Updates on COVID-19
Latest government updates on COVID-19 Via the US CDC.
What to do if you have flu-like symptoms e.g. fever, cough, runny nose and sore throat Via the CDC
One of the key roadblocks to wide scale adoption of “Contact tracing” apps is privacy protection.
Tracing apps to-date have unnecessarily compromised privacy; users give away identities, location and even “under-the-skin” biometric data.
The Coalition app provides exposure notifications whilst being privacy conscious.
Let us first clarify when privacy is breached.
Privacy is breached when:
❌ Users have to upload their location data to the cloud which can be traced and monitored by a central entity;
❌ Data is attached to identities, or;
❌ Not GDPR or CCPA compliant.
To address the above-mentioned concerns that hinder the adoption, Coalition enables the following:
✔ Users’ location data is never sent to the cloud on Coalition;
✔ Bluetooth proximity data is encrypted and stays on your device it never touches the cloud;
✔ The users are sole owners of the data;
✔ Prior contacts are notified anonymously and securely when you declare that you have symptoms or have been tested positive;
✔ All data is anonymized
You can see more about how we are GDPR and CCPA Compliant below.
See Whisper Protocol described in here.
A new anonymous ID is locally generated on the phone frequently using a Key Derivation Function based on Blake2B-128 (the Hashing algorithm) and a weekly session key. This pseudo randomly generated ID is broadcast using Bluetooth to others nearby, who take record of each encounter.
If you report you are sick, your past anonymous IDs from the last 2 weeks are sent to the cloud to notify people that have come into contact with those IDs.
Yes. In summary:
✔ Anonymous encrypted ID from the last 2 weeks to alert people who have been in contact with you. This cannot be traced back to you.
❌ Location data is never sent to the cloud.
❌ We do not collect IP Address
❌ We do not collect IMEI
❌ We do not collect Your Name or Address
Coalition does not collect personally identifiable information (PII) at rest. Only when you declare that you are sick, and want to notify others, an anonymous ID is encrypted and sent to the cloud. Coalition only collects the minimum information required to verify you are a real person, and notify others anonymously and securely who may have crossed your path.
✔ Anonymized analytics to fix bugs and improve experience:
- If you have shared the app with others
- Usage metrics, Retention, crashes, what type of phone is in use.
✔ Phone number, this is not tied to your anonymous ID and used solely to verify you are a real human.
✔ Your pseudo randomly generated IDs to notify others who have been in contact with you that you have been sick.
We will never share this data with third parties without your explicit, onscreen permission.
We use the following service providers that may have access to anonymized or encrypted data.
● Google Cloud (For hosting our servers)
● Firebase (For bug reporting and understanding how we can improve the app)
(Also called “subject access request”)
You may, at any time, request access to the personal data that we hold which relates to you. (e.g. phone number and associated random IDs)
Keep in mind that even when you “Declare you might be sick” we only see your phone number, and a history of randomly generated IDs. Asking for your data back actually gives us more information than we already have, (for example your email, phone number, and the export of all randomly generated IDs to date).
If you want to ask for a copy of your data, you may export your data from the app, and use that to query our system for what we have stored.
We cryptographically do not have a way to query our system without your smartphone generating a list of IDs you have used, or without exporting your private key.
Please Note: Android Operating System requires that a user accepts the location permission in order to enable access to the Bluetooth wireless interface. This is standard, and the reason why is that when you install the application on Android, we require that you also accept the location permission. Otherwise, Bluetooth simply won't function. As the app evolves, we may also ask users to share some location information to improve the service, but only with their consent.
A privacy-first exposure notifications platform is an indispensable path to success in fighting COVID19.
Unblocking the fear of data breach will have a significant impact on global citizens and beyond.
The feat of establishing this platform would be nothing short of miraculous given the uncontrollable nature of things today. The only way to win this war is to be more viral than the virus— let us deploy the platform faster than the virus spreads.