What you need to know about contact tracing apps and privacy

An illustration of COVID-19 contact tracing apps.

Nearly all public health experts say we will have to employ testing and tracing on a massive scale to combat the spread of COVID-19. This has led a number of countries and tech companies to develop coronavirus contact tracing apps for smartphones. The idea is that such an app would allow someone who tested positive to share a complete record of who they had been in contact with. 

While some questions have been raised about whether this type of tracking is the solution, it could be an effective tool in any national test-and-trace program. However, if the idea of a government agency monitoring you makes you uneasy, you are not alone. Such apps represent a type of surveillance that many are uncomfortable with. 

Some developers have taken this into consideration and are building systems that protect the privacy of their users. Other contact tracing apps have done little to keep user data secure and private, opening the door to the misuse of data and abuse of privacy. 

Our core mission is to protect the rights to privacy and freedom, so our security team has examined the most popular contact tracing protocols to assess their potential for abuse. This article will give examples of good, flawed, and bad approaches to contact tracing from a privacy perspective. This is not meant to be an exhaustive list of all the contact tracing protocols. Rather, it should help you identify the key points that bolster or undermine a protocol’s privacy protections. 

Why this is important

Given the enormity of the challenge COVID-19 poses, it is important we get this right. We must do what we can to control the spread of the virus while still protecting our fundamental human rights. 

History has shown us that surveillance regimes are easier to build than they are to dismantle. The Snowden revelations taught us that we must always be vigilant when protecting our right to privacy. We must design any contact tracing system with care to ensure we do not create an invasive data collection system that could be used to monitor citizens after this crisis is over or for activities that have nothing to do with containing the virus. 

Additionally, privacy protections are crucial to the efficacy of any contact tracing program that uses apps. To have a measurable impact, a contact tracing app will need to have near-universal uptake among smartphone users. If users refuse to download or use an app because of privacy concerns, it will be less useful in preventing the spread of the disease.

Approaches that are private by design

There is currently a race to develop an app that can quickly register if you spent enough time around someone in close enough proximity that disease transmission could have taken place. Governments, academics, and private businesses are all working on protocols, or the set of instructions that governs how electronic devices communicate, for these apps. The slight differences in how these protocols collect and report data can have profound impacts on their users’ privacy.

Two protocols that have done a good job avoiding some of the privacy pitfalls that are inherent in any contact tracing app are the Decentralized Privacy-Preserving Proximity Tracing (DP-3T) and Temporary Contact Numbers (TCN) protocols. 

Although these protocols were developed by different teams, they take similar approaches to the problem and, therefore, have similar strengths. Both protocols are open source, minimize the amount of data that is collected, and do not collect geo-location information. They rely on temporary ID codes that the app shares via Bluetooth with other devices within a six-foot radius to log encounters between individuals. The primary difference between these two protocols is how they generate and log these temporary ID codes.

Both of these protocols store your contact log (the record of the people you encountered throughout the day) locally on your device. But the feature that sets DP-3T and TCN apart from other Bluetooth-based contact tracing apps is that they use a decentralized report processing protocol. If you test positive for COVID-19, these apps share their secret keys from the time period you were contagious with a central server. Using those keys, the server can derive all the temporary IDs your app encountered and create a report. The apps on all devices then check their local contact logs against that report. If the app detects a match, that user will know they should quarantine themselves. Because the reports are verified locally on users’ devices and not by the central server, the central server cannot identify any contact log or user.

If it is still unclear how this system works, this comic does a good job explaining it

This decentralized approach makes it very difficult for any one organization or actor to abuse the data. The data that is public is anonymous, and the sensitive data never leaves an individual’s device. Another critical aspect of both these protocols is that the app deletes data after 14 days (which is the amount of time someone can be asymptomatic while still being sick with COVID-19). This means that once the coronavirus outbreak has been dealt with, there will not be any database left behind for governments or corporations to use. 

Countries that have adopted or support apps that use DP-3T or TCN (or a similar protocol that uses decentralized report processing) include:

  • Switzerland
  • Austria
  • Estonia
  • Finland
  • Italy

The Google/Apple Exposure Notification system, which is an application programming interface designed to make it easier for contact tracing apps to work with the Android and iOS operating systems, requires decentralized storage of data and is inspired by DP-3T.

Flawed approaches

Similar to DP-3T and TCN, the Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) and BlueTrace protocols rely on Bluetooth to send and receive temporary ID codes to log encounters between individuals. They also are open source, minimize the amount of data collected, and do not collect geo-location data. However, PEPP-PT and BlueTrace rely on a centralized server to generate the temporary ID codes, which an analysis from the DP-3T developers claims could let the server identify the individual behind any temporary code and trace their movements. 

PEPP-PT and BlueTrace also rely on centralized report processing. If you test positive for COVID-19 and you are using one of these apps, you must upload your entire contact log to a central server. The central server then matches your log to the contact details of everyone you encountered and sends out a warning. While this does allow health professionals to verify encounters, which can reduce the number of false positives, this creates a massive database that can be exploited or abused. Moreover, whoever operates this database has access to far more data than is needed to prevent the spread of the virus. 

Countries that have adopted or support apps that use PEPP-PT or BlueTrace (or a similar protocol that uses centralized report processing) include:

  • UK
  • France
  • Australia
  • New Zealand
  • Singapore

While apps built on protocols that use centralized report processing are not ideal from a privacy standpoint, they could still prove useful in slowing the spread of the virus. It is possible, if there are strong data protection policies and good governance in place, for a contact tracing program to respect privacy and use these apps.

Approaches that undermine privacy

There have also been contact tracing apps that make no effort to protect privacy. South Korea used a combination of cell phone data, credit card purchase history, and surveillance cameras to track individuals. Using these methods, the government had access to troves of personal information, including people’s age, gender, nationality, and occupation. Authorities also made much of this information public in attempts to alert people that local citizens had COVID-19. 

Israel’s approach was even more extreme — such that it has been put on hold because of legal challenges. In this case, the government would have received geo-location data from phone companies. The government would then use a new interface designed by the surveillance firm NSO to download contact information and call records from mobile phones, allowing authorities to track, identify, and contact anyone that may have come into contact with someone who was sick. 

China has taken one of the most invasive approaches. It introduced a nationwide effort to force citizens to download an app that determines whether they should be quarantined. This app can access personal data on an individual’s phone, including their geo-location, link it to an ID number, and report it back to a government server. There are also reports that this data has not just been used for public health administration but has also been shared with law enforcement. 

Conclusion

COVID-19 is a global emergency, and lives are at risk. We need to take action. However, we must also try to reduce the negative side effects of any solutions we introduce. We wrote this article to raise awareness of the potential privacy risks posed by contact tracing apps so that citizens can pressure their government to make the correct choice. 

It is also important to note that protecting our privacy will require more than just technical solutions. It will require good governance and data protection policy. Legislation, like the draft of Britain’s Coronavirus (Safeguards) Act, will be required to ensure that all data is handled responsibly and that the benefits of contact tracing also reach those who do not have a smartphone. 

Society is at a crossroads. We need to act to stem the spread of COVID-19; however, we must act responsibly. A contact tracing protocol that is private by design, coupled with mass testing and responsible data governance, could not only help us halt the spread of this virus, but ensure we come out of this crisis with even stronger privacy protections in place.

Updated May 28, 2020, to clarify how DP-3T and TCN share positive tests.
Updated June 30, 2020, to add details about the Google/Apple Exposure Notification system.

You can get a free secure email account from ProtonMail here.

We also provide a free VPN service to protect your privacy.

ProtonMail and ProtonVPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support.

About the Author

Richie Koch

Prior to joining Proton, Richie spent several years working on tech solutions in the developing world. He joined the Proton team to advance the rights of online privacy and freedom.

 

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

54 comments on “What you need to know about contact tracing apps and privacy

  • “But the feature that sets DP-3T and TCN apart from other Bluetooth-based contact tracing apps is that they use a decentralized report processing protocol. If you test positive for COVID-19, these apps share a report to a central server that contains all the temporary IDs they encountered. The apps on all devices then check their local contact logs against the report.”

    The second sentence here can easily be misinterpreted.

    “contains all the temporary IDs they encountered” suggests that the app uploads the IDs of the other phones that it encountered.

    I can only speak for DP3T, where this is NOT the case. As described in the whitepaper p. 9ff [1], the app – upon confirmed infection – only uploads its own secret keys (from which the ephemeral IDs can be cryptographically derived) from during the contagious period. (And then generates new keys.)

    [1] https://github.com/DP-3T/documents/blob/master/DP3T%20White%20Paper.pdf

    Reply
    • Hello Thore,
      You are correct, that section left room for misinterpretation. It has been clarified, using the section you highlighted in the whitepaper. Thank you for bringing it to my attention. Cheers.

      Reply
  • To be honest I’m speechless. Considering what this platform [supposedly] stood for, I’m beside myself that you are advocating this in anyway. I don’t know when Protonmail became medical advisers and advocators of oppressive gonvernence, but I thought this day would never come. To present the collection [in any form] of every man, women and child on the Earth for any reason as somehow acceptable “if”, is absolute EVIL. I can see now that Protonmail and it’s various products are part of the system that they so strongly preached they were against. I can see now that the creators and controllers of this platform have “drank the Kool-aid” and are now condoning the collection and control of every citizen’s information, including their loyal customers. I’ve been with you from the beginning. And I’m ashamed to admit that I fell for your lies. I’m disgusted that I’m a paying customer and most importantly, I regret telling others of your service and recommending it. You have lost my trust and my business. In closing I would like to say thank you however. For if I did not read this garbage for myself, I would have never believed it. When the time came [and it’s coming soon] I would have used this platform and products for sensivtive communication and collaberation and would have put myself and others lives in danger. So thank you Richie Koch and the staff at Proton, You have opened my eyes just in time. I will be praying for you and your loved ones.

    Reply
    • Hello,
      You are correct in asserting we are not medical advisors. However, we firmly stand up for our users privacy. In that function, we wanted to inform our users about the different protocols being used in contact tracing apps and how those protocols and apps could potentially undermine their privacy. We believe that informed citizens can move their governments, even if it can be a painfully slow process, to make better decisions.

      Reply
  • I really like your article. It’s evident that you have a lot knowledge on this topic. Your points are well made and relatable. Thanks for writing engaging and interesting material.

    Reply
    • Thanks David,
      So Germany’s Corona Warn App uses the Exposure Notification system, which was heavily inspired by DP-3T and TCN. However, due to how the Android operating system handles Bluetooth, it will require you to turn on location tracking on your Android device, which means Google will likely be able to track your location. It is similar to the what has happened with SwissCovid, Switzerland’s contact tracing app. We discuss it in more detail here: https://twitter.com/ProtonMail/status/1277241985749876737?s=20

      Reply
  • The remaining question is : why some governments selected the PEPP-PT or the Blue Trace protocol when the DP-3T and DCN exist. Ignorance ? Do you really think ? Look at the country lists !
    Thank you, Richie Koch.

    Reply
    • The good news is that since DP-3T and TCN have been developed, the majority of countries have transitioned to using them or the Apple-Google Exposure Notification system, which is heavily influenced by them. Blue Trace was mostly used in contact tracing apps before DP-3T or TCN were available and PEPP-PT has not been implemented by many countries.

      Unfortunately, due to how the Android operating system handles Bluetooth, if you use one of these contact tracing apps, you will have to turn on location tracking on your Android device, which means Google will likely be able to track your location. We discuss it here in more detail: https://twitter.com/ProtonMail/status/1277241985749876737?s=20.

      Reply
  • Well written, straight forward, informative article. I Thank everyone at Proton for your awareness about internet privacy, for the advocacy, services and information you provide.

    Reply
  • Thanks for the informative article. Keep up the good work. Please don’t forget to gear down once in while for novices.

    Reply
  • I will not allow any kind of tracking on my phone or anything else, if joined proton for privacy, if you start tracking my stuff your gone, I’ve started useing a faraday bag when i leave home

    Reply
  • I appreciate the effort put into this article, explains a lot. But I want to point something out: this virus isn’t going to be stopped. It’s going to go away at some point but we aren’t ever going to have an effective vaccine. So shutting down the planet to save people who 80% of the time are the elderly or unproductive people, living in govt entitlements that are paid for by taxpayers, is easily the dumbest idea anyone has ever had. The world must keep going it must start up again. Otherwise, not only will people continue to die from the virus, all hell will break loose.

    Reply
  • Although this article does a good job presenting which of the existing contact-tracing app protocols protect your privacy most effectively, it unfairly does not present the real pitfalls with them.

    Bruce Schneier, a security expert for over 20 years, summarizes the fundamental issue with all contact tracing apps, regardless of their privacy protocols, here.

    To summarize, the 2 issues with these apps are with regard to false positives and false negatives:
    1. Because of the inherent inaccuracy with the contact tracing app (e.g. if an infected person is behind a wall, or another aisle, or maybe someoen who’s wearing a mask/face shield, etc.), the app will incorrectly alarm you that potential transmission due to contacted with an infected person has occured, when in fact there hasn’t, or the possibility was near zero.
    2. Not everyone will have any of these contact-tracing apps installed, so you may have been infected and not even know about it because there won’t be any way for the app to tell you.

    Basically, the fundamental flaw of all contact tracing apps is that they will not be effective.

    Reply
  • Great article, thank you! I was wondering in which category Germany’s approach app falls? I missed it in the list of countries in this article.

    Reply
  • Very interesting, thank you for the write up. I am missing Germany in the list of countries? What about their protocol and app? How would you rate it or which category would that app fall into.

    Reply
  • I very much appreciate the extent in which you have analyzed the contact tracing protocols available. I plan to opt out of any/all tracking attempts by not using any cell phone device. In this way I plan to avoid the invasion of privacy. In so far as Covid-19 virus is concerned, I do agree, it is a virulant virus strain. The virus will come (as it has) and it will go, as they always do. We can protect those most vulnerable ie: those who are elderly and with compromised immune system with isolation protection, as well as any other PPE of choice. Those of us who are healthy, younger, without compromise, should not, unless they choose, ever be forced to comply with so called, actions sacrificing privacy and in our case, constitutional rights. In short, a limited sacrifice is unacceptable in this regard. In sharing this, it is my hope my voice will help direct your decision making moving us forward. Thank you for all you do.

    Reply
  • Very useful – I am worried about the contract tracing app coming out locally. Now I will have some small way to evaluate it. Kind of puzzled by the angry anon post I read – you are sharing info to help those concerned with privacy make personal decisions about what they want to do with theirs regarding apps, not regarding protonmail.
    Cheers

    Reply
  • Thank you for your effort on clarifying this matter.
    Do you think it might be possible to update this article considering the latest developments?

    Reply
  • Hi! Great article! Thank you for writing it concisely, yet accesible to the general public.

    My question more than a comment is: how does these two decentralized protocols compare to the API solution provided by Google and Apple? What would be the advantages and disadvantages from a pure technical and security perspectives? I personally vote for OSS but is always best when you have concrete facts instead of gut feelings 🙂

    Reply
  • Let’s say my government orders me to install an invasive app. Are there counter-apps, or other technologies, that would allow me to neuter the invasive app?

    Reply
  • “To have a measurable impact, a contact tracing app will need to have near-universal uptake among smartphone users. If users refuse to download or use an app because of privacy concerns, it will be less useful in preventing the spread of the disease.”

    … Do you understand just what the full import of these two sentences is? Apparently not.

    A highly secure app that 10 people use protects no-one. A public health agency that coordinates with a government and phone companies can have access to all the data it wants. “Hey, Joe Schmo has the virus. Tell us where his phone has been.” But, but, but…

    You want users to say: “I have an app that is secure that tells me if I have been in contact with other people using the act who claim to have CV. I am therefore safe from CV…” NOT!!! “I am being socially responsible ^^^ and secure*** by downloading an app that tracks CV.” NOT!!!

    People who are on hit lists and using secure email have a far greater fear of dying by means other than a virus that leaves at least 8 in 10 alive.

    I often leave a cell phone I use off, or in a safe place when I venture out. WTF do I want with an app that only works when my phone is on, when I am in a crowd where others may have multiple ways of recording nearby bluetooth user information? Are you insane???

    The last place I expected a puff piece with “social responsibility” while ignoring real issues of privacy was here.

    Explain yourself.

    Reply
  • It seems that you have bought into the narrative that Covid-19 requires extraordinary invasions of privacy:

    “Given the enormity of the challenge COVID-19 poses, it is important we get this right. We must do what we can to control the spread of the virus while still protecting our fundamental human rights.”

    First of all, there is no such thing as a large number. Is the number of deaths from Covid-19 large? Not really. Far more people die each year from tuberculosis, diabetes, heart disease, cancer, etc. The reason this is a crisis is because the Communist Party of China declared it to be a crisis, as a means of tightening their grip on the population of China. The politicians running most other countries happily followed their lead.

    Fewer than 5000 people have died of Covid-19 in China. Is this a large number? According to the South China Morning Post almost 800,000 people die of diabetes in China each year. As a cause of mortality in China Covid-19 doesn’t even move the needle. But its a great excuse for more and better tracking of the population.

    Be assured, once contact tracing is instituted it will NEVER be abandoned. This is the nature of government programs, especially those that allow command and control of ordinary citizens. Each year new infectious diseases crop up, and the old standards such as flu do not disappear, so there will always a disease-du-jour to justify continuing surveillance.

    I respectfully urge ProtonMail not buy into the Covid-19 narrative. Please promote technologies that can DEFEAT contact tracing. Diseases will always be with us. Let’s try to remain free during this worldwide lurch toward mass surveillance. Do not embrace narratives propagated by the Chinese Communists and western Xi Jinping wannabes.

    Reply
  • I agree with Anonymous May 19, 2020 at 9:59 PM
    This article, and many others like it, contain the words that we need to be paying very close attention to. Words like: could…, if…, may…, maybe…, might…, or any other word that makes the statement just a hypothesis or theory rather than a fact.
    The following are my reasons for thinking that ProtonMail is pro-tracking which seems to go against their business model:
    1. “While some questions have been raised about whether this type of tracking is the solution, it could be an effective tool in any national test-and-trace program.”

    I prefer: “Some questions have been raised about whether this type of tracking is the solution.” Period! Your original sentence implies that ProtonMail believes in tracking all of us. This would have been a great time to invite people to click on the “have been raised” link. THAT was a very informative article explaining the pros and cons of tracking and it paints a better picture of what freedoms will be compromised or lost. But ProtonMail just included the part it agreed with, stating that “it could be an effective tool…” So read closely, people! It’s also true that it could NOT be an effective tool.

    2. “We must design any contact tracing system with care to ensure we do not create an invasive data collection system that could be used to monitor citizens after this crisis is over or for activities that have nothing to do with containing the virus.”

    Why do you say “We MUST design a contact tracing system”? Your statement would have been more true to the nature of your business, if you had used one tiny word that makes all the difference… if:
    “IF, we must design any contact tracing system, [we must design it] with care to ensure we do not create….”
    As it is, ProtonMail seems to be advocating a contact tracing system.

    3. “If users refuse to download or use an app because of privacy concerns, it will be less useful in preventing the spread of the disease.”

    By stating that “If users refuse to download or use an app”, you put those who want to protect their privacy in a whole new category of heartless individuals who don’t care about anyone but themselves AND that THEY would be the cause of spreading the disease. This just simply is not true. You may believe that “preventing the spread of the disease” can be lessened by allowing governments to have constant surveillance of their people, but I don’t. In this article, the TWO apps that are ProtonMail approved, are only available in five countries… and the United States is NOT one of them. ProtonMail claims it wants to ensure privacy, but here they are basically nudging people to give up their privacy. I believe it was Patrick Henry, who said, “Give me liberty or give me death!” If I have to live in a world where my every moment is tracked… well, that’s just no way to live.

    4. “There is currently a race to develop an app that can quickly register if you spent enough time around someone in close enough proximity that disease transmission could have taken place.

    WHY do you think this REALLY is? Could it be about the almighty dollar? There is currently a race for “IF” I spent “ENOUGH” time around someone that transmission “COULD” have taken place? WHY? If, enough, close enough, could have… that’s a lot of speculation and way too much for me to just say, “Oh, well in that case, by all means track me like an animal that may or may not be trapped.” How much “time spent” is TOO much? How “close” is TOO close? And who is making these time and distant decisions? Dr. Fauci? The one who said that we could expect 1.5 million to 2 million deaths in the United States alone, but then came back and said it would be closer to 150,000? This is just another ploy to take away our right to assemble and to SCARE us into submission; to keep us away from our loved ones at a hospital, at a wedding, at a funeral, at a whatever! Except, of course, riots and protests… only then is it perfectly safe to gather because COVID-19 is too afraid to show up in those situations. (smh)

    5. “A contact tracing protocol that is private by design, coupled with mass testing and responsible data governance, could not only help us halt the spread of this virus, but ensure we come out of this crisis with even stronger privacy protections in place.”

    Why have you sandwiched “mass testing” between feel-good statements like “private by design”, and “responsible data governance”? These trust building statements are used to give people a FALSE sense of security; leading the masses to believe that everything will be “private” and that the app companies will be “responsible” with our data. But mass testing? I couldn’t find any data that we have EVER had mass testing. We didn’t have “mass testing” in the previous 4 pandemics, so why now? Why spend that kind of time, money, and energy on something that will go away before you could possibly test all 7.2 billion people on this earth, and growing! And besides, aren’t we putting the horse before the cart here? You say “We must design a contact tracing system” to monitor who we come into contact with, but based on what? A faulty test that repeatedly gives false-positives and false-negatives? Focus on getting accurate testing before you start putting protocols in place to track us like wanted criminals. And to end this, it’s laughable that you believe that a contact tracing app will, in any way, “ensure we come out of this crisis with even stronger privacy protections in place.”

    Reply
  • Didn’t you list Germany under the decentralized approach because it’s using the API provided by Google and Apple?

    Reply
  • It is clear that you maintain the style of “political correctness” but but we are your target audience, just that part of the people who disagree with the system, censorship, control and lies. Therefore, you should not even flirt or mention the COVID topic as something that they are trying to impose on us. This is a swollen pandemic of lies, to create a situation that positions people’s consciousness to introduce measures abolishing the rights, freedoms and dignity of a person. I emphasize any! Any protocols for tracking content, although they are decentralized, are unacceptable in any form. And also any presentation of information with an emphasis on the fact that COVID is more dangerous than diarrhea. And don’t even try. I will not support any of the forms, the popularization of this obscurantism, even in a mild form.

    Reply
  • Thank you for this informative article. I also did my research on the DP-3T protocol. As you mention countries like Switzerland offer apps that use these technologies. Namely this is the SwissCovid app for Android and iOS. As far as I understand the app does not itself implement the DP-3T protocol but uses the provided GAEN (Google-Apple Exposure Notification) API which “claims to be inspired by DP-3T”. While the app which provides the UI and communication to the servers is open source, the GAEN API is completely closed source and has not been audited by any external party.

    Additionally, it is currently not possible to install and use the app without an Apple-ID or Google Account which I find highly suspicious. If the app claims to be operating without any personal identifiable information why should I be required to have an identifiable account.

    Assuming that I understood this right, I think the article should mention this caveat.

    Reply
  • The German “Covid-Warn-App” is not mentioned in this article, nor is Germany mentioned anywhere here. Could you please share your thoughts about that app, too?

    Reply
  • I must confess that I expected communities to be more critical of their governments when they suggest installing tracking apps. The “CUIDAR” application in Argentina demands an impressive amount of personal data. Despite this, many people have installed it without asking anything. Thanks for the post. I have read about DP3T in other publications and I find it fascinating that there are people who can demonstrate so clearly that governments can do a lot for their citizens by collecting as little data as possible.

    Reply
  • I agree 100% with Anonymous, May 19, 2020 at 9:59 PM

    If you are truly for privacy, why even say “we have to do something …” You could have given the details of the different tracking systems without saying something needs to be done. The “we” here is another way of saying “the government” needs to do something and we need to cooperate with the government for the greater good. Each individual can decide for themselves to do what they need to do for themselves and their family. “We” don’t need a nanny. YOU HAVE DRUNK THE KOOL-AID. I’m writing this comment on July 2, 2020. Hopefully, since your reply,you have since seen the evidence that this whole Covid-19 virus is a scheme to take total control of the world’s population, the very thing you say you are so vehemently against.

    Reply
  • I would probably be Bob from the Comic. I still do not wish to be contacted by the government concerning a health matter, which should entirely be my own business to take care of. This world has gone absolute bonkers!

    Reply
  • Thanks for this article. I understand that, since it was written, the UK has now switched to the Apple/Google technology (i.e. no longer storing data centrally), though this app still seems a long way from being launched. One of the snags seems to be that the Bluetooth signal on which the app depends is a very unreliable way of estimating distance between app users.

    Reply
  • Hi Richie,

    thank you for explaining the privacy aspects of the contact-tracing app protocols. The comic explainer was particularly helpful I thought.

    I took to trying to understand where Germany’s app “Corona-Warn-App” fits amongst the others in the list. It says it uses the Apple/Google API based on DP-3T and TCN protocols.

    Do you have a view on this app?

    Cheers!

    Reply
  • Thank you very much for this comprehensive overview of the different COVID-19 apps!

    You did not make any reference to the German app, though, would you know which approach was taken in Germany?

    Best,

    Ronan

    Reply
  • Richie,

    Ireland has today launched a COVID-19 tracing application. One of the anomalies that people are reporting is that on download of the application the users Geo-location phone setting is being turned to ON.

    B Singleton

    Reply
  • I’m fairly new to proton but like anonymous I am taken aback by the plainly accepting position they have assumed over clearly unconstitutional and invasive subject of contact tracking. To further give credibility to what very well may be a black flag attack on the USA by the cabal of sociopaths including Fauci, Gates, Soros, Rockefeller’s, big pharma et al is disheartening to put it mildly.

    Reply
  • Richie has provided the internet no ice like myself with valuable information regarding privacy. As a paid subscriber I would certainly appreciate more simplified information On how to get my @pr mail & the use of VPN. I do not have internet & use data on my mobile for all communication. How best to protect privacy is important. Thanks for everything you do for us amateurs. Best regards claude.

    Reply
    • Hey Claude, thanks for the kind words! We’re glad you have found these posts helpful. If you keep an eye on the VPN blog (https://protonvpn.com/blog) we’ll be publishing blog posts that explain what a VPN is and how it works, so hopefully that will help.
      Cheers

      Reply