Digital tracking of quarantined people

In this day and age if you can't open source your security then you don't have any security. Security through obscurity doesn't work.

I don't agree with this. Blackboxing some or most of your security components can make for a highly effective strategy.
 
I haven't misunderstood anything. When systems are exposed to hostile environments then having many eyes review code and many actors attempt compromises has resulted in much better security. How many more patch cycles for full remote compromise zero day exploits that have been in code for years will we go through? How many more backdoor passwords in supposedly secure Cisco code are yet to be discovered? How many times will companies hide their bugs until 3rd party researchers threaten to or do release details of exploits?

Sure open systems are not a panacea. Many eyes didn't prevent cryptography standards like DUAL_EC_DRBG from being distributed by RSA et al and used widely in supposedly secure environments. But if Juniper had open sourced NetScreen like they have with JunOS maybe the complete compromise of Juniper VPN traffic would have been avoided.

Unless your digital secrets (code) can withstand the withering gaze of open scrutiny then time has proven again and again that trust in closed systems doesn't create great security.

The contact tracking app is definitely going to be exposed to the public and people will definitely try to co-opt it. It is not like a closed banking system.
 
The Frequent Flyer Concierge team takes the hard work out of finding reward seat availability. Using their expert knowledge and specialised tools, they'll help you book a great trip that maximises the value for your points.

AFF Supporters can remove this and all advertisements

But if Juniper had open sourced NetScreen like they have with JunOS maybe the complete compromise of Juniper VPN traffic would have been avoided.

Sorry but the core of your argument seems to be that security can only be achieved through the opening of codebases. What's wrong with this theory is that no commercial security vendor outside of those that strictly began as open source projects (pfSense, ClearOS, OPNsense etc) does this today - and you will not find the open source solutions featuring in Gartner's MQ for products because enterprises aren't buying them and the market doesn't believe them to be considerably more secure than proprietary solutions. You've tried to claim that Juniper does so with JunOS, but JunOS is not open source, it just built on top of an Open Source OS (FreeBSD in the case of JunOS, Linux for JunOS evolved). I think you'll find most of the platforms are in the same situation, that certainly does not make them open source solutions.

I wouldn't even bother going back and forward on this topic but when you put it in such an authoritarian tone it makes it difficult not to point out the clear reality of the market, and that is that the vast majority of enterprise products today do not expose their source code as a matter of course, and doing so is no easy feat, and it is not a panacea for problems of trust.
 
And here it is!
 
Downloaded and activated.

Worked in IT for >20 years.

No qualms at all at downloading it (yet I refuse to use FakeBook because I do not trust it).

The eventual usefulness? - Jury is out at the moment.
 
Last edited:
It says a lot for how much we trust politicians that we would rather download Facebook or similar apps than this! While I'm no fan of politicians I too have downloaded this app already.
 
Germany gives in to Apple:

Hong Kong is using electronic tracking bracelets for those entering through the airport:

That article also gives some interesting stats on what many other countries are doing too.

Australia will be writing into law that only health officials can make use of the data: Australian PM says will be illegal for non-health officials to get data from COVID-19 app
 
Sorry but the core of your argument seems to be that security can only be achieved through the opening of codebases.

...

the clear reality of the market, and that is that the vast majority of enterprise products today do not expose their source code as a matter of course, and doing so is no easy feat, and it is not a panacea for problems of trust.

My argument is simply that more eyes makes for better security and if code is promoted as being secure it should be able to pass open scrutiny without fear.

The commercial decisions and contractual obligations which prevent most companies from open sourcing code is not a security decision.

Of course there is no panacea for security and simply opening a codebase won't somehow magically make it secure. In the case of the Covid tracking app I can see no good reason for the government not to release the code base. Unless of course they have purchased a closed system and are prevented from releasing (or maybe even seeing) the source code.
 
Sponsored Post

Struggling to use your Frequent Flyer Points?

Frequent Flyer Concierge takes the hard work out of finding award availability and redeeming your frequent flyer or credit card points for flights.

Using their expert knowledge and specialised tools, the Frequent Flyer Concierge team at Frequent Flyer Concierge will help you book a great trip that maximises the value for your points.

Proposed changes to the law to set a 5 year prison term for anyone that tries to use the app for anything other than contract tracing, currently ~5 million downloads/registrations using the app has been completed:

Apple and Google play to the market by disabling location tracking in their apps:

Britain goes back to the 1960's to test it's contact tracing app, with tests starting today:
 
Another one throwing their hat into the ring........

Was surprised last night (or maybe, I wasn't surprised; which says it all to the UK's handling of the situation) that last night's announcement from BoJo (the clown) had no mention of a contact tracing app being ready for use and that we should install/start using it.
 
Still no sign of an app in the wild for the UK, or if there has been it's not been well publicised.

More countries moving forward with Google and Apple's version, who have been firm around no location history etc. It's holding some countries back from using it through as they want the extra level of tracking.

Estonia is taking a slightly different tact to dealing with the get back to work process.
 
Though the fellow testing positive after last weeks protest wasn't one who have downloaded the app.So of no use there.
 
Though the fellow testing positive after last weeks protest wasn't one who have downloaded the app.So of no use there.
I agree there.. as it is not compulsory, there is always a risk of not able to find all contacts if it is a large gathering in the public, where the people are not known to each other
 
Some interesting stats/feedback from the AU COVID-19 tracing application.

It's rather a "pat yourself on the back" article. Other articles over the past week have basically been talking down the app, with its usefulness being questioned.

I like this quote "Given that just under half of the Australia.gov.au traffic relates to return users, people are seeing value - so we mustn’t be too far off the mark". That possibly means people couldn't get the site to work on the first go, and had to come back for a second attempt. It doesn't seem to be a worthwhile marker.
 
It's rather a "pat yourself on the back" article. Other articles over the past week have basically been talking down the app, with its usefulness being questioned.
The usefullness of the app is, that by adopting it the govt has bought forward the relaxation of restrictions. the actual benefits of the app are a long way off being measurable do to the relative success of containing the outbreak compared to other countries.
 

Enhance your AFF viewing experience!!

From just $6 we'll remove all advertisements so that you can enjoy a cleaner and uninterupted viewing experience.

And you'll be supporting us so that we can continue to provide this valuable resource :)


Sample AFF with no advertisements? More..
Back
Top