0xBeefFed's comments

0xBeefFed | 5 years ago | on: Facebook to staff: Avoid company-branded clothing for own safety

My understanding is they added this for legal reasons. Users were not aware Instagram and WhatsApp were owned by Facebook and legislators had issue with that.

0xBeefFed | 5 years ago | on: How to Learn Everything: The MasterClass Diaries

This is interesting, and is reflected in some other comments, but I have always gone under the assumption that you will only learn things once so it is best to learn them the correct way. This mostly holds true in an academic situation though in my experience, and I have applied it as such.

0xBeefFed | 5 years ago | on: Facebook account now required to login to Oculus devices

I guess now is the time to look into how to root the console and install a custom ROM in a similar fashion to de-Googling your android phone. There is already enough support in the community for side-loading APKs and the like. Does anyone know of any ways to achieve this?

0xBeefFed | 5 years ago | on: LifeLabs goes to court to block privacy watchdogs from probing 2019 data breach

Write to your MP. Not that they will do anything - Maybe you'll be luckier than me and wont get a canned response about how they are "working hard to stop this" without taking action.

0xBeefFed | 5 years ago | on: Pompeo tells Congress Hong Kong is no longer autonomous from China

https://www.levels.fyi/Salaries/Software-Engineer/Canada/

Just be aware, the data is supposed to be in USD, but some people may still be reporting CAD.

0xBeefFed | 5 years ago | on: Ask HN: What are the other websites you visit daily?

Bit late to the party. I checked out thebrowser.com but there is no mention of the subscription cost anywhere - it seems they won't tell you until you give them your email. Would you know the cost per billing period? It seems like a cool service but I'm curious how their cost compares to something like the economist (different information, I know).

0xBeefFed | 5 years ago | on: NHS rejects Apple-Google coronavirus app plan

That does not seem to line up with their cryptography specification, which is where I am getting my information from. Thank you for mentioning this

0xBeefFed | 5 years ago | on: NHS rejects Apple-Google coronavirus app plan

If you have a Bluetooth receiver logging the different IDs you've come in proximity with and when, its easy to deduce who the positive user is by who you were in proximity of at that time.

0xBeefFed | 5 years ago | on: NHS rejects Apple-Google coronavirus app plan

If a user is in close confinement with someone they fear will lash out at them if they test positive, for one. Off the top of my head, lets say you take an Uber home and the driver now has your home address, you don't know if they will try and attack you.

This is an example off the top of my head, as other comments in this thread have explained, violence against people who have the virus is happening around the world and is something that must be accounted for in these protocols.

Edit: a link to a story from another comment (https://www.washingtonpost.com/world/the_americas/coronaviru...). I hope you can see that this technology can worsen this.

0xBeefFed | 5 years ago | on: NHS rejects Apple-Google coronavirus app plan

I appreciate you looking at the other side. To explain my view point, in this system it seems like all of the risk is put on the infected party who reports themselves. By decreasing the level of control they have, I believe you will see a decrease in the number of adoptions. It is valid to think about the non-infected user wanting to have this information, but today they don't even have this information so to even know they were exposed on their commute is above and beyond what is in place today.

I guess my original comment is a bit vague. When I look at these protocols I am interested in how large scale adversaries (Nation State) would use this technology, but also small scale adversaries (day-to-day person you are not friendly with). I think its also important to note as others have, that being outed as having the virus does put people at risk of violence in some places.

0xBeefFed | 5 years ago | on: NHS rejects Apple-Google coronavirus app plan

The protocol states that it will upload the Diagnosis Keys, a set of Daily Tracing Keys relevant to your exposure. So in short, if this is the case it forces the user to either upload all their keys or none.

I would like to note that a v1.1 has recently been released, my information is about v1.0.

0xBeefFed | 5 years ago | on: NHS rejects Apple-Google coronavirus app plan

I think its important to give the power to the people by allowing them to omit tokens from sensitive time points. In the current protocol, that means losing a whole days worth of contacts. If you reduce the period to an hour, you still allow people to share the contacts made on their commute or their lunch break without divulging or tracing them back to more sensitive time periods they don't want to be traced back to.

0xBeefFed | 5 years ago | on: Germany flips to Apple-Google approach on smartphone contact tracing

Emailing you now.

0xBeefFed | 5 years ago | on: NHS rejects Apple-Google coronavirus app plan

The issue is, if your putting the risk on infected users, what is the benefit to them to release their tokens? They are already at risk, this just makes them bigger targets.

0xBeefFed | 5 years ago | on: NHS rejects Apple-Google coronavirus app plan

So all of the tokens are being put on a central server. Today, governments use WiFi and Bluetooth to track traffic. It is not far fetched to see that your commute from point A to B could be tracked using Bluetooth receivers in transit stations.

This technology is currently being used to track people today. The use of Bluetooth address randomization does not do a sufficient job to prevent this, the only option is to not use Bluetooth.

It is important that people are aware of these risks. I am fortunate to live in a place where I can live my life without scrutiny from the government, but not all are afforded such a luxury.

0xBeefFed | 5 years ago | on: NHS rejects Apple-Google coronavirus app plan

The difference is that the old system relied on human memory which is fallible, not to mention you can omit details which would lead to further trouble (infidelities for one). In this system the only control a user has is to turn off bluetooth, or leave their phone at home if Apple/Google override the users ability to turn this off.

0xBeefFed | 5 years ago | on: NHS rejects Apple-Google coronavirus app plan

The unlinked DP-3T is one extreme, there is a happy medium if developers don't want to use Cuckoo Filters or Bloom Filters due to false positives, which is to decrease the linkable period. If the period was an hour, people could freely share legitimate tokens for their commute, but hide the ones where they had an hour long 1-1 with their manager.

0xBeefFed | 5 years ago | on: NHS rejects Apple-Google coronavirus app plan

It should be noted that your privacy is not preserved if you test positive and need to upload your Daily Tracing Keys to a server. Your broadcast IDs for an entire day can be linked together, making it easier to de-anonymize you. I understand that they use Daily Tracing Keys to reduce the demand of the backend server, but I think it would be better for user privacy if they either reduced the linkable period from a day to say an hour, or used an unlinkable design.

0xBeefFed | 5 years ago | on: Germany flips to Apple-Google approach on smartphone contact tracing

This is definitely by design. The Cuckoo Filter relies on hashes of the input so there is a chance of collisions. My understanding is a Cuckoo Filter is a recent extension of a Bloom Filter, if you're familiar with those.

0xBeefFed | 5 years ago | on: Germany flips to Apple-Google approach on smartphone contact tracing

Thank you! That is really nice to hear.