Indians and privacy

Anorion

Sith Lord
Staff member
Admin
sure okay, but what is the problem with the app?
The app itself does not have the capability for misuse at this point of time.

Thing is, let us just say that the worst case scenario is that the govt is trying to consolidate its power by putting itself in the centre of personal life instead of being a service provider in civic life, then the point of attack should not be the app. If the worst case scenario is indeed true, then attacking the app will not achieve anything, better to channel all efforts to a better personal data regime. This is stuck in limbo because of pushback from stakeholders, where simple services such as Wikipedia will not work because the proposed data privacy regime is actually harsher than GDPR! No one has checked if the app is GDPR compliant btw. IMO we need to go through the entire process and find out exactly how claustrophobic these surveillance tech can get before there is sufficient public push back to effect actual change. It took like 15 years before the UK started destroying the national DNA database, IMO, India has to go through this journey if the surveillance gets oppressive. It might just turn out to be fine. We cannot say at this point in time.
 
OP
Desmond

Desmond

Destroy Erase Improve
Staff member
Admin
Thing is, let us just say that the worst case scenario is that the govt is trying to consolidate its power by putting itself in the centre of personal life instead of being a service provider in civic life, then the point of attack should not be the app
If there is even a 1% chance that the data can be abused, how to ensure accountability?
If the worst case scenario is indeed true, then attacking the app will not achieve anything
Only thing I want is transparency. I am not against installing the app as long as there is transparency as to what data is being collected and how it is processed. Publishing the source code will help in this regard. It will also calm down privacy activists and lawyers and improve the image of the govt. It's win-win.

In either case, I will defer to the Internet Freedom Foundation's judgement in this regard.
 

Nerevarine

Incarnate
No one is doubting the intention of the app by the way. Adhar was also intended to be a population registry of sorts but look how many data breaches related to adhar has happened so far, that too was given to a private body for implementation, I think it was Infosys.

External audit is only solution to solve this imo. Especially since the app is a non profit app..
And look at the positive scenario. Maybe such open source contribution will let other countries join in. This can really boost India's rep.
 

whitestar_999

Super Moderator
Staff member
No one is doubting the intention of the app by the way. Adhar was also intended to be a population registry of sorts but look how many data breaches related to adhar has happened so far, that too was given to a private body for implementation, I think it was Infosys.
No, the only infosys connection to Aadhaar is Nandan Nilekani. Also all those data leaks happened at registration/end usage side & never from UIDAI/Aadhaar core infrastructure.
 

Anorion

Sith Lord
Staff member
Admin
There has been no data breach from Aadhaar, it was mostly during the on boarding process, and the punishment for that was harsh. For example, the guy who revealed Dhoni's details on social media, that entire agency was shut down.

Internet Freedom Foundation had a webinar on Friday, more details here here. Sat through one hour of that. There were zero relevant points made about Aarogya Setu, everything was not about the functionality of the app but about larger privacy concerns. When questioned specifically about it, Apar says something like "it is all connected", while giving no concrete points on the app itself. You cannot really convince people based on what the government may or may not do in the future.

So far, still no single legitimate issue when it comes to the app.

Simple thing is the data for a vast majority of the users does not even leave the device. For example, more than 4,92,212 people are using the app in 10km radius of me, but only 113 are infected, and the servers contain the details of only these 113 people.
 

Anorion

Sith Lord
Staff member
Admin
Its difficult to give a link to aadhaar breach issue, as each individual case has to be addressed to say there has been no breach. However, here is a list to UIDAI press releases, where they have responded to all the reports and rumours of alleged breaches. When flurries of the reports were coming in, top people at UIDAI were periodically informing people that there were no breaches so far, something that was even clarified in the supreme court.

Now coming to the app, this is how the data is actually used
-user data saved locally on smartphone is deleted after 30 days
-user data saved in the cloud for even those who test positive is deleted after 60 days

And about the open source thing, Niti Aayog has committed to releasing the source code once they have a stable release, as the app is still under development.

So really, there is no problem with this particular app. Highly doubt that all the tech has been developed in house from scratch. This is all pure speculation, but will go ahead and post the basis of my suspicions anyway. The symptom tracker implementation is similar to what is outlined in this whitepaper. The on boarding process is similar to what has been proposed here by a Stanford student. Finally, the BlueTooth chirping component could be the PACT protocol by MIT or BlueTrace developed by Singapore, both of which are open source. It's highly unlikely that NIC developed their own protocol in three days. I am not sure if all of this is exactly what they did, but if you do put these things together, you will end up with an app very similar to Aarogya Setu.
 

whitestar_999

Super Moderator
Staff member
Just read the so called Aadhaar breach articles & UIDAI replies. You will find that leak happened at other/non-UIDAI end at the time of registration(like those Dhoni details leaked issue) or govt department error( Over 200 government sites reveal Aadhaar details; no leakage from UIDAI: Minister ) etc.
 
OP
Desmond

Desmond

Destroy Erase Improve
Staff member
Admin
All of these will be verified once the source code is released. I think this is a good first step in releasing public sector code as open source. IMO all software developed using tax payer money should be open source.
 
OP
Desmond

Desmond

Destroy Erase Improve
Staff member
Admin
NHS UK releases source code of their COVID-19 app - nhsx/COVID-19-app-Android-BETA

Sent from my GM1911 using Tapatalk
 
OP
Desmond

Desmond

Destroy Erase Improve
Staff member
Admin
Aarogya Setu source code is now available on Github
Nice. I've been going through this. It seems like a standard Bluetooth proximity scanner and location reporting app. I wish they also shared the server source code.

Sent from my GM1911 using Tapatalk
 

Anorion

Sith Lord
Staff member
Admin
Server source code and iOS source code coming up.

Buut this happen:

Fake Aarogya Setu apps carrying spyware spotted

Pakistan's ISI creates fake Aarogya Setu app to snoop on Indian officials
 
OP
Desmond

Desmond

Destroy Erase Improve
Staff member
Admin
Server source code and iOS source code coming up.

Buut this happen:

Fake Aarogya Setu apps carrying spyware spotted

Pakistan's ISI creates fake Aarogya Setu app to snoop on Indian officials
That's what we have verified accounts on Google play for. But yeah, I kind of expected this to happen. As long as people download from the original Google play store account, there should be no issue.

Sent from my GM1911 using Tapatalk
 

Nerevarine

Incarnate
That's what we have verified accounts on Google play for. But yeah, I kind of expected this to happen. As long as people download from the original Google play store account, there should be no issue.

Sent from my GM1911 using Tapatalk
Good luck teaching that to majority of people
 

ico

Super Moderator
Staff member
Indians don't care about privacy because they do nothing wrong. When someone does nothing wrong, he/she doesn't need to care about privacy.
 
Top Bottom