I really question whether these apps will be effective. The limitation section https://github.com/corona-warn-app/cwa-documentation/blob/ma... of their architecture document shows that people in close proximity for a few minutes may not even get picked up.
Anyone who has dealt with trying to work out distance from Bluetooth signal strength will know that it is virtually impossible once you factor in, the orientation of two devices (signal polarization), their locations (in a pocket, bag, case...) and the local environment (reflections and attenuation from walls, floors ceilings, furniture).
And even assuming perfect ability to deduce the risk of infection of two people using the app, will that help in the bigger context. If the people most at risk don't install this app and the least at risk do then you may be drawing resources away from the people that most need help.
The biggest risk are longer contacts, not very short ones. You don't want to notify everyone that passed that person on the street, but you do want to notify everyone that was reasonably close in the same train for half an hour.
This is pretty much just an extension to classic contact tracing. And there you also have to work with very rough categories of risk, this isn't so much different.
One thing unclear from that is how how fast, if at all, accumulated viruses clear out.
Say you need to inhale 1000 of a particular virus to get its disease, and talking normally with an infected person gives you 200/minute, so it takes you 5 minutes to get the disease.
You can get that 1000 by talking 5 minutes with one infected person, or you can get it by talking 3 minutes with one infected person and then shortly afterwards 2 minutes with another.
But what if the gap between those two is longer?
I'd guess that the first 600 you got get into cells quickly and start reproducing, but there are few enough that your immune system is able to handle them. The reason you need 1000 is that is the tipping point where the viruses can reproduce faster than your immune system can handle.
If that's the case, then after you get that first 600, how many you need to get on the next exposure would be 400 shortly after the first, but as the time between exposures increases that would increase.
The model here would be that you have a virus accumulator (you), being filled by exposure events and drained by your immune system, and you get sick if the accumulator reaches some threshold.
This makes me wonder if my approach to shopping during this pandemic is wrong. I've been doing a big shopping trip every 3 or 4 weeks, as opposed to before the pandemic when I'd pop in to the store 3 or 4 times a week and only buy a few things.
Those big trips involve being in the store for an hour or more (and it's not linear--the time to fill my cart is linear in the number of things I'm buying, but checkout time goes up faster because organizing my stuff at the self-checkout becomes harder). If someone else in the store is infected, I could potentially be around them enough to also get infected.
The old small trips only involve a few minutes in the store. If someone else is infected I'm not going to be in there long enough to get an infectious dose from them unless they do something like cough near me. With my mask, and care to avoid other people who are not wearing masks, my realistic risk from an infected person is less than an infectious dose.
If my immune system can clear that out in a few days, then I should be good to go for the next short trip. As long as the prevalence of infected people in my community is low enough that I'm not going to get an infectious dose in a single short trip, this should be a safe approach.
Another question: suppose I get that 600 dose, and no more, so my immune system handles it fine and I don't get sick. Am I spreading the virus during this time, or do I only start spreading after I get an infectious dose worth of accumulated exposure?
Edit: how does acquiring immunity fit in? If I get 60% of an infectious dose and then no further exposure until my body has dealt with that, do I get any immunity or does that only happen if I accumulate enough virus at one time to actually get sick?
> Edit: how does acquiring immunity fit in? If I get 60% of an infectious dose and then no further exposure until my body has dealt with that, do I get any immunity or does that only happen if I accumulate enough virus at one time to actually get sick?
Not an expert but I think I can handle this one.
> The model here would be that you have a virus accumulator (you), being filled by exposure events and drained by your immune system, and you get sick if the accumulator reaches some threshold.
This is a simplified model of the immune system, and in order to answer the above question we need to make it a little less simplified.
First, let's talk about the accumulator. It's not only being filled by sars-cov-2, but also by other viruses, foreign bacteria, etc. I don't understand well enough to say how that affects the threshold in our model so I'll ignore that for now. Let's represent all these as javascript objects.
As I understand it, your immune system has two main responses to infections: white blood cells and T cells[0]. They both work essentially by duck typing -- in our model, that's the shape of the js objects; irl it's the protiens exposed on the surface of the virus[1]. White blood cells match a much more general pattern, but are not very efficient compared to T cells. Your model only considers white blood cells.
T cells work a little differently. Your body constantly generates T cells that match random virus shapes. The newly-made T cells take a look through the accumulator and see if they match any of the objects. If not, they self-destruct. This is what hapoens most of the time, since the accumulator is cleaned out fairly quickly. But if they do -- say, when the accumulator has overflowed and now the virus is reproducing freely, so it stays around for a long time -- they start to clone themselves. Eventually, they clone themselves enough that they, with their higher efficiency, are able to remove all of the virus from the accumulator. When this happens, a few of them stick around for a while. This is immunity: even if you get hit with a big dose of sars-cov-2, you've got some T<sars-cov-2>cells hanging around from last time, which can handle the virus with increased efficiency (multiplying themselves[2] as necessary).
That is to say, a small amount of exposure over a long period of time is unlikely to generate immunity, since you never generate T cells to fight the virus.
[0] These are not the only parts, but they play a big role and generalize well to the two main parts of our immune system.
[1] Aside, you could, with a little fudging, extend this analogy to how viruses infect cells -- cells each have api endpoints, and the virus takes the shape of the regular payload enough to pass validation checking, but also has malicious parts to trigger remote code execution once inside the cell, so the cell turns around and starts spitting out viruses instead of its normal responses.
[2] Actually I do not remember what the mechanism is for this -- whether they multiply themselves or send a message back to the T cell factory to "produce more like me", at which point the T cell factory caches the blueprint, and that's the immunity, rather than any T cells themselves sticking around. Maybe someone with a deeper understanding of the biology can correct any nuances I'm
Apparently it actually is a matter of the size of the dose. I think it is a misconception a lot of us had early on that any contact at all with the virus would cause infection. Note, we still don’t know what the critical dose is, but small doses should be fought off by a healthy immune system.
That's only true if all of the N contacts are infected. If I walk past 60 people on the street, there's a much lower chance than if I have lunch for an hour with someone who's infected. You don't instantly get sick just by getting close to someone who is, but every second you're near them is a roll of the dice on it transmitting.
By that model, if you wait long enough, the risk of getting infected by that one person you’re sitting next to approaches p, the fraction of people who are contagious (that person either is contagious, and you’ll get infected, or they aren’t, and you won’t ever get infected) and the risk of infection of serially being in the danger area of multiple persons (effectively taking independent draws of that 0.5% risk) approaches 1.0 (eventually, you’ll have encountered so many contagious persons that you’ll get infected, too)
Typically, you won’t meet enough people on the street to even get close to that 1.0, but it isn’t a given that that probability stays below p.
Things would be different if there were a minimal load (in a simple model, say, of V virus particles in a minute) needed to run the risk of infection. I can see this swing both ways, depending on various factors.
As others have pointed out, resources are currently available. Especially in Germany.
Nevertheless, countries who have been successful in reducing the spread also need to find ways to drive R0 below 1 for a long time. This has proven difficult in Germany.
Therefore, it seems that any reasonable false positive rate will still be a net benefit - given that active cases are now very low and it is desirable to catch any infections early.
So yes, this will not help everyone. And yes, it may lead to false positive quarantines - until test results are back.
But it still seems to be a net positive as long as the privacy part is intact.
I imagine it's not meant to be 100% accurate. If it identifies even 50% of the people that may have come in contact with someone who's positive, even considering 50% false positives, I would consider it a rousing success.
Even if there are 95% false positive: if you're able to test all those people and catch the 5% that might still be a net profit. It comes down to cost. Societies are spending thousands of billions to mitigate the problem, even a slight reduction of that number is a win.
As far as I understand, you would need to send everybody who might have been in contact with someone who's positive into quarantine, right away. You can also test them, but you need to quarantine them immediately, as the virus is transmitted before symptoms show.
If you just send everybody who was in contact with a positively tested person into testing (they give samples, send them in, get tested, get the results back), but they keep going about their normal lives, they will statistically infect more people before the tests come back.
So the false positive rate is quite important, as it potentially means sending thousands of people into home-quarantine.
> So the false positive rate is quite important, as it potentially means sending thousands of people into home-quarantine.
Of course it's important and of the course the lower the false positive rate the better. But the argument remains: even with a high false positive rate, what's the net result? Maybe overall it's worth putting thousands of false positive in quarantine now than a whole city of millions two months later.
There are so many variables and known unknowns in this approach. I argue that even with all the well reasoned arguments against, at this scale and with this stakes they stay theoretical until we actually do it. Let's try at least once, and if it fails it's still knowledge gained.
False positives do matter. However, we are currently at about 300 new cases per day in Germany. So how much do they matter, really?
If everyone of those has the app installed and has, on average, 100 registered contacts (so that’s about 98 false positives, if we assume that on average two of those lead to infections) that’s about 30,000 people being told to isolate every day.
If they are told to isolate for one week (should be sufficient, on balance) that’s around 200,000 people isolated at any one point in time.
If only 50% have the app installed that’s down to 100,000 people.
Sounds high but ok to me. Given how active the infection currently is in Germany I wouldn’t want false positives be higher than that – but somewhere in that high ballpark sounds fine to me.
The idea is that aggressive quarantining allows a comfortable return to normalcy for everyone.
Maybe at most a couple 10,000 sent into home isolation (a week should be plenty here, no need for 14 days – we aren’t shooting for perfect anyways) versus 81 million with strong measures.
Obviously the app isn’t the perfect solution here. Much more important is thorough and swift real contact tracing (followed by quarantine irrespective of diagnostics, so quite similar to how the app would work with many false positives). But I wouldn’t reject the app out of hand.
I have pointed out the weakness of the correlation between viral transmission vectors and BTLE radio signals these apps are relying on a few times before here on HN. I've pointed to the failure of deployment % reaching anywhere near the required density (and we are talking order of magnitude off here, not 'just missing a few %') where citizens had free choice. We've already seen many authorities requesting 'more control' and lambasting Google/Apple for being too restrictive.
But on HN, any criticism of this tech is met with a swift unsubstantiated down-vote.
It is because tech people think of tech solutions. Just as this whole pandemic was handled in the countries by virologists - who think in terms of viruses.
Reading about the app I remembered the book of Hans Rosling ("Factfulness") where he describes a situation in Africa during an Ebola outbreak. He wrote: There where people with apps everywhere. The apps were the hammers looking for nails. However, it just consumed resources and shadowed the fact that numbers reported were just messy and the epidemic was over 14 days ago. In the end they had to do data cleaning and they managed _Ebola_ without an app.
I think this app will make people become accustomed to getting traced for $reason.
Many countries are now in the situation where they have far more test capacity than referrals for tests. In that context, this sort of app may be useful; it will produce candidates for tests who are more likely to be hits than purely random testing. This is especially the case in places where prevalence of the disease is now extremely low (like Germany).
> The German government has asked SAP and Deutsche Telekom to develop the Corona-Warn-App for Germany as open source software. Deutsche Telekom is providing the network and mobile technology and will operate and run the backend for the app in a safe, scalable and stable manner. SAP is responsible for the app development, its framework and the underlying platform. Therefore, development teams of SAP and Deutsche Telekom are contributing to this project. At the same time our commitment to open source means that we are enabling -in fact encouraging- all interested parties to contribute and become part of its developer community.
Wow, those are not two companies that come to mind when "moving fast" is a priority. (I've only worked in a supplier role to Deutsche Telekom, but I can't imagine SAP is any less ... specific about rules and processes.)
I guess they probably have some "experimental" departments for recruitment purposes, they must have used those.
I wonder how quickly contact tracing applications will be leveraged for other uses. If a significant number of protesters are using such an application then I imagine government will throw the “for your protection“ excuse to go harvest information from the phones of protesters to see who was meeting with him and who their social circles are. Of course, to keep us and our children safe.
That's a legitimate concern, but I think the German app is designed so that the government does not get the contact data.
Here's how I understand the system:
Your phone saves the ID numbers of the phones it's come into close contact with. The IDs are randomly generated, so they don't contain any information about the person carrying the phone. When someone tests positive for the virus, they can transmit their ID to a central server, which then broadcasts that ID to everyone with the app. The app checks that ID against its local list of contacts.
It's already happened in the wake of the events related to the unfortunate death of George Floyd. Police in minneapolis have admitted the use of contact tracing technology to locate protesters.
My understanding is that that was the police grabbing cell phone tower records from the cell service providers -- which they've always been able to do, it is a different (though still problematic) issue. The writers of the article conflated it with contact tracing.
I have brought up the same worry in similar threads. I think it's a given that once this sort of thing is accepted it will be implemented more broadly for our safety.
The New Zealand contact tracing app just allows you to log visits to businesses that display QR codes listing their address. So you can have a log of where you've been. Only most businesses here don't have the codes on display as applying for them has too much red tape.
Also NZ is essentially corona-free, there isn't much pressure for app based tracing as long as those in contact with people coming in from anywhere else (i.e. air and sea port workers, customs officials and the likes) get rigorously tested.
Wouldn't a tracing app make more sense than having a rigorous border tests? It takes one miss-tested infected person to start a second wave in the country. So I would assume that the investment to make sure businesses provide the QR pays off testing everyone and risking another lockdown. I'm also not sure countries have the resources to enforce huge amounts of tests at the border.
> I'm also not sure countries have the resources to enforce huge amounts of tests at the border.
Right.
One issue with testing is that the only test you can do for masses in a border are basic health checks like temperature, but aside from all general issues with such kind of test (people are exhausted after travelling on a plane, having to do a test, ...) with COVID symptoms often only appear after one had been infectious for a while already, so one can pass by undetected and still spread.
Things like PCR tests take time and effort and have notable cost, which makes it hard to apply on a larger entrance port.
Either shut down completely (maybe based on origin region or recently visited regions) or be prepared to handle afterwards ... tracing contacts to identify potential carriers after ridentifying infected is a way which is at least a bit promising.
> Either shut down completely (maybe based on origin region or recently visited regions) or be prepared to handle afterwards
If you only shut down based on recently visited regions, you're likely to import cases anyways. With CoVID-19, it takes several weeks to identify an outbreak in a region (especially without extensive testing). By the time you shut down travel from a given region, you've probably already been importing cases for weeks.
The WHO has gotten a huge amount of flak for not calling for travel restrictions during this pandemic. But their recommendations were based on the ineffectiveness of travel restrictions,* according to previous research. They recommended screening passengers for symptoms, but also told countries to take measures to limit spread (like testing and contact tracing), on the assumption that countries would import cases.
* The WHO's recommendations were also based on the International Health Regulations, an international treaty that basically every country on Earth has joined. Most of the public is unaware of the IHR or what it says about travel restrictions, or of the history of the WHO (one of its founding goals was to stop countries from automatically shutting their borders whenever there was an outbreak, and instead to take rational, evidence-based measures).
The US is way too deep in the corona mess to do anything like that. What would help is widespread, easy access to tests (including a moratorium on ICE enforcement and no "paper records" requirement so that also illegalized persons get tested instead of being an unknown harbor!) and especially daily tests for at-risk personnel (medical, public transport, supermarket staff and inmates of prisons, jails and health/elderly care institutions).
Other apps can do without central tracking Id's. It was fishy that Germany waited weeks for this Google API (officially to support low voltage Bluetooth), whilst other countries had their open source apps ready for long. Germany and France pushed for centralized tracking, it was called off after protests, now its again in via their US friends.
Having spent some time looking at contact tracing app architectures across the world, I realize how conceptually same they are.
Mostly variations are in central or decentral handling of data.
BLE based.
Similar usage protocol.
Instead of 50 odd countries, each making tracing app with ~90% similarity, doesn’t it make sense that there is one grand GitHub repo?
Each country instantiates their own variant of it, by injecting own config, while contributing to the this repo.
I'm at a loss as to why Ireland isn't open sourcing our contact tracing app or just using another open source App considering every other EU nation is.
I suspect combination of soft corruption and perverse incentives.
Most European countries develop their contract tracing apps as open source software.
The fragmented landscape is unfortunate. It's not just the code being developed that could benefit from a cooperative approach, the ethical, legal, medical and governance issues around these apps could benefit a lot from a shared European approach.
We have done this with the GDPR, we should collaborate on this as well.
At this scale, collaboration would probably slow things down more than it helps. Finding a consensus among so many parties is hard. Building separate solutions first and then unifying them later might be better.
Maybe. I just don't understand why European developers didn't start by forking the austrian app, which has an apache license.
The Stopp Corona app is developed by the Austrian red cross and has already been successfully deployed and used. There's a lot of experience around it.
Why not begin with a fork and add your own requirements? Then slowly try to merge those upstream? Now the landscape is fragmented from the start. It's NIH all over the place.
Anyone who has dealt with trying to work out distance from Bluetooth signal strength will know that it is virtually impossible once you factor in, the orientation of two devices (signal polarization), their locations (in a pocket, bag, case...) and the local environment (reflections and attenuation from walls, floors ceilings, furniture).
Additionally, without knowing exactly how transmission is occurring the risk score calculation https://github.com/corona-warn-app/cwa-documentation/blob/ma... may be wildly inaccurate too resulting in the wrong people being notified.
And even assuming perfect ability to deduce the risk of infection of two people using the app, will that help in the bigger context. If the people most at risk don't install this app and the least at risk do then you may be drawing resources away from the people that most need help.