trigger quarantine for you), but also not too insensitive (people might put their phone in handbags or attenuate BLE radio waves with their body).
I think that these problems could be solved by offering something like a standalone Bluetooth bracelet, compatible with whatever App becomes the standard. It should be possible to mass-produce these relatively cheaply (<5$, which a BLE beacon currently costs). They would use a Bluetooth chip with know characteristics and are worn at a defined location (wrist), so it's going to be much easier to correctly tune their sensitivity. The time-to-market will of course be longer than that of a potential app, but it currently seems like we're going to have to live with the virus for a couple of months to come.
The only technical problem I see is that the physical bracelet would need to receive a (trusted) "list of infected IDs" somehow. Maybe a mesh network of bracelets with smartphones as information providers could work? Maybe bracelets could connect to public WiFi? Or maybe we could leverage some existing low-tech data broadcast infrastructure such as RBDS/RDS (Radio Data System)?
Google could do a similar thing via a Google Play Services update (or, you know, use this as the kick-in-the-pants to get manufacturers to start updating Android to protect the public from COVID-19).
First of all how reliable this technology will be since its results will or can be used in courts.
Secondly how contact tracing logs will be secured since they can be stolen or sniffed in a real time.
I didn't read technology documentation drafts and I used Bluetooth last time on old generation of phones way before smart phones and I'm interested for how long this tracing sessions will last since you can map devices that have turned on bluetooth in any given area(Tran stations,libraries etc.) You can do something similar to Wardriving (en.wikipedia.org/wiki/Wardriving).
What it looks like it's application framework based on system service I hope they won't start advertising ios bluetooth all the time and only allow application to do it. In that case application can be safely removed.
I am also concerned about cloud Diagnosis_Keys
All it does is store the RPIs it sees, downloads diagnosis keys, and checks whether any of the RPIs it has stored “belongs” to one of the diagnosis keys it has downloaded.
for context, roughly 8000 people die per day in the US. the virus has killed 2 days worth of people in the US in the 80 days of known infection, and probably ~100 days of undiagnosed infection. so covid has killed 2% of the expected number of dead. it's serious, but it's not the black plague, or even the 1918 flu. and we're already seeing transmissions curb.
the virus overwhelmingly infects others in close and closed proximity with a lot of cross-breathing going on. random airborne infections or surface infections are likely small, certainly less than 10%, probably less than 1% of infections.
so, you don't need to social distance outside unless the other person is actively coughing/sneezing (or maybe singing/talking extra forcefully) in your direction within 6 feet. you don't need a mask unless you are in close proximity (less than 6 feet) to random other people for more than a couple minutes at a time. grocery clerks, and other service workers in close proximity to strangers, on the other hand, should wear non-n95 masks (but probably not gloves) during work. same with those who are often near folks with comorbidities like age, auto-immune disease, diabetes, etc. medical providers should wear n95 masks, gloves, gowns, and take many other precautions that make no sense for the general public. you are not lowering your risks in any percepitble way by doing so. allay your anxieties with those basics, rather than looking to buy more toilet paper. it's enough, really.
the overwhelmingly most effective way to prevent transmission is to not breath in a sick person's exhaust. that's it. that's all we need to do. and yes, we don't know everyone who's carrying the virus, so it makes sense to reasonably physically distance in enclosed places like grocery stores. but not more than that as you've already reduced risk to background noise with these basic distancing rules.
contact tracing only makes sense when groups of strangers come into close proximity. it doesn't need to track every single person you brush past on the street. so for instance, you could just provide "contact tracing" with beacons in stores rather than always-on phone tracing.
let's not lose our heads, and our rights, over this.
That apple's involved in this is hopeful -- their earlier work on anonymizing Maps.app directions is well worth thinking about here. tl;dr your route is broken up into n chunks, each chunk gets a uuid that isn't tied to your handset, and so serverside nobody knows where Bob's Iphone just asked to go. [0]
Doing this kind of "differential privacy" or whatever we want to call it today properly is very hard, but it is also very, very important to get right.
[0] https://www.idownloadblog.com/2019/03/13/apple-maps-navigati...
https://twitter.com/MikaelThalen/status/1243281598037913600
Look how fancy the UI is!
I am generally someone that takes privacy very seriously, I mostly avoid Google products and others for this reason.
But... this may be a time that the privacy concerns are worth loosening a bit for the good of this. But that comes with the caveat that I hope this is disabled when this is all done, and preferably the code removed completely. I trust Apple to do this, not sure if I would trust google too.
Any right you're willing to give up now, you've demonstrated a willingness to give up. You won't get it back. Either it'll remain lost forever, or it'll be used as evidence for a future proposal to take it away permanently (rhetoric: you agreed to it for X, and clearly any person who isn't morally bankrupt values Y over merely X; you're not morally bankrupt are you? And the need for Y will never go away...).
By all means, let's carefully give people tools to supplement their memory, to help people voluntarily notify others who need to be tested. Let's not, however, make that information available to anyone other than the owner of the device.
Also we're all going to continue to be "allowed" to turn off bluetooth to save on battery right? (Spoiler: no, the system only works if it's bluetooth on all the time for everyone no exceptions even though bluetooth is absolute low quality poorly engineered garbage as a technology.)
And those of us who are brainless and perfectly compliant sheeple obeying everything the government and media tells us without questioning or rational thought will be allowed to keep our old cell phones with the previous obsolete bluetooth standards correct and not be forced to buy a very expensive brand new phone we don't really need and can't afford, even though that severely damages the ability of the powers that be to mitigate the latest crisis they have intentionally created, right? (Ha ha ha.)
Close contact detection and alerts at the mobile OS level
We need to get better and faster at stopping the spread of infectious diseases. Covid is already catastrophic. Next time R could be 5, and mortality could be 5, 10 or 20%.
I believe we can use mobile technology to track close contact between individuals, and alert at-risk individuals to potential infections. I believe this could drastically reduce R and the impact of infections diseases could be substantially mitigated. Simulations should be able to determine the effective reduction of R.
Apple and Google should work together to implement a worldwide close contact logging framework. It will use bluetooth to track close contact encounters. The architecture will be anonymised and encrypted to make it somewhat privacy centric.
Obviously privacy zealots will make noises, but to save millions of lives and economic disaster the general population could be convinced it's acceptable.
iOS and Android should have an always-on bluetooth scanner that logs the bluetooth ID of nearby devices. If a device stays nearby for a certain amount of time, a close contact is triggered. The severity of the close contact is determined by the amount of time the devices were close together for, and other bluetooth data. This is anonymised, encrypted and logged.
When an individual is diagnosed with an infectious disease, they activate a feature in their phone which displays a QR code. The health professional has an app that scans the QR code. The health professional will enter details about the disease, and how far into the past the person was estimated to be contagious.
Alternatively if the individual hasn't been tested or is unable to reach a health professional, they can answer a set of questions about their symptoms that will determine how likely they are to be infected. Obviously this method of self diagnosis is less reliable so the framework will take this into account when deciding who to deliver alerts to.
The system alerts people that have had close contact with the infected individual, giving advice about local testing centers or self quarantine. The system will be tuned to only notify the more severe close contacts as needed. Data about available local testing capacity could be used to further refine this tuning.
Problems:
* Privacy: how to make the data private / anonymous. Communication: how to convince the public that their data is private / anonymous?
* Power: Bluetooth on all the time - battery drain?
* Health professionals: how to make sure only health professionals can use the alert app, but also deploy worldwide without delays.
* Deployment: how to get this system onto all Android phones with such a fragmented ecosystem.
* Detection: how to most effectively determine infection risk from available bluetooth data.
* Tuning: too many alerts for low risk encounters and people will ignore them - tuning is needed.
I doubt this is an issue anymore for modern devices. Things like smartwatches connect via Bluetooth but still manage to keep the phone’s almost-all-day battery life.
Every single authoritarian regime is salivating over something like this.
The part of this comment that actually addresses contact tracing proposes a method (beacons in stores that would have to rely on fixed identifiers, known geolocation, and central storage) that would not only be worse for privacy than what is proposed here, it is also the likely outcome without employing a technique that at least considers privacy concerns.
The other paragraphs read like a compilation of Facebook-based science, where not simply factually incorrect, all points made are debatable and by no means as clear as you make it out to be.
This is a opt-in API and a technical protocol specification which we can discuss on technical grounds. Nothing proposed and discussed here even affects data leaving the end user device, or your rights for that manner, yet.
each device would record beacons (which could be fixed, active bluetooth devices rather than just passive beacons) on entry and exit for relevant locations (like grocery stores). you'd tell your device when you got symptoms and give permission to upload the relevant location/time pairs (but no personal id) in the last N days to a research database (not hosted by google, amazon, ibm, and the like).
with user permission, other devices would subscribe to such data for a given region(s), which would be downloaded periodically to the device. the device wouldthen determins if you've had any crossings with known location/time pairs and alert the user.
no need to share extraneous personally identifying info with giant third-parties and potentially with (hidden) state actors. this cuts apple and google out of the data collection game, especially from making it part of the underlying OS, which is particularly dangerous.
The problem is, what's the better option right now. Clearly the measures that are being taken are not actually working, people are still being infected and the ability to track the person you happen to walk past or stand next to waiting for your pickup.
I am conflicted about this... but as of right now I also feel like its necessary.
Can anyone think of a recent situation where the UK government has given back a power it has temporarily taken? This is a genuine question - I cannot. The closest was a stand taken by David Davis against 90-day detention without charge during the Blair administration (though he has since proved rather more illiberal than this position would suggest).
In the UK at least, while it might not _have_ to work that way, in practice it does.
An involuntary mechanism for contact or location tracing that's accessible to governmental authorities without the consent of the user is a civil rights violation, whether it's being actively used at the moment or not.
The American public exercised their power to elect politicians who'd end the draft as the Vietnam War got progressively more unpopular. It's well within our powers, if we care enough.
This way the government could not identify individuals, and individuals would be in control.
This is something covert, like secret courts, unconstitutional data collection, manipulating the stock market for the 1%.
You won't get people to care once a new, barely visible leash is entrenched.
Public opposition ended the Vietnam War and the draft. It would be political suicide to reactivate it barring a full-scale world war.
I was expecting that people would organize around git repos - but no, just one of the many COVID tracing initiatives published their code.
It is https://github.com/tripleblindmarket/covid-safe-paths by the way.
Other than that many, in fact most of those I know to be active, tracing efforts are pretty open, the one you linked is definitely not the only one that currently publishes their source or plans to do so in the near future. There's even been others in this thread.
https://docs.google.com/document/d/16Kh4_Q_tmyRh0-v452wiul9o...
This is my summary of how I interpreted it works:
- A [Tracing Key] is stored locally in every device.
- A [Rolling Key] gets regenerated every day based on the [Tracing Key]
- A [Proximity Identifier] gets regenerated every 15 minutes and broadcasted to other bluetooth devices.
- The Contact Tracing Bluetooth Specification does not require the user’s location; any use of location is completely optional to the schema.
- Other devices save the [Proximity Identifier] locally.
- History is stored for a couple of weeks
Some questions about how I interpreted the rest:
- The device wakes up once a day and downloads the list of identifiers that have been known/reported to have COVID. It compares on device that you are on that list. Q: Wouldn't this list be insanely long? More so if it doesn't have any concept of location?
- If you have COVID-19, you can report to the servers that you were found to have it. Your rolling identifiers gets uploaded to the "cloud server". Q: Which "cloud server"? Whose cloud server?
Any clarifications are strongly welcomed :)
- If diagnosed with COVID-19, users consent to sharing Diagnosis Keys with the server.
I don't think such a list would be that long:
1. It's not unreasonable to have some approximate concept of location (e.g. "New York City and surroundings")
2. A contract tracing app is only useful when the number of new infections is low enough, such that all possible contacts can be tested.
3. For a tracing key 32 bytes would suffice. Even for 15,000 relevant infections you're only looking at 0.5 MB of data.
Also, not sure you can limit to surroundings just yet... people are still moving too much.
Apple/Google are providing the API to public health systems who would write an app that uses the API. So your city/county/state would distribute an app used by people who live there. The server would be owned by the entity that wrote the app.
I'd love any feedback on this simple proposal for a way to enable individuals to contribute their Google location history data to health care organizations: http://covidcontacttracing.com.
This uses public Google APIs and Google Takeout to get raw gps data and inferred semantic locations from Google to COVID-19 response organizations. I've got a prototype that's essentially ready to deploy if anyone has suggestions for potential partners.
I think the Google/Apple proposal is very promising, but I don't see any reason not to also put existing data to work on this problem.
I don't see how this can work unless it gets very high distribution. I wonder if local governments might do something where the shelter-in-place orders are lifted for some categories of people conditional on running the app?
To get to 0 you need very high participation.
Even modest adoption will have some impact on the rate of spread.
(If 20% of people adopt it, you’d catch only 4% of contacts).
Tangentially related - Singapore plans to open source their app. There's a few details about how it works here:
https://www.theregister.co.uk/2020/03/26/singapore_tracetoge...
Also interesting to read some of the reviews of the app here:
https://play.google.com/store/apps/details?id=sg.gov.tech.bl...
https://github.com/opentrace-community/
Interesting in the Android version they request ACCESS_FINE_LOCATION (i.e., access to GPS) instead of ACCESS_COURSE_LOCATION (i.e., access to BLE). They have also include Firebase analytics (which captures city-level location data) into the app as well.
If you have one app per country, you could have the "diagnosis servers" of all the countries federate and exchange data, but in the end it's easier and more effective to have 1 official open-source app from say the WHO.
TCN Coalition is an umbrella group for open source projects who have agreed on a common protocol, which Apple and Google are also following fairly closely. I am one of the developers for CoEpi, a member of the TCN Coalition.
Great!
Not sure how ubiquitous it is. Nevertheless, given that Android is 90 percent of the market in India, may be this can help overcome the iPhone OS-level constraints that makes it necessary for both platforms to work together in markets like the US.
I wonder why this design decision was made. The risk assessment will change and the apps done by health organization have the expertise on that subject and shall do the assessment and not the CT framework. It will require an update of the OS to get latest findings published.
Privacy and other technical decisions are sound and legit.
Has somebody some background information on the reasoning driving that design decision?
If this does really work, it could trace millions of people and give this pandemic some sort of order. Identify hotspots and show a heat map of spread.
Definitely a step in the right direction, hopefully it's executed well too. I'm pretty sure Microsoft be jealous they didn't win the Mobile OS market.
I suspect they will try to join whatever data is present in your "I'm infected" report (at least IP, idk if there will be other stuff. advertiser id?) with their other databases, using trolls as a justification.
Please do not fuck this up.
The tl;dr is that without a huge, nigh-omniscient program to trace individual cases, we have no choice but to go on and off Covid lockdown for a year or more, with potentially devastating economic consequences.
Having Apple and Google develop a built-in tracing program to their phones with firm privacy guarantees is not good, but it might be the least-bad solution we have right now.
This may be right, but how will said vendors "force it" on users? A system update? That still takes voluntary cooperation.
"A tech-savvy adversary could reidentify identifiers of infected people that they have been physically close to in the past by
i) actively modifying the app to record more specific identifier data and
ii) collecting extra information about identities through additional means, such as a surveillance camera to record and identify the individuals. This would generally be illegal, would be spatially limited, and high effort."
If I read this correctly, this means that a government could collect identifier data on a per-location basis and later link this to someone's identity (for example with cameras or by tracking the IP address of uploaded identifiers).
Unfortunately I can think of quite a few entities (e.g. governments) who are not too worried about doing high effort, spatially limited things in order to track people's locations. Saying that this is "illegal" (which is probably not even true in all countries) does not give me confidence it wouldn't happen either.
[1] https://github.com/DP-3T/documents/raw/master/DP3T%20-%20Sim...
While it does not directly encode position, with sufficient large network of bluetooth trackers on key places (like mass transit stations) one can be tracked sufficiently well by that.
There's obviously a question of what you should do when you find out you have been in contact, and that will differ depending on the stage. We probably want to be in a position where everyone who has come into contact with an infected person can get a test asap and if necessary then go into full isolation, not just going out less.
It’s quite obvious that more intrusive measures (lockdowns) are needed now, but what do you do once they’ve Had their effect? You can’t just abolish all measures, as you’d be back to square one. That’s where this comes in handy.
> You'd have to be naive and short-sighted to accept their pinky-promise of privacy-first in this context.
Or, more constructively, you could examine the spec and see whether it’s privacy preserving as promised, and ensure that the deployed software confirms to the spec. How about that?
Or less intrusive measures. We should shelter in place the vulnerable and let everyone else out like Sweden, and this will sort itself out amicably in a few weeks. Leaving the entire population with lasting immunity, preventing any chance of resurgence. [1]
[1] https://www.forbes.com/sites/jamesasquith/2020/04/04/no-lock...
(Iceland's outbreak is at about the same infection rate as the Bay Area if you estimate with hospitalizations/deaths. Daegu was significantly worse than the Bay Area per capita).
https://www.theatlantic.com/ideas/archive/2020/04/contact-tr...
> Let’s start with China, where citizens in hundreds of cities have been required to download cellphone software that broadcasts their location to several authorities, including the local police. The app combines geotracking with other data, such as travel bookings, to designate citizens with color codes ranging from green (low risk) to red (high risk). High-risk individuals can be banned from apartment complexes, offices, and even grocery stores. Many human-rights advocates fear that what has been rolled out as a public-health app is moonlighting as a tool of government espionage and mass discrimination.
> Next, let’s look at South Korea, a democracy that has arguably been more successful than any other in containing the spread of the virus. The government uses several sources, such as cellphone-location data, CCTV, and credit-card records, to broadly monitor citizens’ activity. When somebody tests positive, local governments can send out an alert, a bit like a flood warning, that reportedly includes the individual’s last name, sex, age, district of residence, and credit-card history, with a minute-to-minute record of their comings and goings from various local businesses. “In some districts, public information includes which rooms of a building the person was in, when they visited a toilet, and whether or not they wore a mask,” Mark Zastrow, a reporter for Nature, wrote. “Even overnight stays at ‘love motels’ have been noted.”
Edit: I'm assuming that GPS level precision is sufficient to start the dystopia
No doubt much of this data is already collected in one form or another. But it is a big step from collecting data, to analyzing it in new contexts, to visualizing it well, to making it highly accessible to federal non-technical agencies.
Based on what we know, I don't see how you could carve a large enough population group out where you have < 1/300 chance of death and < 1/50 chance of being hospitalized. Your timeline is realistically years to not overrun hospitals, if this is even an acceptable death rate [which it won't be in developed countries]
After all - the first amendment allows for the freedom of assembly, and the freedom of assembling with whom they wish. Property rights also and all of that.
Is it a matter of losing freedom for safety? Yeah. There's been a lot of 'reasonable' losses of freedom in various things. For example, isn't it a loss of freedom to require a drivers license and insurance (or proof of financial responsibility for California)? Or security at airports? And so on. This may become yet another loss of freedom, maybe temporary maybe not.
Hell, vast numbers of people have been doing it voluntarily already with loyalty cards.
b) It's not 0, so there's still room to reduce the number, even now.
Checking into to JimmyJohns with a loyalty card is not the same as the guy I passed on the street's phone checking my phone and both letting JimmyJohns HQ that we passed each other at 12:53 on at 643 West Main St.
This is of course nothing new. But it's worth noting considering how high the tolerance for extremely intrusive government action currently is and how extremely weak any resistance is bound to be.
I'm not saying I'm against contact tracing in the current situation. But that shiny new button that governments get to press will never go away.
Edit: Reading the spec, I found a piece of information that may be of interest: This technology allows contact tracing without necessarily revealing the location where that contact has taken place. So that could indeed be a privacy benefit over alternative approaches.
https://covid19-static.cdn-apple.com/applications/covid19/cu...
At least this way you will get some control of the info and you'll know what was collected and have control of it's disclosure (for now).
In other words, this is no worse than what the government is already capable of, it just makes it easier for you to share the data with health care providers.
The government already has all these abilities.
Bluetooth has a quite small range, which may give higher tracking precision (to anyone receiving the signal) than the data cell phone companies have.
in fact, it should remind us to take away those prior surveillance capabilities, and demand any contact tracing system to give control to users and be fully off-limits to large power structures (e.g., only shared between users and researchers).
and being hard to do so is no excuse. we have millions of people we can work on the problem if it's so important to warrant such massive effort.
doubt it.
I don't want to share any more information with these corporate heath care providers based on real world experience with them. Is that "allowed".
You could also view it as high demand for government functionality, with an accompanying commandeering of the governmental power by the public, which has leverage of its own. Consider, for example, that 1/3 of the country is on a rent strike right now, a proportion which will likely grow. That part of the polity is learning to flex its political muscle for the first time in a while, because the economic and political establishment suddenly finds itself at a severe disadvantage.
Of course, the government commands asymmetrical strength through police and (less directly) military force, but that's only effective insofar as disparate groups rarely have broad common interests that transcend regional, economic, or social boundaries. Since the internet provides many of the tools to facilitate collective action and COVID-19 has provided a sufficiently broad incentive, political incumbents are discovering that their powers are only as extensive as the willingness of people to cooperate and that they do in fact require the consent of the governed.
Errr - no, no they aren’t. This month had approximately 12% more people miss their rent payment than last April.
That’s high - and bad news for people like my retired aunt and uncle, or father in law, who rely on the income from their rental property - but it’s hardly a national rent strike.
I would remove the Android FAILED_REJECTED_OPT_IN status code (https://www.blog.google/documents/55/Android_Contact_Tracing...).
I cannot find it in the Apple API specs, but maybe it's not defined in there yet.
This should be an app users can install and uninstall, not a feature governments control.
PS Governments are already accessing your phone records and tracking behaviour without your permission, along with recording everything you do online for at least 30 days. O Tempora, o mores!
https://news.sky.com/story/coronavirus-government-using-mobi...
They aren't building anything new, in fact, this is much less than they already have.
This is a false statement. With location services off, the providers only get coarse location via tower strengths and also via IP geolocation (everything phones home and leaks your IP constantly). It’s not exact, not by a long stretch.
But it was labelled as terrible. I was for the secret service.
Now it's going to be culturally accepted, and in the hand regular administrators.
This is on order or magnitude worse, for something that was awful.
Shouldn't you read the spec before commenting?
The day key is only known if the user elects to publish those keys.
If you have a collection of day keys you don't know who published them as there's no device information in that.
I think that framing is slightly counterproductive to be honest. The alternative are efforts that, from what I see so far, seem to fall on one of two sides:
a) sensible privacy defaults like the proposal by Google/Apple, open development, limited traction in the community and not well connected to political decision makers
b) company initiatives, closed developments and promises of openness while working on centralized solutions
I feel like your scenario would be more worrying in terms of privacy if Google/Apple didn't introduce this protocol extension. They are essentially forcing the b) group to adapt something sensible. Another positive is that this seems limited to the OS level, whereas both have more extensive infrastructure they could have pushed for but intentionally did not.
tl;dr: I think it is a beneficial proposal and well placed, the alternative would likely be worse for the user base.
- Advertisements change every 15 minutes, are not trackable unless keys are shared.
- The only central bit is a repository of "infected" daily keys.
- No knowledge about contacts is shared with a central authority.
Nothing is shared unless you are infected and decide to share your keys, which are only valid for one day. I don't see how you could have a real argument against this unless you are a privacy extremist. It also seems more privacy friendly than the Singapore or German apps.
https://github.com/DP-3T/documents
paper: https://github.com/DP-3T/documents/blob/master/DP3T%20White%...
data protection aspects: https://github.com/DP-3T/documents/blob/master/DP3T%20-%20Da...
Here's an overview comparing that approach to some others (such as Singapore's tracetogether): https://github.com/vteague/contactTracing
It means that contacts with infected persons can't be linked across days, and it means that I can't build an app that alerts me that someone who was previously infected just walked by.
Edit: This actually turns out to be correct, but your conclusion:
> It means that contacts with infected persons can't be linked across days, and it means that I can't build an app that alerts me that someone who was previously infected just walked by.
Is not possible, because every time secrets are made public, the secret key is reset.
[1] https://github.com/DP-3T/documents/blob/master/DP3T%20White%...
I have the impression that all of this is forced upon us as to make us believe that it is safe to get back to work ASAP. Wouldn't it be better to just wait ? (I'm not interested in the economical debate : this will invariably lead to compromises such as how many victims can we afford to keep the economy going ? (nobody will tell it that way, but in the end that's the truth behind those arguments))
The troubling thing is, bluetooth-based contact tracing is in no way easy. Different android phones handle background bluetooth scanning / advertising differently and some tend to require additional config changes - such as disabling battery saving features - to even make it work. And iOS bluetooth advertising in background is just bad. Since u can't add custom UUIDs to the advertisement package, just advertising data is often not enough, so u have to connect too, which creates a range of other problems. I suspect they will release OS upgrades to solve some of these issues, but not all devices will be fixable (eg, older Android devices). This, combined with the fact that they will start rolling out this feature in May, makes me think it will not help us much for the latest wave of COVID-19 infections. Might come in handy for the next epidemic, though.
Not sure whether that's what this implementation would look like.
> alice can also hide messages from times she wants to keep private
If there's a need for this, doesn't that imply that the scheme does not actually keep Alice's privacy in all situations?
Furthermore:
> the random messages give the hospital NO INFO on where Alice was
This seems to assume that the hospital (or anyone with access to the data, such as governments) didn't capture the broadcast messages together with their location. With enough Bluetooth receptors in busy areas, a government could easily find out where Alice had been by looking up each of her messages in their list of message/location pairs?
Experts can probably come up with nastier and/or easier exploits...
Once the crisis is over, they'll continue to use such "safe" apps, for other purposes ...
https://covid19-static.cdn-apple.com/applications/covid19/cu...
"Privacy Considerations
• The key schedule is fixed and defined by operating system components, preventing applications from including static or predictable information that could be used for tracking.
• A user’s Rolling Proximity Identifiers cannot be correlated without having the Daily Tracing Key. This reduces the risk of privacy loss from advertising them.
• A server operator implementing this protocol does not learn who users have been in proximity with or users’ location unless it also has the unlikely capability to scan advertisements from users who recently reported Diagnosis Keys.
• Without the release of the Daily Tracing Keys, it is not computationally feasible for an attacker to find a collision on a Rolling Proximity Identifier. This prevents a wide-range of replay and impersonation attacks.
• When reporting Diagnosis Keys, the correlation of Rolling Proximity Identifiers by others is limited to 24h periods due to the use of Daily Tracing Keys. The server must not retain metadata from clients uploading Diagnosis Keys after including them into the aggregated list of Diagnosis Keys per day."
It doesn't look bad, at least, at the first sight.
A detail: I hope the "day begin" for the "Daily Tracing Key" is the same for all users? I.e. not a local day but e.g. GMT+0 day or something.
Many years ago I was at a black market in Beijing filled with every possible fashion counterfeit, and I found one black leather belt that had both Gucci and Calvin Klein logos on it.
It similarly seemed natural for a second ("even more fashion, right") until my brain did a double-take.
https://blog.google/inside-google/company-announcements/appl...
Also, the Apple logo is first. I wonder how this was decided?
Not because I like that logo better but because it is smaller. Since English reads left to right, if the short thing comes after the long thing, it looks lopsided.
Also, since the Google logo is larger, it is going to be more prominent no matter what, so putting the Apple logo first balances that out a bit. Seems fair to me.
https://www.gov.sg/article/help-speed-up-contact-tracing-wit...
Not really. This is based on the TCN approaches by Covid-Watch, Co-Epi and DP-3T (submission to PEPP-PT). TraceTogether fundamentally functions very differently.
I am one of the developers working on Co-Epi, and am very happy to see that Apple and Google are improving their APIs to support our work.
https://covid19-static.cdn-apple.com/applications/covid19/cu... Cryptographic Specification
https://www.blog.google/documents/55/Android_Contact_Tracing... Android API
https://blog.google/documents/57/Overview_of_COVID-19_Contac...
Apple and Google should have included the chart in their announcements, IMO. It illustrates the process in a way that's easier to understand than text alone.
Privacy is really important: but we lost it all a long long time ago. Maybe saying "well now we can do a good job of contact tracing" is at least some good coming out of that loss of privacy. I just hope we don't end up wasting time trying to make the contact tracing "private" as if by doing otherwise we'd be giving something up that we didn't already give up long ago.
I hate the fact that I definitely see a good reason for it and the goverment is more than happy to accommodate this power grab.
But that can't/won't undo the effects of something being called "private" being exposed not to be afterall...
As an obvious (and not all that impossible) example, consider a Bluetooth device owning person who is, in fact, physically isolated. No amount of "privacy preserving" anything will fix the issue if they know they've only been within range of 2 other people in the last <insert time window here>.
The paranoid user would want to change their disclosure settings upon entering the domain of this isolated individual, since they can be sure they would be able to identified.
Sadly, not all users will know who was and who was not isolated, so the notion of privacy is simply impossible as far as I can tell. You are weighing the social good vs the potential personal harm based on your unique environment. Nothing fundamentally changes this.
> Upon a positive test of a user for COVID-19, their Diagnosis Keys and associated DayNumbers are uploaded to the Diagnosis Server. A Diagnosis Server is a server that aggregates the Diagnosis Keys from the users who tested positive and distributes them to all the user clients who are using contact tracing.
Is this scalable? Earlier in the document they mentioned that the tracing keys are 16 bytes long. Let's assume that there are 3 million patients in a country. That'd be 48 megabytes each user has to download and process per day to check whether they've been in contact with an infected person (processing involves calculation of 144 HMACs per tracing key). I don't think this is feasible at scale and one can't avoid thinking about area recognizing diagnosis servers.
E.g. Smartphones of patients would upload not just the diagnosis keys, but also the areas (county, district, something like that) they've been inside during that day. Then smartphones querying the diagnosis servers would have to send the areas they are interested in. But it's easy to see that this approach is then quite privacy invading. On the bright side, this info is already available to carriers so it's already a sunken cost so to speak.
I had thought that Apple and Google are in the best position to distribute contact tracing widely [1] but couldn’t figure out if they were working on it. It turns out they were.
[1]: https://news.ycombinator.com/item?id=22704460
Big tech can do good and we should applaud their efforts when they do it right.
That would be an incredible win for humanity.
Also, common cold mortality is extremely low.
Even if it's not the most important thing we could do, eliminating influenza and the common cold would be pretty fricking awesome.
To answer your Q, Op: yes. Provided Apple/Google doesn't remove the functionality in a later software update.
We're literally still fighting the wars that arose out of the last time we acted in a moment where we were "united by fear."
Some ideas as to why:
- lots of people have iPhones and Apple have made efforts to make them less trackable so maybe there isn’t enough data about enough people
- google are scared that this would lead to their data collection/retention being more regulated
- The location data google collect just isn’t granular enough
- google don’t want to give the government access to their location data because they believe strongly that it should be private between google and the people being tracked/they’re scared that people will react badly as they begin to realise how much data google collects about them
I can foresee a large second wave due to this falling short if we relax social distancing measures. There have been cases where people test positive then test negative and then positive again. It would require redundant testing per individual on a schedule.
There are a lot of people who will not be tested, there are a lot of people without smartphones. This virus has spread so far at this point we’d need to test every US citizen to know the blast radius.
I understand people are hopeful and want things to return to ‘normal’ but I can’t imagine it without a vaccine in the US.
[1] https://covid19-static.cdn-apple.com/applications/covid19/cu...
To my mind this phrase under 'Privacy Considerations' in the Cryptography Specification stands out:
"A server operator implementing this protocol does not learn who users have been in proximity with or users’ location unless it also has the unlikely capability to scan advertisements from users who recently reported Diagnosis Keys."
That phrase explicitly mentions that server operators cannot learn about user proximities.
What I reckon may be unstated there is that it could be possible for adversaries with sidechannel / network monitoring capability to learn those kind of details about users (i.e. internet, cell data, and other data network operators).
If such a side door did exist, it would seem in the public interest to be aware of the scope of the availability of that data, especially given the potential (physical, social) vulnerability and risk of those users.
I'd also like to be proven wrong about the possibility of such sidechannel attacks by anyone who understands the spec in more detail.
[1] - https://covid19-static.cdn-apple.com/applications/covid19/cu...
The authors of DP-3T (which seems quite similar to this spec) have a huge list of privacy caveats in their whitepaper [1], in section "5.4 Summary of centralised/decentralised design trade-offs".
I haven't seen any analysis on how the Apple/Google spec prevents those problems.
[1] https://github.com/DP-3T/documents/raw/master/DP3T%20White%2...
2) Enable epidemiologists to analyse the spread of SARS-CoV-2
So anything in that table with epidemiologists is gone.
The remaining caveats are pretty boring:
To do so, the attacker uses strategically placed Bluetooth receivers and recording devices to receive EphIDs. The app’s Bluetooth broadcasts of non-infected people and infected people outside the infectious window remain unlinkable.
...
On the other end, a proactive tech-savvy person can abuse any proximity tracing mechanism to narrow down the group of individuals they have been in contact with to infected individuals. To do so they must, 1) they keep a detailed log of who they saw when. 2) they register many accounts in the proximity tracing system, and use each account for proximity tracing during a short time window. When one of these accounts is notified, the attacker can link the account identifier back to the time-window in which the contact with an infected individual occurred.
So, yeah, these vulnerabilities still exist and have been pointed out on this thread... but I find it hard to care about these at all.
It seems like this could be solved by providing a K-anonymous query interface like the one exposed by Have I Been Pwned. I wrote to the contact email address of Pepp-Py, which is a European initiative do develop a system that seems pretty much the same as this, suggesting this, but I got no answer (not that I was really expecting one).
If you further reduce that by only providing new confirmed hashes since a timestamp, the client can track when they last downloaded the data and pull only the delta, you end up with a few MB a day, which compares quite well to say, a video call.
So my suggestion for a minimal fix would be to also reveal all advertised rolling IDs for the current day in addition to the keys for the past days.
A better fix would be to generate ID in a hierarchical fashion from the daily keys with power-of-two-length time slots, so that you only need to share O(d + log(n)) values where d is the number of days and n is the number of subdivisions in a day.
Another potential fix is to use public-key cryptography and only reveal the daily public keys; however, this requires twice as large IDs and matching requires to try to decrypt/signature-check all received IDs instead of being able to generate and lookup.
Perfect way to begin marginalizing people who care for privacy
I think this is a very innovative solution that enables contact reporting without knowing location or personal details at all, and its exclusively opt-in.
I see some people arguing that "yes but it could be subverted" but this isn't a really good place to begin if you just want to monitor people and know who is talking to who, there are much better ways to do that already available.
I know that the RPI is derived from the daily key + TimeIntervalNumber. But these devices should only be receiving the daily keys + the current day.
Everything else about the spec is pretty easy to follow and gets my a-okay.
That's why this involvement is really huge and welcome! And besides clearing out existing arbitrary API limitations, Apple's involvement in potential protocol design for such tracing technology is a welcome addition in my view as well, because in contrast to Google, Apple at least earned a modicum of trust when it comes to putting the privacy interests of their customers first.
Source: Providing apps with that functionality.
Could probably flip it to be a 4 byte prefix (to identify this packet for contact tracing), followed by 16 bytes of the Rolling Proximity Identifier, but not sure if the underlying hardware (the BLE chips) can do low-power matching on a pattern like that. Something only Apple and Google could make work, so this is exciting.
(Or, it could be iBeacon to wake, then making a connection to fetch the Rolling Proximity Identifier. Though, in my experience, not requiring a connection will be more reliable in practice, especially for Android.)
LinkedIn is pretty mild anyway in contrary to anything Facebook with their tracking pixels. And unfortunately you can't really do without LinkedIn if you want a job in IT.
And how many people not having already their various metadata collected by Google and not having anything on the Apple servers?
No. Where have you been? People complain about facebook, instagram, linkedin, etc all the time and encourage others to stop using it all the time.
What is mindblowing is the amount of worship for Apple here and the amount of support this has. And preventing "thousands of people from dying" is no excuse for this because we know this has nothing to do with preventing deaths.
The amount of love that Apple, Microsoft, etc has on every apple/microsoft thread is a tad bit suspect in my opinion.
> (without even having read the specs or knowing the details...)
Why would the specs or details matter? It's a matter of principle.
"People might die" so we need to spy/monitor/track you is a very north korean mindset. But then again, they also use an existential fear ( US invasion ) to enforce complaince amongst their population.
If people complain about EARN IT, they should investigate privacy implications of this "enhanced" tracking technology.
The reason why I worry so much about privacy details is because it can be implemented in a way that respects privacy. If it doesn't, then that is highly suspicious and doubly unfortunate given the circumstances.
But if it is implemented right then I will use it. And thankfully, it seems to be implemented right, so if that holds I will use it and try to convince other people to do so as well.
It leads me to believe that the proposed loss of privacy isn't the best way to fight a virus such as a flu
2. Lots of old people, which for Covid is about 65, still work full time jobs. Some of them fly every week. These aren't 95+ year olds.
3. I'm sure people of all ages think their life is very valuable, and very few people consider themselves candidates for sacrifice. Certainly not for privacy concerns.
4. 10x deadlier than the flu.
As a matter of fact I see this as a very likely scenario as this is precisely what South Korea has already done.[1]
Someone probably said — “how about this?” and scribbled something. May have even been a Googler.
Then everyone else just said “sure”.
At least, that’s how I’d like to think it went.
Presumably the bluetooth recording will give much better fidelity/precision about who is close to who, in all conditions (in buildings, in the subway, etc), where simple phone triangulation or GPS won't be accurate enough.
That's far more data than the phone companies have on us right now, so it is a good thing that people are considering the privacy issues. Just saying "we've already lost" only makes things worse.
US public institutions seem frankly sclerotic. The fact that the government has or has not done something provides almost no signal on whether something is possible or not.
* cell tower data
* phone GPS data
* Bluetooth data about proximity to specific other people
For most purposes these are increasing in precision and sensitivity. But also, governments can demand that carriers turn over the first kind, but the second two are generally under some kind of user control according to mobile OS designs. There is no single place that automatically gets this data about every smartphone user.
Some of the discussions about privacy for the kind of technology that Apple and Google are working on here are based on observations like
* there actually is no existing way that health authorities could get detailed Bluetooth proximity information about all smartphone users
* this information is potentially more useful for epidemiological purposes, and also more privacy-sensitive, than just GPS sensor data, because it may more reliably map individual people's interactions with one another (for example, potentially confirming that people were likely in the same room rather than just in the same building)
* there are cryptographic concepts that could potentially make this data useful for contact tracing, if users cooperate to a certain extent, in a way that would still make it difficult to obtain or use the data for a different purpose
Another way of putting it is that many people looking at this question think that there is an incremental privacy harm from disclosing Bluetooth proximity data (compared to data that is already available), and an incremental benefit to epidemiology from finding a way to process this data for contact tracing purposes (compared to data that is already available).
https://www.imec-int.com/en/articles/imec-sets-new-benchmark...
"Hey everyone - so yeah, we're using all your data you're willingly providing all these apps on your phone, like location, contacts, camera...So thanks for helping...Okay, bye!".
But you're right. Every day there is so much information from the spies we carry around with us as they communicate that it'd be unfathomable they're just "ignoring" all of this information.
The chances are in some privacy policy it says they can share that data with their "partners" which silently gets back to the government.
Just use what you already have, what we already know you have, and if it saves lives then at least it was put to good use.
- Doesn't collect personally identifiable information or user location data
- People who test positive are not identified to other users, Google or Apple
- List of people you’ve been in contact with never leaves your phone
https://blog.google/documents/57/Overview_of_COVID-19_Contac...
edit: I just "read" it ( it is not even a spec - it is not even a powerpoint presentation ). You are down voting me for questioning a couple of pictograms?
It lets someone identify as Covid-19 positive and then if people have come into contact with them, you can be alerted. Most of the processing happens on device and it doesn't use location data.
It looks like it would be very hard to abuse by governments or businesses, but I'm not an expert on these kind of things.
Do I understand this correctly? It's almost all done locally, there's nothing about location, and almost nothing is send up until you mark yourself as infected, right?
EDIT: This is the best high level explained I've found: https://blog.google/documents/57/Overview_of_COVID-19_Contac...
edit: There is something that occurred to me after writing this. FB had an API at the beginning of their game when they were shooting to get developers' attention. They did. As the leaked documents show what really end up happening, API evolved in ways that benefited big boys. I guess my rambling point is that whatever current specs say, may quickly become rather distant past.
Yes, healed patients who don't produce viruses any more aren't important, but anyone still infectious is still a danger. Even if you are supposed, often even legally required, to stay at home while being infected, there is no guarantee you aren't. I'd bet that most of these people also take their phones with them, after all far more serious criminals like actual murderers are often taking their phones to sites of crimes as well. The IDs of those devices are still relevant. Quarantine after diagnosis may last up to 14 days, so your phone should be uploading IDs for 14 days to the diagnosis server.
Given continuation of exponential spread, we aren't far from having 3 million new patients within a span of two weeks in populous countries like the US.
That is so that once one is diagnosed others can check if they were close to that one (and when?). And even these lists aren't supposed to be any typical metadata but something that stays local and the third parties can't reconstruct.
The idea is, again if I understood, that those who remain negative never have to upload anything that gives any traceable information about them.
See my other post here with other relevant quotes from the specification.
----
Edit:
1) Actually what is uploaded is: "the Daily Tracing Keys for days where the user could have been affected"
"Upon a positive test of a user for COVID-19, their Diagnosis Keys and associated DayNumbers are uploaded to the Diagnosis Server. A Diagnosis Server is a server that aggregates the Diagnosis Keys from the users who tested positive and distributes them to all the user clients who are using contact tracing."
The matching is done locally on every device:
"In order to identify any exposures, each client frequently fetches the list of Diagnosis Keys. Since Diagnosis Keys are sets of Daily Tracing Keys with their associated Day Numbers, each of the clients are able to re-derive the sequence of Rolling Proximity Identifiers that were advertised over Bluetooth from the users who tested positive. In order to do so, they use each of the Diagnosis Keys with the function defined to derive the Rolling Proximity Identifier. For each of the derived identifiers, they match it against the sequence they have found through Bluetooth scanning."
Your identity is pseudorandomly generated and cycles every 15 minutes, so you won't be identifiable/trackable - until you choose to share you were sick, and release the inputs to the KDF publicly. A third party app determines who can share they were sick, but the OS appears to require user consent before your information can be shared.
Even then, the people who did see you haven't shared any information.
The biggest vector of privacy abuse IMHO is that once you have opted in to letting an app check whether you had contact with an affected person, the app is responsible for behavior - informing you, helping you schedule testing, or potentially more abusive behavior like informing you and the state of a mandatory quarantine.
It's pretty clear that we will get contact tracing applications in many parts of the world, regardless of any action Apple or Google might have taken. Might as well base it on something that does not compromise the user base wholesale.
In particular, given an adversary who has several points (receiving these codes) and knows the receiving location of each of these points can de-anonymize a person "A" who is COVID positive if they know, e.g., a minimal amount of A's usual daily movements (from cellphone tower location, for example).
That being said, the government probably has better ways of knowing who has COVID-19 and other infectious diseases :)
The group of non-infected people is getting smaller and smaller. The infectious window is presumably weeks long (times the number of diseases this system will track). These risks don't seem that easy to downplay, even before we get into the "security concerns" section.
The rent strike movement is a political one, and has little to do with wether or not one can afford rent.
every new method of geo-tracking is a new risk because it provides yet another hole for politicians to legally exploit into a privacy concern.
Speaking about the US -- GPS and tower-tracking pose many of the same risks, but since the legal mandates were discussed at different parts in history, their legal allowed uses are different from one another.
If yet another geo-tracking capability comes online that just allows legislators to put forward legislation that will allow them to abuse that specific technology rather than the previous ones that allow them the same access, but were mandated more responsibly.
In other words : each new law has to be inspected from so many angles that eventually the angles will exceed the inspection ability, and our privacy will dwindle without much argument as we'll be unable to modify legislation quickly enough to keep up with tracking technologies; this seems to be on purpose and being abused actively in the United States.
Determining if you were in the vicinity is also done on device - you get a list of all the day keys from a person who has chosen to share that information, then from that you can create all the keys they would have used in that period, and see if your device has ever seen one of those keys. Presumably if it finds a match the device/app would post a "you should get tested" message.
Do you know whether TCN have worked with and/or compared notes with OpenTrace[1]?
Sometimes, especially in crises, people like actually want to help other people.
You are more right than I was initially, thanks!
Actually, to be even more precise: only if infected, you upload the set of your own derived keys, and apparently only for the days you could have transmitted the virus to other people.
From the documentation:
"Upon a user testing positive, the Daily Tracing Keys for days where the user could have been affected are derived on the device from the Tracing Key. We refer to that subset of keys as the Diagnosis Keys. If a user remains healthy and never tests positive, these Daily Tracing Keys never leave the device."
It's enough to upload the bucket that was hit in the Bloom filter to fetch the subset of detailed data that corresponds to the bucket.
If the buckets are coarse enough that doesn't reveal much. And if the Bloom filter is too fine-grained for that, fetch a set of buckets instead of one.
Why would you upload it if you know (almost for sure) there was a hit? We can all live with small false positives I think.
This. It would look weird if the order were the other way around.
See: https://www.wired.com/story/apple-find-my-cryptography-bluet...
[0] https://developers.google.com/maps/documentation/geolocation...
Seems doable, especially considering that you’d want to have fully blown lockdown during the exponential growth, and only then switch over to this contact tracing phase once the initial wave has abated.
Also I don't think NYC is at all the worst case in the world, there are a lot of megacities that dwarf it in size...
This seems to align with the statement that knowing the key for one day (i.e. once it is uploaded following diagnosis) allows one to derive all future keys. Is there another section I am missing?
Edit: clarified that daily keys are shared post-diagnosis, to trace prior contact.
DP3T specifies that SK _t = H( SK _{t-1} ). In that design, you share the daily key from when you started to become infectious, and then the subsequent ones can be computed. Then you go into quarantine, stop being infectious, and (see spec) create a new random daily key going forward (or delete the app).
In the A/G proposal, daily keys can’t be correlated, and you share the daily key for each day you were infectious.
The end result seems pretty much the same for me.
If the A/G app is not implemented to spec and keeps uploading daily keys even after the infectious period is over, yes.
So, dunno. A/G has a bit more privacy (maybe) for 5x more data volume than DP3T.
If the server ships 14 * (# of people infected) every day to every user, instead of just (# of people infected) and have the client generate the 14 keys for each infected person, you would only be able to identify that you were in contact with an infected person. With the DP3T proposal, it looks like you can identify that you were around the same infected user multiple days, which might be slightly worse for privacy (in the sense that it would help you identify who you got it from).
But in either case, because the secret key is reset after being made public, it would not help you identify who was previously infected.
According to the spec, the phone only generates a new identifier when the MAC address changes or on a new day. But since it's generated in accordance to a 10-minute time window, that means you'd try to derive their key with all 144 possible time windows for that day. And if you find one of those ID's in your list of contacts, then you know you were in contact with someone infected.
There are no good choices in a pandemic.
- not handling the pandemic
- tracking the population
You can get information about people assembling in other ways:
- helicopters
- intel gathering
- cops and army patrolling dressed as civilian
- create groups of citizen in town responsible to patrolling
And probably many I don't know about.
Then you add to that: keeping to communicate with the public, testing a lot, providing masks, etc.
The fact you are using this argument shows how much powerful the culture about "the end justify the mean" and "trusts the authority to deal with this" is.
I remember the first time I saw Jack Bauer on TV decapitating a terrorist in 24 to get an information. I though, "wow, they are really creating a new normal here".
That's what it is about: creating a new normal. And pretending there is no other choice, while nobody is trying to provide any.
If we abandon our commitments to human rights in times of crisis, how important are they to us, really?
Seriously? “Everyone has the right to life, liberty and security of person” is literally Article 3 of The Universal Declaration of Human Rights - and 1&2 are “this applies to everyone; yes, we mean it”. Privacy is all the way down in Article 12.
I’ll take my life, health and freedom, for which targeted suppression of this disease is essential, over my privacy any time, thank you very much.
Remember 9/11? That year more people died slipping and falling in the shower than died in the twin towers. More people died because they chose to drive short distances instead of flying than died in the twin towers. And we got the Patriot act and a trillion dollar war. Humans have a way of overreacting.
That's over a ~6 month season. If you average that out it's 10k per month. We'll have 20k dead tomorrow from covid and it hasn't even peaked yet. This is with extreme lockdown measures implemented. How much worse would those numbers be if everyone was going about their business as usual the way they do the flu?
So, my answer to your question, is an incremental 600K once. Although given those numbers are averaged and the impact is 100X worse for the elderly than the young, I question whether these would be incremental deaths at all.
In Italy the average dead its 80.5 years old with 3 underlying conditions. If COVID hadn't taken them, the flu may well have. One study showed a case fatality rate of 10% in the over-75s for H1N1.
Ideally, we'd isolate them, and let everyone else out like the Swedes.
[1] https://www.technologyreview.com/2020/04/09/999015/blood-tes...
[2] https://www.washingtonpost.com/health/the-coronavirus-isnt-m...
Edit: I wasn't downvoting you, and the link was the source for the summary for the privacy considerations. The details are in the actual spec.
1. Bluetooth: https://covid19-static.cdn-apple.com/applications/covid19/cu...
2. Cryptography: https://covid19-static.cdn-apple.com/applications/covid19/cu...
3. Framework: https://covid19-static.cdn-apple.com/applications/covid19/cu...
You are comparing apples to oranges and calling it grapes.
It is 0.37% infection fatality rate (including clinically non-significant cases) vs flu 0.1% case fatality rate (from clinically significant cases). case fatality rate for covid-19 is much higher (say 2 % in Germany). Note that these are fatality rates, not mortality rates.
Second factor is that population has no imunity to SARS-CoV-2, while has some immunity to flu strains. Which means much more infected and therefore higher mortality rate even with the same fatality rates.
Overall, it seems to me that without any precautions it would be 10x-25x higher overal mortality (say 0.2 %) than seasonal influenza (say 0.01-0.02 %). Not great, not terrible.
Influenza is 0.1% from estimated total cases.
Here's the CDC's preliminary in-season influenza report for this year, showing 39,000,000 - 56,000,000 estimated cases, 18,000,000 - 26,000,000 medical visits, and ultimately 24,000-62-000 deaths (0.061% - 0.1107%)
https://www.cdc.gov/flu/about/burden/preliminary-in-season-e...
These preliminary estimates are roughly in line with recent years.
With 39M-56M estimated cases, 24k-62k deaths and 330M population, you have 0.06%-0.11% fatality rate and 0.007%-0.018% mortality rate.
This guy also brought us, “childfuckers bad, no crypto for you”.
And don’t forget, “Arab scary, we track your emails”
COVID however, does not mutate, or has not yet. This means herd immunity is on the table, and so is a ~100% reliable vaccine -- like MMR, not like flu shot.
Only 5-20% of the population gets the flu each year. 60-70% of the population would have to get CoVID-19 before herd immunity brought the reproductive number below 1.
Yep, and they should shelter in place. Nobody else should.
2. Lots of old people, which for Covid is about 65, still work full time jobs. Some of them fly every week. These aren't 95+ year olds.
Yep, and they should shelter in place, because they're in a risk category.
3. I'm sure people of all ages think their life is very valuable, and very few people consider themselves candidates for sacrifice. Certainly not for privacy concerns.
That's an unfortunate way of looking at this. The reality is everything we do in life involves risk. There's risk of harm in shutting down the economy, and there's risk of harm in opening the doors. The lifetime risk of death being involved in a car accident is 1%. The lifetime risk of dying of an opioid overdose is 2%. COVID is much lower than both. Locked inside domestic violence is up, alcoholism is up -- liquor stores are considered essential so alcoholics won't come in to hospital due to withdrawal.
What we do know is if we lock things down, then one person flies in from a foreign country with the disease the whole thing starts over. Hiding inside is not a sustainable strategy.
Which is why Sweden remains open for business. And you know what? They're doing just fine [1].
4. 10x deadlier than the flu.
It is not. We do not know how deadly it is, all we know is that of people who go to the hospital (implying that they're showing serious symptoms) between 0% and 9% of people, depending on their age and comorbidities, die.
That's adverse selection sampling bias. Studies show there's huge, huge quantities of people who either show no symptoms at all (which is the thing that makes this disease a challenge) or exhibit mild flu-like symptoms.
The numbers we're seeing are an upper-bound, by an order of magnitude. It's likely in line with the flu, although we should consider in line with the flu is bad -- it kills 650,000 people each and every year we've been alive.
It's also much harder to immunize against the flu (19-60% effective) due to its propensity to mutate and the huge number of strains that show up each season, with different ones being dominant each year.
On the other hand, COVID does not mutate -- or has not yet.
[1] https://www.forbes.com/sites/jamesasquith/2020/04/04/no-lock...
3. Sweden has experienced over 500 covid deaths in a week. That's a 30% excess death rate. Hardly "fine".
4. I see little evidence it is in line with the flu, unless you are talking about historically deadly flus, not seasonal ones. Flu would not have killed 1.5% of the Diamond Princess population that was infected. 0.7% IFR seems about right (Diamond Princess, Iceland, etc. suggest around this) and that's >7x bad seasonal flu years.
It's not 0.1% for a 30-something. The Gangelt survey showed a total population fatality rate of 0.37%, and so far the CFR has ranged from 0% in children to 0.1% for 30-somethings to 15% for 85 year olds.
The Gangelt survey showed 0.37% actual vs. a CFR of 2% overall in Germany so we can divide the CFR for each age group likely by 10. It's probably close to 0.01% for a healthy 30-something.
> Sweden has experienced over 500 covid deaths in a week. That's a 30% excess death rate. Hardly "fine".
It ... is fine, when you take into account that they're never going to get it again, whereas every other country in the world is vulnerable to a single person showing up and re-starting the entire process for everyone. It's not this lockdown I'm worried about it's the next one, when a single person shows up in downtown NYC and we're right back at it again.
Hiding inside is not solving the problem because it's an incredibly infectious disease. Unless you can lock down every single person in the entire world for the entire duration, it will fail.
> I see little evidence it is in line with the flu, unless you are talking about historically deadly flus, not seasonal ones. Flu would not have killed 1.5% of the Diamond Princess population that was infected. 0.7% IFR seems about right (Diamond Princess, Iceland, etc. suggest around this) and that's >7x bad seasonal flu years.
The Gangelt survey showed 0.37% vs the flu at 0.1%. It's worse, I've long maintained it's worse, but it's not massively worse. Certainly not stop-the-world worse. [1]
[1] https://www.technologyreview.com/2020/04/09/999015/blood-tes...
Moreover, Germany has conducted a randomized serological survey of the population of one town where there was a large outbreak, and determined that the true mortality rate was about 0.4%, which is an order of magnitude higher than mortality due to the flu. That's the mortality if there's excellent healthcare and the system isn't overwhelmed. Mortality will also depend on the age structure of the population, rates of obesity and smoking, etc.
Because a large fraction of the population is immune to the seasonal flu (both through vaccination and previous infection), far fewer people contract it than would contract CoVID-19 in an uncontrolled epidemic.
The combination of a much larger rate of infection than the flu and far higher mortality means that CoVID-19 would kill orders of magnitude more people in one year.
1. Results showed 0.37% mortality rate, which is an order of magnitude lower than the fatality rates being published, which is what I claimed -- so I re-iterate: "The numbers we're seeing are an upper-bound, by an order of magnitude." [1]
2. 14% of their town has had it already. [1]
3. That 0.37% rate includes all the old and at-risk folks which I was already suggesting we isolate. Since we know the fatality rate for them is 9% in hospital vs 0.1%, I'd suggest that the actual mortality rate of my plan would be incredibly low. [1] We don't know the demographic distribution of the town, and we do know that the disease is incredibly age-dependent so it's hard to project that onto the population.
Either way the flu is 0.1% so this isn't 10X worse, it's 3.7X worse. At most.
4. The study shows 15% of them are already immune to COVID.
[edit] I found the data [2]. Out of a population of 12,000, 6500 of them are in a risk group (over 45). So 55% of town. This needs to be projected onto the world population factoring into account non-linear risk response.
> Because a large fraction of the population is immune to the seasonal flu (both through vaccination and previous infection), far fewer people contract it than would contract CoVID-19 in an uncontrolled epidemic.
I don't think they are. The flu mutates regularly, and there's a ton of strains. Vaccinations are only 19-60% effective depending on the year. This is evidenced by the 650,000 worldwide deaths (60,000 US) and the 45,000,000 US cases of the flu each year.
[1] https://www.technologyreview.com/2020/04/09/999015/blood-tes...
[2] https://www.citypopulation.de/en/germany/nordrheinwestfalen/...
You're off by a factor of 100. It's .01%.
> The lifetime risk of dying of an opioid overdose is 2%.
For who? Someone who uses opioids? Maybe, on average, again you're off by a factor of 100 or more.
> We do not know how deadly it is, all we know is that of people who go to the hospital
No, of people who test positive, which includes people with relatively mild symptoms that don't go to the hospital, but had reason or ability to get tested.
South Korea is probably the best current testbed here, they had very widespread testing and they've had very, very slow growth recently so the CFR numbers are probably relatively accurate. They see a 3% CFR.
> Which is why Sweden remains open for business. And you know what? They're doing just fine [1].
Normalized by population, Sweden has seen more deaths and more infections than California, by about 50%, and it will likely continue to grow at a similar rate. The problem with exponential growth is that things look like they're doing just fine until suddenly they aren't and there's no way to fix things.
> For who? Someone who uses opioids? Maybe, on average, again you're off by a factor of 100 or more.
No, lol, it's not. Those are averages across the US population. Your lifetime odds in the US of dying in an automotive accident is 1:103 [1].
I should have said accidental poisoning which is 1:64 [2] but half of that is actually opioids (1:96) so you're still more likely to die of an opioid overdose than being a party to a car accident. Most people don't set out to get hooked on Oxy, they get hurt or undergo surgery, are prescribed them, and that's that.
There's 40,000 deaths per year related to car accidents, which if you multiply out by the average lifetime (78.69 years) is right around 3.2 million, or 1%.
This is fair to compare against COVID because due to its extremely limited propensity for mutation, the COVID mortality rate does represent what approximates lifetime risk. (i.e. unlike the flu, you won't get it again).
> South Korea is probably the best current testbed here...
I argue the best testbed is the German study I cited where they actually tested... everyone. CFR is not mortality rate, its about an order of magnitude higher, again, I cited my data. And in my intuitive explanation that you're not factoring out adverse selection risk of only very sick people going to the hospital in the first place.
> Normalized by population, Sweden has seen more deaths and more infections than California.
Because everyone in California is inside. I'm sure they've seen an order of magnitude more flu deaths too because nothing spreads when you're inside. They're probably seeing infinitely more car accident deaths, too. Life's risky, and you're not comparing honestly.
[1] https://www.iii.org/fact-statistic/facts-statistics-mortalit...
[1] https://www.statnews.com/2020/04/09/its-difficult-to-grasp-t...
The German study also suggested up to 15% of people may already have it, so we can further reduce this number (an incremental 45-55% of the population getting infected) -- So, if we run some simple arithmetic, we'll see the number of fatalities will be approximately 60-70K.
This is in line with the number of fatalities in a difficult flu season. The difference is because COVID does not mutate (or has not yet), this will be a one-off, one-time, one-year issue. The flu kills 60,000 each and every year. The Swedes have it right.
We can mitigate this by isolating the vulnerable.
So yes, we are, in fact, overreacting.
[EDIT] I wonder if this is in fact in excess of deaths we'd see anyways. I'd imagine an 80.5 year old with 3 underlying medical conditions (average in Italy of the dead) isn't just as vulnerable to a bad flu as they are to COVID, so if COVID takes them, the flu won't.
[1] https://www.technologyreview.com/2020/04/09/999015/blood-tes...
Especially now that we are counting all deaths in COVID-positive or presumed-positive individuals as COVID deaths regardless of cause of mortality.
https://cleantechnica.com/2020/03/18/imperial-college-epidem...
I would rather see new phone sensors that scan the air, the breath and the body for diseases than a new tracking technology. We could also develop new medicines, etc. Not tracking.
Edit : we also don't have much knowledge about why the virus is more lethal for some people than others. We should focus effort at predicting who will be asymptomatic and who will develop complications, rather than trying to stop the virus from spreading by isolating people
"Evil" usually doesn't care enough about most people to spend significant resources surveiling them. The danger in dropping that threshold is that "evil" invents new ways to exploit any efficiency.
https://www.simula.no/news/digital-contact-tracing-qa#How%20...?
We would see it for COVID. And chances are 15% of us have already had it according to the Gangelt survey.
> chances are 15% of us have already had it according to the Gangelt survey.
No, that's a completely unfounded conclusion to draw from that study. Gangelt was chosen precisely because it was an extremely hard-hit town. Researchers wanted wanted good statistics, so they went to the place that has the largest case density. There was an early superspreading event in Gangelt, during Carnival celebrations back in February. Hundreds of people came into close contact with a known infected person. The population of the town is only 12,000 to begin with.
Of course, if more than 200 million Americans came down with CoVID-19 in a short span of time, the health system would collapse.
... which a substantial fraction of the population is immune to. Only 5-20% of the population gets the flu each year. CoVID-19 will infect 60-70% of the population, at a minimum, unless measures are taken to contain its spread.
> Results showed 0.37% mortality rate, which is an order of magnitude lower than the fatality rates being published
I've seen most people assuming a mortality around 1%, which is not that far off from these results. In Italy, 1% may well be correct, given how the healthcare system was overwhelmed there.
> I'd suggest that the actual mortality rate of my plan would be incredibly low.
If you can successfully shield the entire at-risk population, which easily approaches half the population of many countries. Once you add up old people, obese people, people with diabetes, smokers, people with heart conditions, and all the other at-risk groups, you come to a sizeable fraction of the total population. Trying to shield those people while the virus infects most of the rest of the population sounds incredibly risky to me. It's not even obvious that you can achieve natural herd immunity without at-risk people getting sick, because you need 60-70% of the population to get sick.
Overall, I don't understand the motivation behind such a risky plan. Why not just go through a 6-week period of lockdown, and then control the epidemic afterwards with extensive testing, good contact tracing and social distancing measures? Countries other than the US appear to be successfully implementing this strategy. Some, such as South Korea, were acted competently enough that they didn't even require the lockdown phase.
Only 20% of America is 70,000,000 people. That's staggering. The economic impact of the flu is enormous.
> I've seen most people assuming a mortality around 1%, which is not that far off from these results. In Italy, 1% may well be correct, given how the healthcare system was overwhelmed there.
It may be 1% in Italy because the population of Lombardy was overwhelmingly old, and overwhelmingly sick. The average age of death in Italy was 80.5 and the average number of underlying medical conditions was three.
Multiple official sources in Italy estimate that the real number of infected is 10 times the reported one. This explains the high dead rate.
So imagine 4x as many people getting infected with a virus that is many times as lethal.
> It may be 1% in Italy because the population of Lombardy was overwhelmingly old, and overwhelmingly sick.
And the US has other problems, such as obesity. But the mortality will be much higher wherever the virus overwhelms healthcare systems. As we've seen, that can happen very quickly.
By my napkin math, you get to about a 2-fold difference which explains the 0.37% vs. 0.7% numbers. But remember the flu 0.1% also includes those highly susceptible people.
Although for what it's worth Iceland is showing 6 deaths and 1600 confirmed cases for a fatality rate of --- wait for it --- 0.35%.
[1] https://www.cdc.gov/mmwr/volumes/69/wr/mm6912e3.htm#T1_down
That paper would give about 3% for a 70 year old. But remember that cruise passengers are healthy enough to be on cruises. 1.5% death rate seems about reasonable when you correct for that (again, this is where you might see that 2x difference).
Iceland has a considerable number of unresovled cases. Whether you use 7 deaths out of 751 recovered, or 20% hospitalization death rate, you get somewhere on the order of 0.9% CFR.
No they're not. The lifetime odds for the average American are. For opioids as an example, as someone who doesn't use opioids, my lifetime odds of dying from an overdose are essentially nil. The distribution is bimodal.
> This is fair to compare against COVID because due to its extremely limited propensity for mutation, the COVID mortality rate does represent what approximates lifetime risk. (i.e. unlike the flu, you won't get it again).
You claim this with great certainty, but it hasn't been around long enough to know that it won't mutate in annoying ways.
Further, it's still not fair to compare that way. In the past 2 decades, we've had 4 or more dangerous flus that aren't seasonal (SARS, MERS, H1N1, H5N1, COVID-19). Of these, most weren't infectious enough to be super dangerous, but two were (H1N1, COVID-19), each of which killed at least 100K people worldwide, and COVID-19 is on the path to claim a million lives worldwide this year.
That's not a once-in-a-lifetime event, it's once a decade or even once every few years.
> I argue the best testbed is the German study I cited where they actually tested... everyone.
And the flaws in that study have been noted elsewhere. SK is a better testbed since they also tested huge swaths of people, even those not showing symptoms, and
> CFR is not mortality rate
The CFR of the flu is .1%, which would make COVID more contagious, and 30x more deadly. I'm not sure why the mortality rate matters since given the higher infection rate, COVID would have an even higher mortality rate.
> Life's risky, and you're not comparing honestly.
And the risk from COVID goes up if everyone catches it simultaneously. The CFR goes up even further if hospitals are overwhelmed.
So now you accept that I wasn't off by 2 orders of magnitude, but are pedantically calling out that I wrote "your" even though I specifically wrote "Your lifetime odds in the US" -- which, if we're going to be entirely pedantic, applies to everyone on earth. Maybe look up your numbers and share them?
You're ignoring how people end up addicted to opioids. The shape of the distribution is both entirely irrelevant and you haven't cited your source.
This makes me think your goal is to win an argument instead of having a genuine discussion.
> You claim this with great certainty, but it hasn't been around long enough to know that it won't mutate in annoying ways.
I'm citing data from experts [1].
> ...we've had 4 or more dangerous flus that aren't seasonal (SARS, MERS, H1N1, H5N1, COVID-19).
SARS, MERS and COVID are not flu viruses, they're coronaviridae. H1N1 and H5N1 are mutations/subtypes of the Influenza A virus. The coronaviridae are different.
> And the flaws in that study have been noted elsewhere. SK is a better testbed since they also tested huge swaths of people, even those not showing symptoms...
SK has not tested huge swaths of the population, they've tested around 1%. [2] They may have tested more than most people, but that's not what you claimed. They've tested some not showing symptoms. Huge difference as compared to testing 100% of the population.
> The CFR of the flu is .1%, which would make COVID more contagious, and 30x more deadly.
The study I referenced mentioned 0.1% for the flu vs 0.37% for COVID. Feel free to read it. That would make it 3.7X not 30X. Because the flu has been around so long the fatality rates are largely determined by mathematical modeling, and are very close to the actual fatality rate. On the other hand, we're still figuring it out for COVID.
Yes, its is more contagious. Nobody's argued that.
> And the risk from COVID goes up if everyone catches it simultaneously. The CFR goes up even further if hospitals are overwhelmed.
Which is why, scroll back up, we isolate the vulnerable.
[1] https://www.washingtonpost.com/health/the-coronavirus-isnt-m...
[2] https://www.barrons.com/articles/south-korea-coronavirus-cov...
You're right, but it doesn't make the numbers you're citing any more relevant.
> SARS, MERS and COVID are not flu viruses, they're coronaviridae. H1N1 and H5N1 are mutations/subtypes of the Influenza A virus. The coronaviridae are different.
Who is being pedantic now? The point is that novel viruses are not a once in a lifetime occurrence, so you can't compare the risk of "COVID-19" to "lifetime death rate", since a new novel virus will come along in a few years. The danger is not covid-19 in particular, but novel viruses in general, and doing nothing would lead to a 1-year fatality rate for a novel virus on par with the lifetime danger of driving. Which means the lifetime danger of the virus is 20x or more the danger of driving. That's
> The study I referenced mentioned 0.1% for the flu vs 0.37% for COVID. Feel free to read it. That would make it 3.7X not 30X. Because the flu has been around so long the fatality rates are largely determined by mathematical modeling, and are very close to the actual fatality rate. On the other hand, we're still figuring it out for COVID.
Yes, but the CFR of the flu is well understood. The CFR of COVID-19 is not, and your entire argument is based on one study which is not conclusive, has had some flaws pointed out elsewhere in this thread, and generally doesn't match observed CFR elsewhere.
> Which is why, scroll back up, we isolate the vulnerable.
Which, ask any epidemiologist, doesn't work, since hospitals get overwhelmed anyway. The hospitalization rate of young people is still pretty high (maybe not quite 20% as it is for the overall population, but still more than 10%), they just don't die with reasonable care. There's a fair number of cases of healthy 20-something year olds who end up hospitalized for a week due or more due to COVID and need ventilators. Not to mention healthy something 40 year olds.
Even if you manage to perfectly isolate every at risk person, there's still a nontrivial risk of overwhelming ICUs anyway. And then the fatality rate among young people would go up as they couldn't get good care. And you're not going to perfectly isolate every at risk person. So the you have more young people hospitalized, more old people hospitalized, and well you're in a bad spot.
Or you end up expanding the definition of "at risk" to include "obese, heart disease, diabetes, or high blood pressure", and you've ended up essentially where we are now, with the majority of the US population in an "at risk" group.
> SK has not tested huge swaths of the population, they've tested around 1%
You realize that for population level statistics, that's fine. That means that 490000 tests have returned negative. If, as the Italians think, 10x as many people are infected, somehow there would need to exist 100K+ infected people, showing no symptoms, basically none of whom appeared in the 490000 negative samples. Such a probability is negligible. The sample sizes are large enough to remove the possibility.
Secondly, there is a very wide range of reported fatality rates, with myriad factors known and unknown, so why you've chosen the lowest one globally (which, by the by, has always been an outlier and in any case is edging up past 1%) as the "actual" rate is, again, puzzling.
Finally, you are making a giant but unfortunately common logical error in using these already questionable death counts to make the case for an overreaction without attending to the obvious fact that without this "overreaction" every town, village and city on Earth would be Bergamo, where army lorries are conscripted to transport the dead from overwhelmed mortuaries, or worse.
Do better friendo.
Italy has the highest average age in Europe, and we know the virus is about 100X worse for people over 65 than it is for a 20 year old. Lombardy is the oldest region in the oldest country in Europe. The average age of the dead in Italy is 80.5 and has 3 underlying medical conditions. That's why it's so high there. I specifically called that out in the [EDIT].
I'd suggest doing some more reading.
The demographics in Gangelt skew older too, but otherwise they appear thoroughly average, and a totally reasonable representative sample. Especially as you yourself call out they were "particularly hard hit."
The CFR is always going to suffer from adverse selection bias at this stage because they're only including people sick enough to walk into a hospital, and not folks who were asymptomatic, and not folks who got mild symptoms and didn't tell anyone. That's going to be basically every young person. Only the old end up in hospital and they're dramatically worse hit.
Population studies are not directly comparable. A global CFR of 1.5-2.5% sounds right, but that doesn't mean that's a mortality rate. The mortality rate is closer to 0.37% based on the population study I cited.
You seem to be arbitrarily multiplying and dividing CFR by 2 to fit a narrative. I'd love to see other population data but I think this was the first and only study, which is why the numbers are much different than you're citing.
If 15% of the US had already been infected, then based on the Gangelt study, there would be 200 thousand deaths, and millions hospitalized with severe illness.
You're completely misreading the Gangelt study.