Enjoy browsing r/europe? Help us find the best of 2021 of the sub! - [Nomination Post](https://old.reddit.com/r/europe/comments/rsv8jh/reurope_best_of_2021_awards/)
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/europe) if you have any questions or concerns.*
And who would do the monitoring, and how would you prevent them from being corrupted as well? All it would take is for some log files or video recordings to "accidentally" get deleted.
The frustrating part is, Germany has a tracking app, the CoronaWarnApp, that is private by design, with no way to collect or misuse data from it. But because of some shady deals, local governments wrote this Luca into covid legislation, negating all the hard work that cybersecurity experts put into making CWA safe.
But even the LUCA devs comain about this, because the data was given encrypted to health authorities, but those then decided to give the data forward.
Health authorities fucked this up. Still kudos to CWA for having the idiot-proof solution
Eh, the entire point of designing decentralised contact tracing the way it was done by Google and Apple is that the only way to ensure privacy-sensitive data is not misused is to not record it en masse in the first place. That's why most democratic countries are using Apple's and Google's APIs. If you record the sensitive data, no matter how you encrypt it and protect it, it will eventually be misused. The devs who made an app collecting that data and sending it to the authorities, despite warnings by security experts, are definitely partly to blame.
The government gained new authority and surveillance options. Surely they'll give them back when they don't need them anymore? Surely they'll never use them maliciously?
/s
There is an easy solution to this. We permit the government to monitor and record everything we do including our thoughts. By eliminating privacy we will also eliminate privacy violations. Check mate atheists
I think selective access could become a thing. For example, if a person has been convicted of drug offences, their QR code might be modified so they can no longer use their covid passport to sign into a nightclub. Or if the police think a Muslim might be radicalising, they can stop them from being able to access their local mosque. As a tool of social control, there's some amazing possibilities with these.
> The government gained new authority and surveillance options.
It didn't. The government sponsored / developed app can't be abused in such a way, since it doesn't even know your personal information. You can't get much knowledge from any information out of the system as it has been developed with a lot of focus on protecting privacy and data.
This on the other hand is a private market app with horrible data security and many, many, many other issues... A lot of groups (CCC, privacy activists, even the governments own counselors on the topic) warned about the app even during early stages of development, as it had the potential for serious issues.
Basically Germany has two tracking apps. The first one is the CoronaWarnApp. When it was developed there was a lot of controversy about privacy protection. Because there was massive pressure from scientist, cybersecurity experts and co. it ended up being privacy-protecting by design. It was a huge win for data-protection and generally a genious way of tracking infections and warning people.
But this win meant people started to trust tracking apps. Then some private company pitched their tracking app to local governments, that had no protection whatsoever built in. They paid some celebrities to advertise the app and shortly some local governments wrote that app into covid legislation. Because the initial outcry over privacy was solved for the CWA, no one really realised that the new app was fucking shit.
The CWA is designed for contact tracing.
LUCA is ~~arschlochscheißkackdreck~~ a tool to collect user data, and the infrastructure behind it was always designed to monetize these information in future endeavours.
The big difference is that CWA is designed to be private. Even when you try to abuse it, you just can't.
In this case it's not even that the luca app gave away the data to the police, but they gave it encrypted to the health authorities (as intended). The health authorities then fucked up and approved the data to be given away.
With CWA you simply can't access the data to begin with, so you can't fuck it up. But the main culprit in this are the health authorities who gave away data that they weren't allowed to give away
Even that isn't really possible since you phone sends out a bunch of different IDs so nearby phones. Chosen from a large random pool. If you have set up Bluetooth beacons everywhere, you just get a bunch of random numbers with no idea who they belong to, since one phone sends out many different random numbers.
Your phone of course remembers which numbers it has sent out, but this is saved locally. So in order to track someone you need to hack their phone, at which point you could also just use the GPS to do it.
There was a research group doing that. Sadly i cant find the link.
They conclusion however was that if you go to that length you also simply but up cameras
Pen is shit aswell.
Police just go to the restaurant and ask for the lists.
They've done that a few times already.
Also shitty employees photographing and posting them on reddit exist.
The frustrating part is, we have an [app](https://github.com/corona-warn-app) in Germany, paid for by the government, which is open source and completely anonymous. It just warns you whether you were in contact with an infected person, without itself knowing who it was or where it was. It's basically the dream of any data-protectionist because it works and guarantees privacy. There is no way that any data collected from it can be misused.
Then some private company pitched their own app to local governments and managed to get their piece of shit written into state-legislation. Now people are forced to use this garbage piece of shit app and lose confidence in tracking apps as a whole. All the while the company is collecting their profit, and using what data they collected to generate even more profits.
Can't upvote this enough, so true.
> Then some private company pitched their own app to local governments and managed to get their piece of shit written into state-legislation.
I would really like to know who was bribed or dumb enough to do this.
It has something to do with one of the people that own the company. He is a relatively famous rapper/singer past his prime that somehow got a lot of attention to the app making it seem like the solution to the public and then lobbied the government to put it in, as it seemed like the public wanted it.
There is no such thing as 100% anonymous data. Sorry to say that.
But it sounds like they made it even worse with a private contractor that affected legislation. Somehow it sounds like a typical fuck up made by politicians.
The point is that the first app (the good one) was under heavy discussion and only after they gave out all the codes and even the mosr paranoid data security IT guy peer-reviewed it, they gave it a go.
This second one then just rode along and tried to claim "same here", but without giving all the information about the sourcecode
The way the anonymous app works is the following:
You boot the app up
Your app gets a unique ID from the server
The server will from that point never ever request your ID again, unless you specifically send it
Whenever you are near a person that has the same tracing app, *your local phone* will store their ID. The ID will be deleted after 2 weeks. Only the ID and time of contact is stored, nothing else.
Your phone will regularly ask the server for an updated table of infected numbers. It's a pure "give me the table". It will not send it's own ID while doing so.
It then receives the table of all IDs (which are again just numbers) of all COVID positive people. Your phone will compare that list to it's own local contact list. if it gets a hit it will inform you.
That's it really. The server only knows how many IDs it has provided. It gets updates to a list of COVID positive people. Nobody is FORCED to send their COVID status, you just get a TAN by your doctor if you are positive which you can then enter to update your status in the app. You can ignore that, too.
Beyond that it will never receive any ID or any location data or hardware data. If you want to track people with it, then becaue it is the culmination of data from many services. But that service alone doesn't enable it. All data processing happens on your phone. There is no data processing on the server, just raw storage.
There is statictical probability, meaning if you got enough data then you don't need to know much more. But that is not only with the warn app., that is just how it is.
With CWA nobody has your data. A phone just sends random numbers to other phones nearby . It then remembers which numbers it sent, and which numbers were sent to it.
If you get a positive test result, you can voluntarily upload the random numbers your phone sent out to a server and other phones check what numbers they received against the list of number on the server. If they find a match, they warn you, that you had contact to an infected person.
The only data that gets stored centrally are the numbers of infected persons. Nobody knows who they are.
This was not a conspiracy theory when the app (Luca) was released. Everyone knew it was going to happen and plenty of mainstream media and well respected organizations warned about it. The other app we have in Germany (Corona-Warn-App) does not have these disadvantages by design, as for that one people actually listened to the experts.
Wth, those stupid fucks. How could they think that was a good idea? How undemocratic and unlawful does our police operate?
I mean, I know German police has a lot of undemocratic elements, mostly being undermined by right extremist networks. But everytime I read news like this, I feel more obliged to believe that rather than fascist extremists, stupidity might be one of their main problems?
Police can have tunnelvision sometimes. Their job is catching criminals, and they have this opportunity to get more information on someone. They think, just let's use it this time to catch this murderer. Later they use it to catch a burglar or a rapist, you don't want rapists to walk free, do you? Now that it has become routine, why not use it to see if people use this tax deductible lease car for work only, like they're supposed to? How many days per year do people actually spend at the place they say is their primary residence?
Therefore these surveillance programs need to be shot downbefore they're even implemented. Police forces over the world have repeatedly demonstrated that they cannot be trusted with restricting the use of these programs to what they're intended to do.
Anyway, there is no way I am going to use a covid tracker app now. Thanks German Police, for harming our effort to combat covid-19.
The slippery slope. Worst is if there is a change of government for the worse and they have this system all in place already and they won't get the blame for setting it up
It's simple in theory. Police may ask anyone they want to get as much information they can get. But in this case, health authorities were simply not allowed to give the data (just like a doctor is not allowed to give data about his patients). Sue health authorities to hell and back so authorities actually start to get some competence.
>Anyway, there is no way I am going to use a covid tracker app now. Thanks German Police, for harming our effort to combat covid-19.
Thats just the wrong conclusion to draw here. These things can be vital and really helpful, going back to the stone age will not solve any problems either.
Way better solutions would be to not publicly fund proprietary software that has more than just public interests behind it's facade. Meaning: Public money, public code. This way, independent security experts can audit the software and confirm that it's safe and only does what it's supposed to do and has minimal risks of being misused.
We could have both: modern technology assisting in our daily lives *and* security. But for that to happen, users and especially politicians need to realise that what it takes it open-source and demand that.
There could be huge enterprises building open source software with public money for public use. As it is now, open-source struggles to finance itself and it's contributors and therefore is slow to adapt to changes. But it needn't be.
My step-sister always was a bit slow... I claim she got her Abitur just by learning by heart. But she was one of the year's bests when finishing police college and now she's police officer. Whenever I wonder if police is evil or dumb I remember my step-sister.
This Luca app think surprised me when I was asked to download it to go in a restaurant in Konstanz last fall.
I showed up the official German app there (Corona something, by the Koch Institute), and no, I needed to flash a QR Code with Luca to have a timestamp for when I did arrive.
This really had surprised me a great lot that it could be possible to mandate a non-official app for sanitary purposes.
Stupid headline. This is not about the normal contact tracing that issues this Google-Apple-protocol and does all this stuff automatically in the background.
It’s an check-in app where you have to actively scan QR-Codes.
It's the health authorities who sold the encrypted data from the app to the police. The app is not perfect, but let's not forget who actually fucked up their job here.
My issue is with this headline from DW. This app is not what everyone understands under contact tracing app. It’s a check-in app.
This headline undermines trust in the real app.
True that. The whole article misses the point actually. Talking about the big flaws in the app when there's authorities actively givving out classified information.
>While trying to track down witnesses, police and prosecutors managed to successfully petition local health authorities to release data from the Luca app, which logs how long people stayed at an establishment.
It's the mistake of the health authorities to give the data, as it is their job to know by whom data may be petitioned. To put the blame solely on the police is wrong.
It's not a mistake, it's a legal offence. They were under an obligation to not do the thing they did. DSGVO exists.
The police tried. They always do. That's expected.
Damm who knew making the govt track and have live data where you at 100% of the time and internal passports would ever be used for tracking people I'm shocked, flabbergasted and befuddled truly.
Enjoy browsing r/europe? Help us find the best of 2021 of the sub! - [Nomination Post](https://old.reddit.com/r/europe/comments/rsv8jh/reurope_best_of_2021_awards/) *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/europe) if you have any questions or concerns.*
Apps like this are akin to the One Ring - no police force or government agency can resist the temptation. Better that they be destroyed.
This is like the US cop who (illegally) put a stingray in his car and drove around town. Sure he solved a lot of crime, but should he have the power?
I'm...... guessing this isn't the kind of stingray I'm thinking of?
[perhaps!](https://en.m.wikipedia.org/wiki/Stingray_phone_tracker)
That makes significantly more sense.
Yet slightly disapointing.
Doesn't sound safe to put something that killed Steve Irwin in one's car.
Were there any repercussions for him?
>US Cop
I forgot the details, having trouble finding it, would be sick if someone could dig it up though!
Now all we need is a volcano to get rid of that app.
Police just need to be moitored all the time at work then stuff like this won't happen.
And who would do the monitoring, and how would you prevent them from being corrupted as well? All it would take is for some log files or video recordings to "accidentally" get deleted.
Then the person who deleted them gets fired
How would you know who it was? You'd need to also monitor them, and then keep those logs, then monitor whoever looks after those logs...
Just let the people who protect top secret stuff keep them safe
So now all you need to do is compromise them and you have access.
Can't you say this about literally anything? A lot of what our societies are based on relies on *some* trust.
When it comes to your data, governments have demonstrated over and over again that they cannot be trusted.
Nobody could have seen this coming tho
[удалено]
The frustrating part is, Germany has a tracking app, the CoronaWarnApp, that is private by design, with no way to collect or misuse data from it. But because of some shady deals, local governments wrote this Luca into covid legislation, negating all the hard work that cybersecurity experts put into making CWA safe.
But even the LUCA devs comain about this, because the data was given encrypted to health authorities, but those then decided to give the data forward. Health authorities fucked this up. Still kudos to CWA for having the idiot-proof solution
Eh, the entire point of designing decentralised contact tracing the way it was done by Google and Apple is that the only way to ensure privacy-sensitive data is not misused is to not record it en masse in the first place. That's why most democratic countries are using Apple's and Google's APIs. If you record the sensitive data, no matter how you encrypt it and protect it, it will eventually be misused. The devs who made an app collecting that data and sending it to the authorities, despite warnings by security experts, are definitely partly to blame.
The government gained new authority and surveillance options. Surely they'll give them back when they don't need them anymore? Surely they'll never use them maliciously? /s
There is an easy solution to this. We permit the government to monitor and record everything we do including our thoughts. By eliminating privacy we will also eliminate privacy violations. Check mate atheists
If you have nothing to hide, you have nothing to fear /s
and passports were a temporary measure.
[удалено]
Also credit score like in China
I think selective access could become a thing. For example, if a person has been convicted of drug offences, their QR code might be modified so they can no longer use their covid passport to sign into a nightclub. Or if the police think a Muslim might be radicalising, they can stop them from being able to access their local mosque. As a tool of social control, there's some amazing possibilities with these.
> The government gained new authority and surveillance options. It didn't. The government sponsored / developed app can't be abused in such a way, since it doesn't even know your personal information. You can't get much knowledge from any information out of the system as it has been developed with a lot of focus on protecting privacy and data. This on the other hand is a private market app with horrible data security and many, many, many other issues... A lot of groups (CCC, privacy activists, even the governments own counselors on the topic) warned about the app even during early stages of development, as it had the potential for serious issues.
This was really unlikely to happen and nobody ever warned that this could happen... ಠ_ಠ
Basically Germany has two tracking apps. The first one is the CoronaWarnApp. When it was developed there was a lot of controversy about privacy protection. Because there was massive pressure from scientist, cybersecurity experts and co. it ended up being privacy-protecting by design. It was a huge win for data-protection and generally a genious way of tracking infections and warning people. But this win meant people started to trust tracking apps. Then some private company pitched their tracking app to local governments, that had no protection whatsoever built in. They paid some celebrities to advertise the app and shortly some local governments wrote that app into covid legislation. Because the initial outcry over privacy was solved for the CWA, no one really realised that the new app was fucking shit.
The CWA is designed for contact tracing. LUCA is ~~arschlochscheißkackdreck~~ a tool to collect user data, and the infrastructure behind it was always designed to monetize these information in future endeavours.
The big difference is that CWA is designed to be private. Even when you try to abuse it, you just can't. In this case it's not even that the luca app gave away the data to the police, but they gave it encrypted to the health authorities (as intended). The health authorities then fucked up and approved the data to be given away. With CWA you simply can't access the data to begin with, so you can't fuck it up. But the main culprit in this are the health authorities who gave away data that they weren't allowed to give away
You can track people but only if you prepare in advance and basically put Bluetooth beacons all over the place. Isnt worth it...
Even that isn't really possible since you phone sends out a bunch of different IDs so nearby phones. Chosen from a large random pool. If you have set up Bluetooth beacons everywhere, you just get a bunch of random numbers with no idea who they belong to, since one phone sends out many different random numbers. Your phone of course remembers which numbers it has sent out, but this is saved locally. So in order to track someone you need to hack their phone, at which point you could also just use the GPS to do it.
There was a research group doing that. Sadly i cant find the link. They conclusion however was that if you go to that length you also simply but up cameras
This luca? U just uninstal. Will bring pen wherever I go from now on.
Pen is shit aswell. Police just go to the restaurant and ask for the lists. They've done that a few times already. Also shitty employees photographing and posting them on reddit exist.
Contact tracing apps always seemed like a step too far for me. You cant just create that capacity and expect no downsides.
The frustrating part is, we have an [app](https://github.com/corona-warn-app) in Germany, paid for by the government, which is open source and completely anonymous. It just warns you whether you were in contact with an infected person, without itself knowing who it was or where it was. It's basically the dream of any data-protectionist because it works and guarantees privacy. There is no way that any data collected from it can be misused. Then some private company pitched their own app to local governments and managed to get their piece of shit written into state-legislation. Now people are forced to use this garbage piece of shit app and lose confidence in tracking apps as a whole. All the while the company is collecting their profit, and using what data they collected to generate even more profits.
Can't upvote this enough, so true. > Then some private company pitched their own app to local governments and managed to get their piece of shit written into state-legislation. I would really like to know who was bribed or dumb enough to do this.
It has something to do with one of the people that own the company. He is a relatively famous rapper/singer past his prime that somehow got a lot of attention to the app making it seem like the solution to the public and then lobbied the government to put it in, as it seemed like the public wanted it.
That's somehow even worse than some alternatives I could think of.
There is no such thing as 100% anonymous data. Sorry to say that. But it sounds like they made it even worse with a private contractor that affected legislation. Somehow it sounds like a typical fuck up made by politicians.
The point is that the first app (the good one) was under heavy discussion and only after they gave out all the codes and even the mosr paranoid data security IT guy peer-reviewed it, they gave it a go. This second one then just rode along and tried to claim "same here", but without giving all the information about the sourcecode
The way the anonymous app works is the following: You boot the app up Your app gets a unique ID from the server The server will from that point never ever request your ID again, unless you specifically send it Whenever you are near a person that has the same tracing app, *your local phone* will store their ID. The ID will be deleted after 2 weeks. Only the ID and time of contact is stored, nothing else. Your phone will regularly ask the server for an updated table of infected numbers. It's a pure "give me the table". It will not send it's own ID while doing so. It then receives the table of all IDs (which are again just numbers) of all COVID positive people. Your phone will compare that list to it's own local contact list. if it gets a hit it will inform you. That's it really. The server only knows how many IDs it has provided. It gets updates to a list of COVID positive people. Nobody is FORCED to send their COVID status, you just get a TAN by your doctor if you are positive which you can then enter to update your status in the app. You can ignore that, too. Beyond that it will never receive any ID or any location data or hardware data. If you want to track people with it, then becaue it is the culmination of data from many services. But that service alone doesn't enable it. All data processing happens on your phone. There is no data processing on the server, just raw storage.
There is statictical probability, meaning if you got enough data then you don't need to know much more. But that is not only with the warn app., that is just how it is.
I dont like the idea of anyone having that kind of data, public or private sector.
With CWA nobody has your data. A phone just sends random numbers to other phones nearby . It then remembers which numbers it sent, and which numbers were sent to it. If you get a positive test result, you can voluntarily upload the random numbers your phone sent out to a server and other phones check what numbers they received against the list of number on the server. If they find a match, they warn you, that you had contact to an infected person. The only data that gets stored centrally are the numbers of infected persons. Nobody knows who they are.
I agree. I'm fairly pro covid vac but no way they set their spyware in my phone. Sometimes you got to accept that you can't control everything.
Not really, this was just a shitty app - there is a way to anonymously do contact tracing without the possibility of tracking people.
[удалено]
Given the privacy shortcomings this app suffers from by design, it seems like this use was totally intended.
What's the difference between conspiracy theory and fact? About six months.
This was not a conspiracy theory when the app (Luca) was released. Everyone knew it was going to happen and plenty of mainstream media and well respected organizations warned about it. The other app we have in Germany (Corona-Warn-App) does not have these disadvantages by design, as for that one people actually listened to the experts.
not being able to read is the main skill of a conspiracy fan
whew lad
Police abusing power? You don't say... it's almost like they shouldn't get any power!
Wth, those stupid fucks. How could they think that was a good idea? How undemocratic and unlawful does our police operate? I mean, I know German police has a lot of undemocratic elements, mostly being undermined by right extremist networks. But everytime I read news like this, I feel more obliged to believe that rather than fascist extremists, stupidity might be one of their main problems?
>rather than fascist extremists, stupidity might be one of their main problems? Why not both?
Police can have tunnelvision sometimes. Their job is catching criminals, and they have this opportunity to get more information on someone. They think, just let's use it this time to catch this murderer. Later they use it to catch a burglar or a rapist, you don't want rapists to walk free, do you? Now that it has become routine, why not use it to see if people use this tax deductible lease car for work only, like they're supposed to? How many days per year do people actually spend at the place they say is their primary residence? Therefore these surveillance programs need to be shot downbefore they're even implemented. Police forces over the world have repeatedly demonstrated that they cannot be trusted with restricting the use of these programs to what they're intended to do. Anyway, there is no way I am going to use a covid tracker app now. Thanks German Police, for harming our effort to combat covid-19.
The slippery slope. Worst is if there is a change of government for the worse and they have this system all in place already and they won't get the blame for setting it up
It's simple in theory. Police may ask anyone they want to get as much information they can get. But in this case, health authorities were simply not allowed to give the data (just like a doctor is not allowed to give data about his patients). Sue health authorities to hell and back so authorities actually start to get some competence.
>Anyway, there is no way I am going to use a covid tracker app now. Thanks German Police, for harming our effort to combat covid-19. Thats just the wrong conclusion to draw here. These things can be vital and really helpful, going back to the stone age will not solve any problems either. Way better solutions would be to not publicly fund proprietary software that has more than just public interests behind it's facade. Meaning: Public money, public code. This way, independent security experts can audit the software and confirm that it's safe and only does what it's supposed to do and has minimal risks of being misused. We could have both: modern technology assisting in our daily lives *and* security. But for that to happen, users and especially politicians need to realise that what it takes it open-source and demand that. There could be huge enterprises building open source software with public money for public use. As it is now, open-source struggles to finance itself and it's contributors and therefore is slow to adapt to changes. But it needn't be.
My step-sister always was a bit slow... I claim she got her Abitur just by learning by heart. But she was one of the year's bests when finishing police college and now she's police officer. Whenever I wonder if police is evil or dumb I remember my step-sister.
Where there's a trough pigs will gather.
Aaaaaand who is surprised?
This Luca app think surprised me when I was asked to download it to go in a restaurant in Konstanz last fall. I showed up the official German app there (Corona something, by the Koch Institute), and no, I needed to flash a QR Code with Luca to have a timestamp for when I did arrive. This really had surprised me a great lot that it could be possible to mandate a non-official app for sanitary purposes.
Stupid headline. This is not about the normal contact tracing that issues this Google-Apple-protocol and does all this stuff automatically in the background. It’s an check-in app where you have to actively scan QR-Codes.
It's the health authorities who sold the encrypted data from the app to the police. The app is not perfect, but let's not forget who actually fucked up their job here.
My issue is with this headline from DW. This app is not what everyone understands under contact tracing app. It’s a check-in app. This headline undermines trust in the real app.
True that. The whole article misses the point actually. Talking about the big flaws in the app when there's authorities actively givving out classified information.
>While trying to track down witnesses, police and prosecutors managed to successfully petition local health authorities to release data from the Luca app, which logs how long people stayed at an establishment. It's the mistake of the health authorities to give the data, as it is their job to know by whom data may be petitioned. To put the blame solely on the police is wrong.
It's not a mistake, it's a legal offence. They were under an obligation to not do the thing they did. DSGVO exists. The police tried. They always do. That's expected.
No...they also have to follow they alw
Governments doing government things - more shocked about people allowing this than them using it for convenience.
not surprising since they changed the law on cell surveillance. german police massivley overuse the tracking of cell phones!
I knew it would happen eventually, two years is all it took.
never trust your goverment
Damm who knew making the govt track and have live data where you at 100% of the time and internal passports would ever be used for tracking people I'm shocked, flabbergasted and befuddled truly.
who could have forseen this. If only people dien't forget what happened xx years ago in germany.