


There is an astounding amount of misinformation in terms of how contact tracing works in the digital space. Not only because of how new this technology is but because journalists are overworked and don’t have time to deep dive. I’m hoping to provide a layman’s guide to how this technology works now, how it’s going to work in future and my personal concerns.

关于联系人跟踪在数字空间中的工作方式,存在令人震惊的错误信息。 不仅因为这项技术是新技术,还因为新闻记者工作过度,没有时间进行深入研究。 我希望为该技术现在的工作方式,将来的工作方式以及我个人的关注提供外行指南。

The Australian government announced today it will in the next few weeks be releasing its own contact tracing app. Contact tracing in the context of epidemiology is basically about figuring out how individuals came in contact and who they came in contact with to figure out the degree of contagion of a particular vector that’s spread among a population.

澳大利亚政府今天宣布,它将在未来几周内发布自己的联系追踪应用程序。 流行病学背景下的接触者追踪基本上是关于弄清个人如何接触以及他们与谁接触以弄清在人群中传播的特定媒介的传染程度。

Traditionally it would be done through assessment of surveillance footage, interviews, eyewitnesses, analysis — things of that nature. These days the vast majority of people carry computers in their pocket that are constantly communicating between each other and to the internet. The Australian Government is going to release an app that uses your mobile phone passively to keep a log of people you’ve been in contact with for a prolonged period of time.

传统上,这将通过评估监控录像,采访,目击者,分析等方式完成。 如今,绝大多数人都在口袋里携带计算机,这些计算机之间不断通讯,并不断与互联网通讯。 澳大利亚政府将发布一个应用程序,该应用程序将被动使用您的手机,以记录您长时间联系过的人的日志。

As far as we can tell, despite the fact that Stuart Roberts has miscommunicated this, the Australian implementation is based off the Singaporean BlueTrace Protocol.

据我们所知,尽管斯图尔特·罗伯茨(Stuart Roberts)误解了这一点 ,但澳大利亚的实施是基于《 新加坡BlueTrace协议》 。

Bluetrace —基础知识 (Bluetrace — The Basics)

Bluetrace is quite elegant and designed from the ground up to preserve privacy. You install the app. It generates a unique identifier for your device (not containing any personal information) and begins broadcasting it over bluetooth low energy. Basically you appear to other devices like an Apple Watch or Fitbit. Because of how the bluetooth spec works devices can (to a degree) figure out how far away other devices are from them based on the RSSI of the signal. This is how an Apple Watch can unlock a mac, if you’re near enough it will open based on proximity.

Bluetrace非常优雅,从头开始设计以保护隐私。 您安装该应用程序。 它会为您的设备生成一个唯一的标识符(不包含任何个人信息),并开始通过蓝牙低功耗广播它。 基本上,您会出现在其他设备上,例如Apple Watch或Fitbit。 由于蓝牙规范的工作原理,设备可以(在一定程度上)根据信号的RSSI判断其他设备与它们之间的距离。 这就是Apple Watch可以解锁Mac的方式,如果距离足够近,它将根据距离打开。

Keep in mind your phone and the devices you own are doing this constantly. Ever used handoff to send a thing from your iPhone to your Mac? That’s BLE. Ever used AirDrop? That’s BLE. Every time you flip open your AirPods case to check the battery levels it’s broadcasting a bluetooth LE signal that your iPhone detects to show you the cool animation with the battery levels. This technology is mature and well understood.

请记住,您的手机和您拥有的设备会不断地这样做。 您是否曾经使用过越区切换功能将东西从iPhone发送到Mac? 那是BLE。 曾经使用过AirDrop吗? 那是BLE。 每次您打开AirPods机壳检查电池电量时,它都会广播一个蓝牙LE信号,您的iPhone会检测到该信号,以电池电量显示酷炫的动画。 这项技术已经成熟并且众所周知。

Your app records all of the identifiers that it comes in contact with over a rolling 21 day period if it sees that identifier for more than a certain period of time (at the moment this seems to be 15 minutes but that appears to be bound to Background App Refresh frequency windows, please email me if I’m wrong about this).


If 21 days sounds familiar, it is, it appears to be a decent statistical bound for the period in which, were you infected, you would exhibit symptoms.


Say you have the app installed and you’ve been using it for a few weeks. You come down with a fever and a cough. You go to your doctor and get a test — if you find out that you’re testing positive, you use a code given to you to indicate that you are a vector. You enter this code into the app.

假设您已安装该应用程序,并且已经使用了几个星期。 你发烧和咳嗽下来。 您去看医生并进行测试-如果发现测试呈阳性,则使用提供给您的代码表明您是病媒。 您将此代码输入应用程序。

This process sends your unique identifier to a server. All of the bluetrace apps are routinely hitting this server and downloading all of the vector identifiers and matching them up with their local database. If one of the identifiers in their local database matches one of the identifiers in the vector payload, the app alerts them (if the user has opted in to notifications) — they’ve been in contact with a COVID-19 confirmed infection and need to self isolate.

此过程将您的唯一标识符发送到服务器。 所有的bluetrace应用程序通常都会命中该服务器,并下载所有的向量标识符,并将其与本地数据库进行匹配。 如果其本地数据库中的标识符之一与矢量有效载荷中的标识符之一匹配,则应用程序会向其发出警报(如果用户选择了通知)-他们已与COVID-19确认感染接触,因此需要自我隔离。

Thus far this all sounds pretty benign. The processing and storage of data all happens locally. Identifying as being COVID-19 positive never tells people you’ve been in contact with who you are or any personal information. It’s an impersonal but effective system to communicate to people a potential contact trace or vector for an infection.

到目前为止,这一切听起来都不错。 数据的处理和存储都在本地进行。 识别为COVID-19阳性永远不会告诉您与您接触的人或任何个人信息。 这是一个非人性但有效的系统,可以与人们交流潜在的接触痕迹或传染媒介。

This system is still incomplete.


为什么不起作用? (Why doesn’t this work?)

Given a set population, to do effective contact tracing in this manner you need substantial takeup. In the developed world mobile phone usage is relatively pervasive. Almost every Australian resident has a cellular phone plan. The vast vast majority of consumer cellular plans (98%+) have a phone that is running a variant of iOS and Android.

对于给定的人口,要以这种方式进行有效的联系人跟踪,您需要大量的工作。 在发达国家,手机的使用相对普遍。 几乎每个澳大利亚居民都有手机计划。 绝大多数的消费者蜂窝电话计划(超过98%)的手机均运行iOS和Android的变体。

The Bluetrace model, whilst compelling falls apart because it relies on about 60%+ (based on these numbers from The Economist) of users to have it installed to do effective contact tracing. In the Australian market Apps that have that degree of penetration would be apps like Instagram, Facebook, Messenger. Apps that if your parents, or neighbours or friends couldn’t figure out to install they would reach out to somebody else to help them to get it installed because they help them communicate with or access a social network/service they want.

Bluetrace模型虽然引人注目,但因为它依赖大约60%以上的用户(基于The Economist的这些数字)而被安装,才能进行有效的联系人跟踪,因此该模型非常引人注目。 在澳大利亚市场上,具有这种程度的渗透的应用将是Instagram,Facebook,Messenger等应用。 如果您的父母,邻居或朋友不愿意安装的应用程序会与其他人联系,以帮助他们安装该应用程序,因为它们可以帮助他们与所需的社交网络/服务进行通信或访问。

There is no similar pull for a contact tracing app. There are no photos on it, there are no grandchildren, you can’t win any gems on it, you can’t watch your shows on it. There are for the most part only exhortations that you’re doing your part to install this black box.

联系人跟踪应用程序没有类似的吸引力。 它上没有照片,没有孙子孙女,您不能赢得任何宝石,也不能观看自己的表演。 在大多数情况下,您只是在劝告您安装此黑匣子。

Excusing particularly on iOS how the Singaporean app has to work around iOS’s very stringent controls on broadcasting/receiving Bluetooth Low Energy packets, the system also doesn’t work particularly well, you’re told to keep your phone on or keep it facing down — this isn’t a good long-term solution.


Given the install base the BlueTrace solution in Singapore seems to have been a well-intentioned and well built failure. The mobile giants don’t give you enough wiggle room to build something like this effectively — but the protocol is well designed and seems to have inspired the next stage.

鉴于安装基础,新加坡的BlueTrace解决方案似乎是出于故意和精心打造的。 移动巨头没有给您足够的摆动空间来有效地构建这样的东西-但是该协议经过精心设计,似乎启发了下一阶段。

下一阶段 (The next Stage)

On the 11th of April both Apple and Google announced they were going to bring the contact tracing system in-house.

在4月11日苹果和谷歌都宣布他们将带来的接触者追踪系统内部 。

They were going to provide API (basically tools for app developers) to hook into their own low-level systems for doing contact tracing. This is promising for a few reasons:

他们将提供API(主要是应用程序开发人员的工具),以挂接到自己的低级系统中进行联系人跟踪。 这是有希望的,原因如下:

  • Apple/Google have more flexibility on their own apps than that of third party developers. They have more access to hardware and can do things that they wouldn’t let third party developers do (say constantly broadcast bluetooth low energy identifiers)

    与第三方开发人员相比,Apple / Google在自己的应用程序上具有更大的灵活性。 他们拥有更多的硬件访问权限,并且可以做一些第三方开发人员不愿做的事情(例如不断广播蓝牙低能耗标识符)
  • Apple and Google have committed to a standard that works cross platform — with all the good will in the world if you have a huge gap between the different operating systems that users are running your system is effectively useless


  • Apple and Google have released a cryptography spec and a bluetooth tracing spec that both look extremely promising

    苹果和谷歌已经发布了密码学规范和蓝牙跟踪规范 ,它们看起来都非常有前途

Singapore’s BlueTrace is a great idea but it’s just one country working very hard to provide a framework to solve this in a technical way. We cannot guarantee apart from promises from government figures that the Australian app works in this way.

新加坡的BlueTrace是一个好主意,但它只是一个国家在努力提供技术解决方案的框架。 除了政府提供的承诺外,我们不能保证澳大利亚应用程序会以这种方式工作。

We could obviously have a third party audit it or even (God Forbid) release the source code for the app. Given copyright/procurement/etc that’s not likely to happen before everybody in the country is effectively harangued to install this. This still realistically won’t work

我们显然可以让第三方审核它,甚至(上帝禁止)发布该应用的源代码。 鉴于版权/采购/等,在该国每个人都被有效地要求安装该设备之前不太可能发生。 这实际上仍然行不通

Closing the Gap


Getting someone to install mobile apps is extremely hard. As someone who has made their living for years on selling or getting people to install apps it’s a complete nightmare. People don’t know their passwords, or don’t have credit cards (yes this can still impact downloading free apps), or don’t even know how to download an app from their app store of choice. App installation trends have been consistently going down over the past few years, getting people to install an app to solve this problem is never going to work.

要有人安装移动应用程序非常困难。 作为多年来靠销售或吸引人们安装应用为生的人,这简直就是一场噩梦。 人们不知道自己的密码,或者没有信用卡(是的,这仍然会影响免费应用程序的下载),或者甚至不知道如何从他们选择的应用程序商店中下载应用程序。 在过去的几年中,应用程序安装趋势一直在下降,让人们安装应用程序来解决此问题永远不会奏效。

That’s why the two big mobile vendors, Apple and Google have a second phase. They’re going to build contact tracing into their operating systems. This gets you opt-in basically at the ground level. Google does not have a great track record of deploying full operating system updates so is deploying this through their Google Play Services workaround — iOS has a userbase that are used to receiving updates and tend to apply them, so it’s a separate story.

这就是苹果和谷歌这两个大型移动厂商进入第二阶段的原因。 他们将在他们的操作系统中建立联系跟踪 。 这使您基本上可以在地面上选择加入。 Google在部署完整的操作系统更新方面没有良好的记录,因此正在通过其Google Play服务变通办法进行部署-iOS的用户群用于接收更新并倾向于应用更新,因此这是一个独立的故事。

Assuming an uptake of over 60% within 2 -3 months, once this “baked-in” system is deployed end of May (at an aggressively early estimate) we could have a fairly effective and aggressive contract tracing system ready to go end August / beginning of September. That’s frankly incredible. This is the equivalent of a manhattan-project style solution to a truly evil problem.

假设在2 -3个月内吸收率超过60%,则一旦在5月底部署了这种“内置”系统(以积极的早期估计),我们就可以准备一个相当有效且积极的合同跟踪系统,准备在8月底/ 9月初。 坦白说,那太不可思议了。 这相当于以曼哈顿项目风格解决真正的邪恶问题。

Contact tracing exists for one reason and one reason only, this virus is a demon, and we cannot let it hide. Contact tracing will help us bring to light who is infected and stop it from spreading.

进行联系人跟踪仅出于一种原因和一种原因,该病毒是恶魔,我们无法掩饰它。 联系人跟踪将帮助我们了解被感染的人并阻止其传播。

Say we deploy this technology and it works, we have solved the core problem, we can track and trace those who are infected but there are still questions we have.


Concerns and next steps


Despite all of the good intentions in the world this system does have downsides:


  1. Your phone now has a list of every single individual you’ve been in proximity with over the past 14 days. Sure they’re anonymised, but that key is directly correlated to a device.

    现在,您的电话会列出您在过去14天内与您联系过的每个人的清单。 当然,它们是匿名的,但是该密钥与设备直接相关。
  2. In Australia at least it’s a crime to not unlock your phone for Police when ordered by a Magistrate (thanks to Rob Candelori for this — thanks to Bede Kelleher for clarifying). Given the phone unlock decrypts your device, unlocking it gives law enforcement potentially access to this database of other identifiers as well as your identifier. If Police are trying to prove you have been in proximity with another user it is a trivial exercise to match those identifiers

    至少在澳大利亚,当治安法官下令不为警察解锁手机是犯罪行为 (这要感谢Rob Candelori-感谢Bede Kelleher的澄清 )。 鉴于手机解锁会解密您的设备,因此解锁后,执法部门就有可能访问该其他标识符数据库以及您的标识符。 如果警察试图证明您已经与另一个用户接近,那么匹配这些标识符是一件很简单的事情

  3. Other stores of information have routinely been targets for hackers or state actors. If your device has a centrally known database that exists that has all of your identifiers, that’s a very juicy target. If state/other actors figure out an attack to exfiltrate that data (like they did with WhatsApp) that’s an incredibly valuable trove of data if third parties can collect it en-masse through vulnerabilities. Collecting this data incentivises trying to steal it.

    其他信息存储通常是黑客或国家行为者的目标。 如果您的设备具有一个存在所有标识符的中央已知数据库,那么这将是一个非常多汁的目标。 如果各州/其他参与者发现了攻击,以窃取该数据(就像他们对WhatsApp所做的一样),那么如果第三方可以通过漏洞进行大规模收集,那将是非常有价值的数据。 收集此数据可能会试图窃取它。

  4. Both Apple and Google say that they can turn off the OS level tracing once all of this is done, but there’s no indications as to the mechanism they’ll use to do so

  5. We don’t know societally how this is all going to shake out long term. We live in very weird and uncertain times. We’re trying to save lives but we don’t know how this will impact our cultural psyche, values or how we work as a society long term.

    我们不从社会上知道这一切将如何长期摆脱。 我们生活在非常古怪和不确定的时代。 我们正在努力挽救生命,但我们不知道这将如何影响我们的文化心理,价值观或我们长期社会的工作方式。

Cryptographically and technically the contact tracing solution is extremely well thought through but we should still be wary.


We need to be very clear in terms of what these systems collect and how. Any murkiness or lack of clarity will defeat the project before we start. If people are sceptical because of a poor communication from the government or tech vendors the entire project will fail.

在这些系统收集什么以及如何收集方面,我们需要非常清楚。 在我们开始之前,任何模糊不清的内容都会使项目失败。 如果人们由于政府或技术供应商之间的沟通不畅而持怀疑态度,则整个项目将失败。

This is not a panacea, it’s a temporary stopgap that helps us corral and crush this demon. We are working on adrenalin now trying to deal with the hyper-focus of this problem — whilst valuable now the second this tool has served its purpose it must be destroyed.

这不是万能药,它是暂时的权宜之计,可帮助我们遏制和粉碎这个恶魔。 我们正在研究肾上腺素,现在正试图解决这个问题的高度关注性,而现在有价值的是该工具已达到其目的的第二个条件,必须予以销毁。

Don’t give anybody too stupid to understand how dangerous this can be any ideas.


翻译自: https://medium/swlh/some-basic-points-on-contact-tracing-apps-7dc4df1442f2


