I don’t use the forums much, i watch the channel mostly. i’ll shoot straight, i’m looking for help in order to develop an app to contact trace using bluetooth for trying to get out of this covid-19 mess. The scenario is this:
You enroll to a public service that give you a cripto token, similar to your run of the mill cyrptocoin wallet.
You input your relevant medical information, including if you were already infected and cured, and comorbities (age, weight, smoking habits and other medical related issues). People can lie here, but it just a reference value. This information is not transmitted to anywhere other than the phone.
Use bluetooth, without pairing you can sense the proximity nerby beacons to determine who is close to you. A reverse flight mode should be implemented, meaning bluetooth radios must be on. I don’t think pairing is necessary, we can intervene earlier in the protocol.
Every time you “contact” a bluetooth signal, an event is generated with the proximate time and strengh. A combined hash is generated with your bluetooth mac or BD_ADDR. The event hash is send to a server with your token, the other person will send a similar hash in a way both can be linked but not traced at the moment.
If you get cornavirus, medical team generates a certificate to “open” your trace contact history, The server version contact trace the events to the particular day of the supposed infect and alerts the users via the “wallet”.
Once you get cured, medical team puts another token on your wallet, suspecting you cannot get reinfected or pass it to other people.
I have experience doing country level systems for on of the biggest security companies in the world, my experience with android or ios dev is limited. The detail might be fuzzy/wrong but that is the idea.
I just open a project in github, currently drafting the high level architecture and requirements.
The idea is that the project should be privacy oriented, adaptable for many countries laws and political organization and open source, in order to audit the system for security flaws or potential state level shenanigans.
Edit Some of the state of the art investigation:
Singapore has an app, they have been working on it for a couple of weeks, they are also using the bluetooth approach.
Found a company call zero-base trying to do something similar, but they are using qr codes, so it seem more cumbersome
There is some academic papers related to this technology showing it could work
Oxford University is recommending a similar approach