Show more details about "risk encounters" #100
Comments
|
The keyfact in a monitoring program ist a control of the reliability. I am working in a datacenter, developing applications to monitor the health of machines. "all ok" alone is never excepted by the operators. Additional information is required to see the application is working correctly. This is controlling the control. Without this feature people cannot trust the application. I had an event with some friends of mine, and we tried to look at the app to see our contacts (anonymous of course), but nothing is found. So the suggestion to show day, duration and attenuation info is highly recomended and shouldn't be not to much work. Up to this I assume the app ist not working correctly, even though error messages are not shown. |
|
In my opinion, the day, duration and the time on that day of risk encounter are crucial information in some cases, consider the following case:
|
|
I would like to add that my request is about making those details visible to the user which are made available by the Google/Apple Framework to the app. |
|
I totally agree with your enhancement request, this would be a valuable feature.👍🏽 Should be considered as a „on next“ feature. |
This would only work if one of your colleagues tested positive AFTERWARDS. |
|
I am interested in more detail information about risk encounters. Also low risk encounters, for example riding on a bus for only 3 minutes where there was an infected person. |
|
@Ulenrich In your Gedankenexperiment you should let yourself get tested. And if an infection circulates in a regularly meeting group it may be the other way round, that you infected the other guy. And you may also have been infected a week ago by a person on the bus or in that Kleingartenverein who doesn't own a phone. By myself, I would also cancel parties if I had any symptoms. During lockdown I was able to guess even without the app. |
|
Two things to have in mind: 1. AccuracyDeriving the the distance based on the RSSI in a BLE setting is very unrelaible. Doing so praticially requieres a controlled lab enviroment in a calibrated setting. Having a smartphone in a jacket or not does have bigger impact on the RSSI, than a distance of a few meters - by far. This is a very active area of research. Typically, positioning is assisted by different attributes such as fingerprinting, machine learning on time series, etc. (https://scholar.google.com/scholar?hl=de&as_sdt=0%2C5&q=BLE+indoor+positioning) - for fieldtracks.org we came to the conclusion, that BLEs accuracy is binary: Either you have a contact or you don't have a contact. There is no in between. Deriving a distance is bogus. From a pandemic point of view, the environment (e.g. indoor / outdoor), stable aerosols or not appears to be relevant. When not knowing the timing of an encounter people cannot check the enviroment (e.g. using googls location history) and can hardly asses the individual risk. (E.g. was there just somebody passing my window, while I was at home alone?, was there somebody sitting just right beside me, while I was taking the tram for 10 minutes?) 2. Privacy.The App is not desgined to provide contacts in a non-interactive-zero-knowledge proof of knowledge (NIZK, c.f. zcash) way. The protocol provides information on an encounter (timing, signal level), that is way more than just a single bit bit, i.e. "There is an encounter" (from an information theory point of view). Altough somebody could consider to implement a system using NIZKs, the app is not. In consequence people could possible be blamed for being infectious afterwards - medical records are considere to be sensitive information. Providing privacy (i.e. "Informationelle Selbstbestimmung") requires informing the users about the actual data processing. That is - in the most simple setting: Presenting it in a nice way. However, the app does not. The app hides information from the user. I consider this to be a privacy violation. |
|
|
If you want to see beacons in your surrounding, just use one of the BLE scanner apps. Then you can do all the timestamping you want. |
|
|
This still needs API change. CWA cannot scan the surrounding, because it doesn't - and CANNOT - have location permissions. Either you use a 3rd party app, or you need to press Gapple to adjust the API. Which they will not do, because the statistics would allow de-anonymization of users. And why wouldn't users be aware of it? The app is sending via Bluetooth. If you install the app, you know that you start transmitting data via Bluetooth?! |
|
I guess, that we can agree, that such functionality has breaking API changes, that's fine. Still, it can be implemented (you've already suggested, what kind of Apps do so), when using a different API. Pushing Google or Apple boils down to regulatory and is not a technical concern. The technical solution would be not to rely on Googles / Apples API, write a custom API component, bundle it with the application and have google and Apple exclude it from power saving restrictions, etc. Having google / apple accepting the App then also boils down to regulatory issues, i.e. laws.
Due to a lack of visualization. |
|
Google can't just exclude apps from power saving restrictions. This is up to the OS. Since you won't get manufacturers to release OS updates for older devices, going the way of Google with the PlayServices was the best approach. Yes, it would be nicer to be able to do it without Google, but that's just not feasible.
Make a pulsating element, like in the SwissCovid app. If you're transmitting, you're transmitting. You can't really be more specific about that, can you? |
No, the content of sent and received beacons is still hidden from the user. |
|
@treysis A pulsating element when tracing is active has been added and will be included in the next minor version. @yanosz If an app doesn't meet the Play Store requirements, then no, you cannot encounter this with any application of law. |
|
Well, if Google was willing, they could implement it though. The question is still if that would change anything. As far as I understand this wouldn't give the app sufficient rights. And Google cannot change that. That can only be changed by upgrading the OS. And this is up to the manufacturers and they won't support this for older devices, making the whole concept of the app even less effective. |
|
@tens0rfl0w ... so you're saying, that this 68.000.000 € project, which has federal attentation cannot result an a law, requiring google and to modify its API? So, this country is paying 68.000.000 € for a simple GUI + backend for an already existing API without any option to change its technical framework? ... IMHO people should considere hiring a new software architects, then. |
|
Ehem, Germany isn't the only country accessing the API. |
|
A new API specification has been formed and will be rolled out soon (1.5). This newer version allows for much more freedom in the processing of the data stack and can give the app much more information about the actual data than before. And no, the German government will not form a law that tells software manufacturers how and what to implement in first party APIs, that would be a little bit over the top.😅 |
|
Ah - 1.5 is:
Welll, that's not quite accurate. So, the suitable work around remains to have an additional beacon scanner. Minding the costs of 68.000.000 € and the having https://play.google.com/store/apps/details?id=net.alea.beaconsimulator for free in the app store (hint: it scans and beacons, too), this is a strange project. |
|
Again, you cannot implement a beacon scanner inside CWA. This requires location permission. With location permission, the app is not allowed to access the API. This is to prevent any exposure tracking app to create location profiles of its users. This is a privacy-aware design-choice! |
Well, one could have this project having two apps, one accessing the API, one accessing the regular BLE API. One could OpenSource both, having verifiable builts and make sure, that no such location tracking takes place. Well, one could argue, that an alternative app, not having the play store dependencies for google runs on lineageos, even with google services disabled. One could argue, that 68.000.000 € are enough to sustain both ones. Well, one has argued, that exluding false positives / false negatives is vital for the acceptence of the application (https://www.schneier.com/blog/archives/2020/05/me_on_covad-19_.html) - further information on encounters help to do so. |
|
Additional/related questions from corona-warn-app/cwa-app-android#896:
|
|
Please show Date and Time of later on announced risk contacts, even if this leads to still having a green status. As such contacts might occur only at shopping or eating in a restaurant, one can reconstruct with Date and Time where one habe been and if shopping or queuing anywhere is the risk reason. This would enhance the analyse and discussion and avoiding of behavior in the future much, when it ia shown if the risk contact was at 8:00 in the bus ir at 12:00 in the McDonalds restaurant or at work at 10:00 o'clock at a certain date/day. so it is not about "10 days ago" but about exact time and day. Thanks for implementing that local showup fast. |
|
Time is not supported by the API. Date could be shown in principle. |
@MikeJayDee yes, the 'timestamp' of the 'youngest' encounter is available at the API with day granularity; exactly the number that is now shown in cwa. |
|
Hello, what? For sure an app and a computer and - so should - an api can add a time stamp on hourly or better exact basis. |
|
This is even more impossible. Since the scanning is done by ENF and CWA doesn't broadcasts/receives anything it is impossible for CWA to
This must be added by Google/Apple to the ENF. And that this happens, I think (at the moment), is very unlikely. |
|
When my machine adds a beacon string to the database, for sure my machine can add an exact time stamp. The positve person just needs to announce all the beacons of its own over the server. Done. |
|
@webermike CWA itself gets only this information handed over by the ENF: https://github.com/corona-warn-app/cwa-backlog/issues/23#issuecomment-678692630 Even if it would be possible: The RKI denied to show more information about green Risk Encounters. |
|
@webermike CWA has to use the Google/Apple Exposure Notifications API (otherwise the whole setup wouldn't be possible at least on iPhones, and would be extremely battery consuming on Android). (Good luck with that...) A more practical advice for you would probably be to use this app: https://play.google.com/store/apps/details?id=com.contextis.android.BLEScanner |
|
@svengabr Could you (the team) please clarify with the RKI if they generally reject to show more Informations about Encounters or if they would theoretically show some more Details f.e. the date of Low-Risk Enocunters, etc. |
|
@Ein-Tim & @daimpi When #100 was closed by RKI we had around 1900 cases per day. RKI has to consider to give out more information to prevent user from either ignoring the information or overflowing the Lab test capacities.
|
|
@rvbaer I'll mirror my answer from here: I agree that it would be nice to have the warn-app-companion (WAC) functionality provided by CWA. But this is not possible currently b/c Bluetooth access is not allowed for ENF apps by Google/Apple (see above for further discussion on this topic). But even if CWA could access BT: this could only work on Android devices as iOS is filtering out all the BLE signals containing rolling proximity identifiers (RPIs) already on the OS level. So nothing except for the Exposure Notification Framework (ENF) which is directly integrated into iOS can even see them. And even under Android this hypothetical "direct CWA recording" would probably end up being quite unreliable, as many manufacturers implement "energy optimizations" which kill background apps all the time. |
|
@daimpi I'll mirror may answer from #251 @daimpi I understand that pressing the "export database" button in RaMBLE and the import button in WAC is okay for Google in Android. But for Google it is not okay not have an integrated App with the same functionalty. I am still convinced that it is worth the effort to fight for a better app which supports the users by giving time and location of critical enncounters. Such an improved App would Such a feature would thus simply increase the "quality" Especially now with the high exposure risk the RKI should join and also fight for this improvement. |
|
FYI #178 |
|
I still believe both the duration and attenuation should be displayed. These are available via the ENF and would let people judge their risk better. They could discern different cases: eg. one of my neighbors (large attenuation >12 hours), likely bus rides (20m), likely high risk restaurant (2hrs short range). This change would not affect fundamental privacy since all of this information is already available to technically savvy users and provided by the ENF. Since currently some people have permanent high risk status, this would let them judge their risk better and democratize access to information that is already available to users like me to protect those around them while reducing the need for frequent PCR tests. |
@OlympianRevolution The duration that ENF will return seems to be arbitrarily limited to max. 30 minutes, because of Apple's / Google's opinion on how the reporting user's privacy could be preserved in this context - see https://developers.google.com/android/exposure-notifications/exposure-notifications-api#getexposurewindows The time will be randomly cut between 15 and 30 minutes: https://developers.google.com/android/reference/com/google/android/gms/nearby/exposurenotification/ExposureWindow If the observed duration from one DK was longer, they split it into multiple windows and return them in a shuffled order. So if you met a reporting user for 2 hours, you will get the information from ENF that you had at least 4 encounters that day, each between 15 and 30 minutes length. Still pretty confusing, so I will not yet retire https://github.com/mh-/corona-warn-companion-android |
|
VIa the ScanInstances List there should be more information. Thanks for the Warn-App-Companion @mh- ! I use it all the time to judge risk and functionality. It is one of the reasons I think it is unfair and hypocritical to prevent normal users from having more information on the encounters, when it is possible for us to know all the details. |
and others
Current Implementation
Currently only the number of days since the last "risk encounter" are shown.
Suggested Enhancement
A list of all "risk encounters" as provided by the GAEN API should be made available to the user. This should include all the available information (which isn't much, but includes the day, duration and attenuation info).
Expected Benefits
With this additional information, users who receive a warning (or even without a warning, a number of risk encounters > 0) will understand better how much they are affected.
Internal Tracking Id: EXPOSUREAPP-2099
The text was updated successfully, but these errors were encountered: