Comments (12)
I guess some people will trust it more if it is open sources, and other would trust it less. I don't know on which side will be the majority.
Why would people trust something less if it's open source?
from documents.
According to https://noyb.eu/en/data-protection-times-corona (and I agree):
People must be able to trust technology in the fight against the coronavirus, so that enough people will participate. This can be achieved by measures such as good data encryption, storage of data within the user's phones and the publication of the source code ("open source").
from documents.
More info about the need of having the implementations be free software:
https://fsfe.org/news/2020/news-20200402-02.en.html
from documents.
@kkoenen The Reproducible Builds project is a set of software development practices that create an independently-verifiable path from source to binary code.
from documents.
For those interested, here a walk-through of a free and open source implementation (using Zenroom) of the crypto inside DP-3T
https://medium.com/@jaromil/decentralized-privacy-preserving-proximity-tracing-cryptography-made-easy-af0a6ae48640
from documents.
Very much in support of OP. To make it a little more technical; what are the available best practices to verify (possibly at run-time) if a packaged iOS / Android app is based on a certain version of the published source? Or is 'verified publisher' the best horse to bet on wrt application integrity?
from documents.
dp-3t-client ( https://github.com/snakehand/dp-3t-client ) is FOSS portable Rust implementation. Rusts safety guarantees reduces the auditing burden, and a high level C library API is provided for interoperability. Rust also offers reproducible builds.
from documents.
A similar statement has been released in the Netherlands, signed by prominent civil rights defenders. In section 3:
De broncode van de applicatie en de overige infrastructuur is openbaar onder een vrije software licentie, zodat iedereen de werking van het systeem kan controleren.
Translates to:
The source code of the application and the other infrastructure is public under a free software license, so everybody can check the workings of the system.
from documents.
I'm usually in favor of opensource application, and I would personnally trust it more.
In this context, the major threat is a fork of the app. An that is much easier in opensource (ok, a mobile app is still easy to clone/modify). So I suspect even security specialist will have hard debate on the subject.
But at the end, seeing the urgency (and the limited time for education), it doesn't matter what the security specialist think, nor what IT geek think. What will matter is what journalists says, and what majority of non it people will trust better (and that, I don't know what it is).
from documents.
It was my understanding that a reference application will be developed which Iād assume would also be open source?
from documents.
I started implementing the crypto in Rust here https://github.com/snakehand/dp-3t-client - it is not compatible with the medium / Zenroom code yet , but I will make some adjustments to make it interoperable.
from documents.
Zenroom is a (FOSS) portable, isolated and deterministic execution environment of 1MB payload approx whose bytecode can be signed and versioned: it solves the problem when adopted for internal crypto and business logics.
from documents.
Related Issues (20)
- Was DP-3T Exposure Calculation.pdf Android only? HOT 1
- Stability of distance estimation in case of using a bluetooth Extender HOT 2
- [Public Engagement] Visual Explainer / Scrollytelling on Privacy Preserving Proximity Tracing
- Mistake in communicating how information is passed around, in CH implementations of the apps HOT 3
- Reproducibility of Figure 1 in "DP3T - Exposure Score Calculation.pdf" HOT 3
- Risk calculation when exposed to multiple infectors both for < 15 min. HOT 7
- Naive secret sharing would allow for "jamming" on a non-physical level
- Why did the SwissCovid team not disclose the existence of the LASEC report? HOT 15
- Add support for multiple epidemics HOT 1
- [DOCUMENTATION] FAQ on Apple/Google framework issues HOT 1
- App feature request: Show stored app data as visualization of contact events HOT 3
- Schedule for F-Droid (and/or direct download) release of the Android app HOT 3
- [DOCUMENTATION] Cartoon, Dutch version, one pager: wrong text in picture 6. HOT 1
- Smartwatch App - Market Analysis (WearOS, WatchOS, Fitbit OS and Garmin Watch OS) and way forward HOT 1
- Who controls the 0xFD68 Bluetooth UUID?
- Potential privacy issue of new Exposure Notifications Express? HOT 3
- Wrong text on panel 6 of the NL onepage graphic HOT 1
- Update French onepage translation HOT 2
- Would like to understand the time window for notification
- Question: Where can I find the BLE MAC randomization code in DP^3T?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
š Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ššš
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ā¤ļø Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from documents.