Hackaday editors Elliot Williams and Mike Szczys pan for gold in a week packed with technological treasure. The big news is Apple/Google are working on contact tracing using BTLE. From adoption, to privacy, to efficacy, there’s a lot to unpack here and many of the details have yet to take shape. Of course the episode also overflows with great hacks like broken-inductor bike chain sensors, parabolic basketball backboards, bizarre hose clamp tools, iron-on eTextile trials, and hot AM radio towers. We finish up discussing the greatest typing device that wasn’t, and the coming and going of the COBOL crisis.
Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!
Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!
Direct download (60 MB or so.)
Episode 064 Show Notes:
New This Week:
Interesting Hacks of the Week:
- A Jaw-Dropping Demo In Only 256 Bytes
- A Dangerous Demonstration Of The Power Of Radio
- Roll Your Own Automation With ESPHome
- Rapid Prototyping System Gives Wheels To Wearables
- A Broken Inductor As A Bike Chain Sensor
- Couldn’t find my link. I was thinking of an old magnet-backed solenoid chain sensor. If you find it, let me know!
- A Basketball Hoop That Never Lets You Brick
Quick Hacks:
- Elliot’s Picks:
- Mike’s Picks:
“You can’t re-identify people”.
Do not think that companies like Google have no way to correlate the contact tracing information with other data to bypass the “anonymizing” feature and correlate the information in a way that reveals who had which code when.
They’re already doing this for website tracking with Google Analytics. Even if you change your IP address regularly, there are other data that correlates you with the new IP so they can keep tracking you across sessions. For example, since Google is hoovering SSID data and GPS data, they already know who are within the same area, and they can see which contact tracking keys are within the same are, so they know to a very great certainty who these people are.
The next step is selling this information to any party interested, or being forced by certain governments to release the information anyways, or having moles inside the organization that relay the data regardless.
Both the EFF and the CCC, as mentioned in my first writeup on this, want to have a plan for disposal of any/all information collected once it’s no longer necessary.
Google does what they say, most of the time. (They also do a lot more than they admit, like browser fingerprinting, etc.) But at least getting the firms with the data on the hook for destroying it at some future time would be a start.
The bigger problem with the giant information collectors is not that they’re doing illegal stuff, it’s that we legally allow them to do so much.
It’s meaningless.
Suppose there’s a secret dossier about you and the EFF/CCC tells Google to delete all information collected regarding the covid tracking software. Alright, but that doesn’t regard all the other information that can be collected into the dossier – so when they tell Google to delete, all they’re doing is crossing over your name from the dossier but leaving all the rest of the information in place. Can’t find anything on your name – it doesn’t exist. Right?
In other words, they pretend not to have information about you, while actually collecting and correlating information about you, by pretending not to know who it is about. It’s just some anonymous “John Doe” – who they can nevertheless identify at any time and add data to the dossier – just like with browser fingerprinting etc.
After all, I don’t need to know your name to follow you around. I can tell it’s you by the beard and the jacket, and the fact that you have a coffee in a particular Starbucks every Thursday. To me you’re the beard-jacket-starbucks guy, plus all the other “anonymous” data I have collected about you that prevents you from hiding by changing your habits slightly.
Google has the weird opt-out cookie thing where they force a tracking cookie on you in order to say to Google that you don’t want them to track you.
Which sounds completely bizarre until you consider what they’re actually doing: they are _constantly_ scouring information about everyone they come across to look for patterns. They record these patterns, which effectively forms the online “you” and because of how the system works, they effectively can’t stop tracking you. Your activity online, with all the data they collect, automatically forms an identifiable presence as Google is continuously recording everything like a virtual CCTV network that simply films everything and everyone all the time.
So in order to be not tracked, you have to actively announce “Hey, it’s me again”, so the system can see that this pattern belongs to this person, and not add any more data to that pattern. By knowing it’s you, they can pretend it’s not you.
But it’s not illegal for them to scour and store this data. All they have to do is make sure that your name or any other direct identifier is not included. Therefore all the opting out does is remove your name from the secret dossier, but keeps all the rest of it in the database. If you ask “what do you have about me?”, they can say, “we don’t know you – nothing under that name” – but they still have the data that an unknown person went to IKEA last week after googling for a new sofa, and this person knows all your friends, works in the same company as you, drives the same brand car as you…
It’s literally one click to add your name back in, since by necessity they have to know which pattern belongs to which person to even theoretically be able to not track you.