HACKER Q&A
📣 skitout

Can blockchain allow full privacy Covid-19 tracing?


The current plan for bluetooth covid-19 contact tracing sounds a little bit creepy to me(but better than nothing. They generally have two components: 1. A decentralized part storing on our devices (anonymously) who we’ve been in contact with 2. A state-run centralized system to contact people once someone had been infected

Sounds to me blockchain could allow the second part (and the whole system) to be more/fully decentralized, with more/total privacy… What do you thing ?

  👤 skitout Accepted Answer ✓
A (non-specialist) idea of architecture :

- If you are more than X minutes at less than 2 meters of someone, you get a unique address from this person (like for any blockchain transaction), stored in your smartphone.

- If your are infected (after validation by a doctor?), you just send the info (like a normal transaction) to all the relevant "unique addresses" stored in your phone

- Using existing blockchain (and a modified version of their open source wallet) to do these simple transaction, with existing coin (eg. using OP-RETURN) or by creating a specific token. Monero would be interesting (obscures sender and recipient) for the privacy side. Less private, but I like Komodo too...

Nothing stored in the blockchain. No smart contract, no gas cost, nothing complex, using existing tech and open source code...

👤 davidajackson
Probably not a great idea because:

1. Replacing a DB/server side code with contracts that you pay to run per opcode introduces needless cost (this is general problem with startups that use blockchain too quickly). Sure AWS compute costs money, but smart contracts are way more expensive.

2. If you're building an app and distributing it via Apple/Google, there's no need for a blockchain. Plus the app store itself is already centralized, so if your distribution channel is centralized there's really no guarantee of privacy.

3. Ethereum/ txs are slow compared to HTTP requests. We're talking minutes to confirm sometimes, versus less than 100s of milliseconds.

4. If you increase privacy, you must be increasing anonymity, and that's not useful for contact tracing. You need to know who was in contact with who else.

5. Smart contract code is a pain to upgrade. It's costly, complicated, and puts all your "server-side" code right on the blockchain for anyone to mess with it and try and break it.

👤 detaro
Why do you think that? How would you use the blockchain to achieve that?

Also, what does "full privacy" mean? The goal of such a system is by definition partiall compromising privacy, by revealing information.

👤 mytailorisrich
Storing contacts on people's devices in a private way is trivial (just use an unique ID, and that's probably the way apps that trace through Bluetooth beaconing work), but the point is that the list of contacts may be identified by the authorities if and when needed.

We don't want something that only allows people to be notified on their devices without anyone knowing who they are. We want to know exactly who the contacts are.

Back to your question: It's not clear to me what blockchain has to do with this, anyway.

👤 rampatra
The privacy concerns you're pointing out can be overcome even without Blockchain. I am not sure I understand the use of blockchain here, even though I would be really happy to use one if I see a benefit.

Let's say we use a blockchain to store these user data in a decentralized way. Now, how will blocks get created (new blocks added) in the chain? How are you planning to get a consensus? Who decides?

👤 kleer001
No. Blockchain is for an immutable forever docket. That's the opposite of privacy.