Iceland Is Doing Its COVID-19 Proximity Tracing The Open Source Way

As governments around the world grapple with the problem of tracing those who have had contact with a person known to have been infected with the COVID-19 virus, attention has turned to the idea of mobile apps that can divulge who a person has been near so that they can be alerted of potential infections. This has a huge potential for abuse by regimes with little care for personal privacy, and has been a significant concern for those working in that field. An interesting compromise has been struck by Iceland, who have produced an app for their populace that stores the information on the device and only uploads it with the user’s consent once they have received a diagnosis. We can all take a look, because to ensure transparency they have released it as open source.

On signing up for the scheme a central server stores the details of each user as well as their phone number. When the epidemiologists have a need to trace a person’s contacts they send a notification, and the person can consent to their upload. This is a fine effort to retain user privacy, with depending on your viewpoint the flaw or the advantage being that the user can not have their data slurped without their knowledge. Iceland is a country with a relatively small population, so we can imagine that with enough consent there could be effective tracing.

We installed the Android version on the Hackaday phone to have a look, but unfortunately it seems to need to be in Iceland to be of use enough to explore. We would be interested to hear from our Icelandic readers, to hear their views. Meanwhile readers can juxtapose the Icelandic app with another proposal for a more anonymised version.

Decentralized Privacy-Preserving Proximity Tracing

As we continue through the pandemic, whether we are on lockdown or still at work, there is a chance for all of us that we could still pick up the virus from a stray contact. Mapping these infections and tracing those in proximity to patients can present a major problem to infection control authorities, and there have been a variety of proposals for smartphone apps designed to track users’ contacts via the Bluetooth identities their phones encounter. This is a particular concern to privacy advocates, because there is a chance that some governments could use this as an excuse to bring in intrusive personal surveillance by this means. A group of academics from institutions across Europe have come together with a proposal for a decentralised proximity tracing system that allows identification of infection risk without compromising the privacy of those using it.

Where a privacy-intrusive system might use a back-end database tracking all users and recording their locations and interactions, this one uses anonymised tokens stored at the local level rather than at the central server. When a user is infected this is entered at app level rather than at server level, and the centralised part of the system merely distributes the anonymised tokens to the clients. The computation of whether contact has been made with an infected person is thus made on the client, meaning that the operator has no opportunity to collect surveillance data. After the pandemic has passed the system will evaporate as people stop using it, rather than remaining in place harvesting details from installed apps. They are certainly not the first academics to wrestle with this thorny issue, but they seem to have ventured further into the mechanics of it all.

As with all new systems, it’s probably good to subject it to significant scrutiny before deploying it live. Have a read. What do you think?

We are all watching our authorities as they race to respond to the pandemic in an effective manner, and we hope that should they opt for an app that it does an effective job and they resist the temptation to make it too intrusive. Our best course of action meanwhile as the general public is to fully observe all advised public health measures such as self-isolation or the wearing of appropriate personal protective equipment.

Chatterbox Voice Assistant Knows To Keep Quiet For Privacy

Cruising through the children’s hands-on activity zone at Maker Faire Bay Area, we see kids building a cardboard enclosure for the Chatterbox smart speaker kit. It would be tempting to dismiss the little smiling box as “just for kids” but doing so would overlook something more interesting: an alternative to data-mining corporations who dominate the smart speaker market. People are rightly concerned about Amazon Echo and Google Home, always-listening devices for online retail sending data back to their corporate data centers. In order to be appropriate for children, Chatterbox is none of those things. It only listens when a button is pressed, and its online model is designed to support the mission of CCFC (Campaign for a Commercial-Free Childhood.)

Getting started with a Chatterbox is much like other products designed to encourage young makers. The hardware — Raspberry Pi, custom HAT, speaker and button inside a cardboard enclosure — is conceptually similar to a Google AIY Voice kit but paired with an entirely different software experience. Instead of signing in to a Google developer account, children create their own voice interaction behavior with a block-based programming environment resembling MIT Scratch. Moving online, Chatterbox interactions draw upon resources of similarly privacy-minded entities like DuckDuckGo web search. Voice interaction foundation is built upon a fork of Mycroft with changes focused on education and child-friendliness. If a Chatterbox is unsure whether a query was for “Moana” or “Marijuana”, it will decide in favor of the Disney movie.

Many of these privacy-conscious pieces are open source or freely available, but Chatterbox pulls them all together into a single package that’s an appealing alternative to the big brand options. Based on conversations during Hackaday’s Maker Faire meetup, there’s a market beyond parents of young children. From technically aware adults who lack web API coding skills, to senior citizens unaware of dark corners of the web. Chatterbox Kickstarter campaign has a few more weeks to run but has already reached funding goals. We look forward to having a privacy-minded option in voice assistants.

Wave Bubble Portable RF Jammer

Hack-A-Day friend [Limor] AKA [ladyada] has been promising a portable RF jammer for a while. guess what she sent me for Christmas? The Wave-bubble is a self tuning RF jammer – good for around 20 feet of RF enforced peace. (It outputs .1-.3 watts) With a pair of less efficient antennas, it even fits inside a pack of cigarettes. She’ll never sell these because the FCC would come-a-knockin, but if you’ve got some major skills, you might be able to build one. (I’m going to believe her take on this, I’ve seen her work in person and it’s some damn fine stuff)

Merry Christmas! Get your Design Challenge entries in today!