To ease on the fear mongering front here: This proposal relies on an app implementing these protocols, you're free to uninstall the app after the pandemic - or not install it in the first place. It is furthermore trivial to check if your device sends out these BTLE packets.

It's not a "can we put the genie back in the bottle" scenario if the genie is wearing a bright warning vest announcing its presence everywhere. You can directly measure if it's still there. All other concerns are not technical ones. If you acknowledge digital contact tracing to be a thing, this is better for privacy than any other proposal so far. The framework is designed to prevent abuse even in case it would not go away.

I'm not sure I'd count this as fearmongering. I think I know which way the tradeoffs work in my mind but there's not an unreasonable set of paths that lead to this being more permanent.

Given the broad powers passed recently in the UK they could make having this app a legal requirement to go in any shop if they wanted, and whether apps can be uninstalled reasonably is down to whoever controls the OS.

Would it not make sense to require everyone who is able to to install and use this? Or require Google and apple to force install it?

> they could make having this app a legal requirement to go in any shop if they wanted

If they can legally mandate an "app" they can mandate me having a device to run said "app".

It'd be absolutely absurd to mandate you having a spy with you at all times to exist in society.

"Sorry, don't have a phone, kthx", "Sorry, my phone doesn't use gapps, it's using a custom ROM", and what about these Linux phones?

Yeah, that's not going to work.

The idea that the vast majority of people would not be running a stock OS seems less likely to me than measures like that being introduced.

It's not like that scenario does not worry me either, sure. From a purely "fight the disease, nothing else matters" standpoint, yes, more installs mean better coverage and would make digital contact tracing work more efficiently. I haven't heard of any western government considering such a reductionist approach though, that would not be a proportional response and honestly a bit bizarre. Even in such a case the proposal by Google/Apple would be beneficial since it limits the usefulness of this data for other purposes, being designed with privacy in mind and far less intrusive than other tracking methods we could draw up.

I would still maintain that this nightmare scenario is a problem with any particular government that would implement and misuse such measures, not with an anonymization effort for the BTLE stack. We absolutely should push back against the former and insist on what's missing for a full system to be implemented in a sensible manner without infringing on basic human rights, that's a worthy hill to die on, this particular aspect is not.

If no one requests the locations of positive reports and no one reports the location of positive patients, what left is there that needs to "go away"?

Seems like a pretty good system to me.

Why wouldn't it? Phones used to be trackable based on WiFi MAC address, now it is randomized. General drive is towards avoiding tracking, I don't see any reason why would it change.

Having a standardized framework is a good thing provided it meets certain minimal security and privacy needs. The idea is to enable end users to proactively collect useful data without making the potential for government abuse any worse than it already is.

So long as all data remains on the physical device at all times and any access or export is _always_ actively initiated by the user, I don't see how it makes the current situation any worse. An abusive government can already subpoena or otherwise monitor all the network providers.

> An abusive government can already subpoena or otherwise monitor all the network providers.

The advantage that this tracking proposal provides is that it unfurls contact tracing from one node. Until now, authorities have had to work from a large dataset ( all phones on a mast at a particular time ) inwards; now they can start with one node of interest and expand outwards.

Combined with some other 'temporary' pandemic measures, such as the legal requirement to carry your phone at all times, this provides a huge benefit to any authority.

> such as the legal requirement to carry your phone at all times

In such a hypothetical scenario, how is making this (currently opt-in) framework mandatory any different from requiring you to install a government provided app? Such a government app could trivially log sensor and GPS data, yielding a _far_ more detailed view. The point is that the mere existence of this framework doesn't make the situation any worse than it already is.

Of course it will. These companies could already track you far more efficiently than this allows them to. This system makes tracking LESS efficient, not more. It serves no purpose other than what is stated.

It should go away when you uninstall the app.

I'm sure we'll be told how "it really made a difference" regardless of if it did, and how "we'll need it for the next one."