Elliot Alderson
@fs0c131y
Fri May 08 08:46:35 +0000 2020

A mobile application that send your GPS coordinates regurlaly to a server owned by a government is a surveillance system.

#AarogyaSetu is a surveillance system

Do you have to worry?

When a government is forcing people to install an app, it's probably the good moment to be worry

"It's not an issue, it's a feature of the app" 🤪

Yes, by design, #AarogyaSetu is a surveillance system. They don't care about the user privacy. But, in theory, give the ability to know if your neighboor is sick is not a feature of the app.

"We need it to fight #Covid19"

No, you need:
- tests to identify infected people
- masks
- gloves
- contact tracers
- respect social distancing
- isolate infected people

An app alone will not break the contamination chain.

"It's ok, my government told me that this is temporary, they will delete my data and I will be able to uninstall their contact tracing app"

You are dreaming my friend. All these surveillance systems are here to stay. I am ready to bet a beer if you want

"Without a contact tracing app, it's impossible to defeat Covid19"

This is not true. This is not the first pandemic and contact tracing without an app is made for decades.

"Can they still track me if I uninstall the app?"

Of course no, at least not with the app because the app is no more on your phone

"I trust my government, I will install the app anyway"

I respect that, it's a free country do what you want but be aware that you are giving your privacy in exchange of some "hypothetic" protection

"I'm already giving my data to Facebook, Twitter and Tinder, it doesn't matter if I give my data to my government"

It's not because you have very bad habits in term of privacy that you have to continue. You are the one in charge. Only you can improve that

"We are in 21st century, we have the technology, tracking people phones it will ends #Covid19 for sure"

Just look at China. You don't even imagine how China is monitoring his population. And they were unable to avoid the propagation of the virus.

"Privacy is for the richs"

No, privacy is a fundamental right. Everyone deserves it

"My 20 years old security bro told me you are a fraud and the issues you found are not a real issues"

The 2 issues I found can probably be classified as medium. Aarogya Setu developers are not agree with your security bro because they fixed the issues.

"The government said the app is unhackable"

Nothing is unhackable. With enough motivation and skill, everything can be hacked.

"Some people don't have enough food or electricity, in India we don't care about privacy"

Some people care and again everyone deserves privacy. Let's give them access to basic needs and respect their privacy at the same time. It's not incompatible

"You are just an attention seeker, you just want more followers"

You have no idea how painful is it to have a big twitter account. You received thousands of messages, comments, insults. I don't earn money with it. Sometimes, it's very cool but there are a lot of drawbacks

"Why are losing your time on Twitter?"

The impact. Together we made incredible things. Every opportunity to raise privacy awareness should be taken. Especially when a lot of media scrutinize your tweets

"This is not how security pros are doing responsible disclosure"

This is a hot debate, there is no ideal way to disclose an issue. This way is probably not ideal but it's efficient. My general rule for that is: you found a bug, you are the owner of it, do wtf you want with it

Fri May 08 10:14:29 +0000 2020