Follow

vaccine passports, privacy 

Vaccine passports worry me. Not because I'm afraid to get vaccinated or against the idea, but because of the implications for privacy and bodily autonomy.

I won't say much more because my explanation won't do this position justice, but the EFF has written some explanations with some very real examples of how they can and will go wrong.

eff.org/deeplinks/2021/04/no-d

vaccine passports, privacy 

@josias I'm in favor of vaccine passports, but not having a digital-only implementation. Much like voting, that is one thing that should have a paper trail or a version that doesn't require a working battery.

But I find it frustrating that if you call it "passport" you get a lot more push back than if you just say "certification". The politics have poisoned the entire idea of vaccines so much.

vaccine passports, privacy 

@josias Also, watching the Iowa Democrat complete and utter failure to handle digital reporting of the caucus points out how much digital-only really sucks.

vaccine passports, privacy 

@dmoonfire But wouldn't paper vaccine "passports" may be implemented in a way that checks with a centralized system, still enabling surveillance of everywhere you go?

Also, I'm not nearly as concerned with international travel as much as normal activities that should be private if you so desire. For example, I believe it is not good for you to be tracked based on your vaccination "passport" to enter a restaurant.

vaccine passports, privacy 

@josias There are ways of creating a non-tracking version of proof, the problem is that most of the fly-by-night creators who sells it to a state, throw together a bunch of crap with no concern for privacy (or specifically to track stuff), and then call it a day.

It takes time and effort to do it properly, but you won't really see that unless everything is out in the open. (e.g., open source, audited, and peer-reviewed). +

vaccine passports, privacy 

@josias As for passports/certification to go into a restaurant or go to the gym. I'm actually okay because it is health and death.

It just shouldn't be tracking or used for selling crap to others. Do one thing, prove it is a valid certification.

Hell, even a QR code that contains a block signed by an "authority" would be useful, as long as you could community the the PGP signing.

vaccine passports, privacy 

@josias ... as long as you communicate the signing PGP signatures.

I spel gud.

vaccine passports, privacy 

@dmoonfire But this will become a surveillance tool. There isn't much of an incentive to do it otherwise. Do you know of anyone who is working on safe vaccination verification like that?

I've felt the same way with bus cards. They *could* do it in a way that verifies that you have enough credit without tracking your movements, but it takes more work and there isn't much incentive to do so.

vaccine passports, privacy 

@josias I *want* a privacy aware verification, but even if someone works on it, it has to be "sold" (e.g., convince without bribes) to government and medical organizations to make it work. Otherwise, you have what we have now with state-specific tracking applications, each one is privately written and unknown tracking.

It's one of those "capitalism ruins everything" problems. :(

vaccine passports, privacy 

@josias i think the privacy implications are overblown. we already require vaccinations for travel. have for decades. it's fine.

@wowaname @sneak @josias At least here, they can be easily forged for all practical intents and purposes.

vaccine passports, privacy 

@sneak I'm particularly concerned with vaccine "passports" being used to track you during activities like going to restaurants, gyms, etc.

As @dmoonfire noted, it's possible to avoid these privacy problems and still make sure everyone's safe, but that's not how they are currently being designed.

vaccine passports, privacy 

@josias @dmoonfire how could it be used to track you? just use the non-digital one and don't let it out of your hand for logging.

vaccine passports, privacy 

@sneak @dmoonfire Wouldn't it be scanned in to check into a database to determine whether or not it is legitimate?

vaccine passports, privacy 

@josias @sneak@sneak.berlin You don't need to. Most browsers ship with a set of trusted SSL certificates. Verifying a site's SSL means looking at there chain and seeing if the root is trusted. This operation requires no network or database, therefore isn't trackable.

Updating those certs (trackable) is independent of a verification. Just like updating your OS.

You can do the same. "Was this vac passport sign by a trusted root?"

vaccine passports, privacy 

@josias You would use a different SSL chain that wasn't for browsers, but the SSL libraries are mostly well understood, have been studied and audited, and been proven.

vaccine passports, privacy 

@josias @dmoonfire only if you let it out of your hand. the paper cards the CDC issues in the usa are not machine readable. mine is filled out by hand.

vaccine passports, privacy 

@sneak @dmoonfire Oh nice. Is there a way for it to be verified to be genuine and that you didn't just make a fake card? If not, is that something they want to do in the future (which may require more invasive technologies)?

vaccine passports, privacy 

@josias @sneak@sneak.berlin There are limits to how much data can be in a QR code but seeing we solve that:

Signing just says something is valid and true. So if you signed an image and some information, then you can trust those are true and valid. Anything can be signed so if you sign a photograph, name/address, and vacc status, you have something that can be verified without a database lookup. +

vaccine passports, privacy 

@josias I'd you have too much information, then you can sign a IPFS or Tor URL which says that one can trust the distributed link.

Depend on data. QR Codes today can handle 3k. I don't know the overhead of signing but you could have a 3x3 grid of QRs which may be enough for a low res photo and a JSON block of information.

Sign in to participate in the conversation
There's Life

A family-friendly social network (Mastodon instance) devoted to the new life found in Christ.