1. You clearly didn’t reference the panel where Alice is choosing to upload data with exempting sections from it.
3. Yea, that’s great and all. The point is that you may compelled to upload your contacts - NOT your beacons. You are collecting people you met. You likely do understand some of the ways contract testing could be abused. Think about police trying to prove contact with someone they do have beacons for.
5. So why bother with passcodes, or any security at all anywhere for any new or existing feature? This is a slight evolution on “I have nothing to hide”.
1. That's exactly what I was referencing? i.e. I interpreted your saying "with a lot of assumptions. Like that Alice can limit what she reports" as saying "a feature of the protocol, explicitly mentioned in the comic, is an assumption not to be trusted." Whereas that's an option which is already in the preliminary demo apps.
3. Indeed, they can use this to prove that two people who are both under surveillance/investigation were in the same area as each other. That's a risk, but not as severe of a risk as the general fear I've seen around this protocol.
5. That's my point. If you don't trust your implementer to actually implement the security feature, you're screwed anyway. You have to trust someone, and by using a modern phone you are implicitly trusting Apple and Google. Or at least trusting their employees to make a big stink if lines are crossed.
3. Yea, that’s great and all. The point is that you may compelled to upload your contacts - NOT your beacons. You are collecting people you met. You likely do understand some of the ways contract testing could be abused. Think about police trying to prove contact with someone they do have beacons for.
5. So why bother with passcodes, or any security at all anywhere for any new or existing feature? This is a slight evolution on “I have nothing to hide”.