-
Hi GovCanHealth: can you please explain why your COVID Alert app (on iOS) is sending (HEAD) requests to clients3•google•com? It looks like their captive portal verification endpoint, but I can’t think of a reason your app should do this. /cc mgeistOn twitter.com
♻️ 1 Retweets
❤️ 6 Favorites
Mood +2 🙂
-
GovCanHealth mgeist FWIW, I fixed this problem in their code and sent PRs and an issue explaining the problem, here: github.com/cds-snc/covid-alert-app/issues/1003 Hope we see that fixed and deployed very soon.Permalink On twitter.com
♻️ 1 Retweets
❤️ 5 Favorites
Mood -2 🙁
-
GovCanHealth mgeist I see what’s going on. Working on it. The defaults are privacy-infringing. (It’s still not okay that the app does this and someone should have noticed!)Permalink On twitter.com
Mood 0
-
According to Canada's Privacy Commissioner, IP address (which this app absolutely does leak to Google) is considered Personal Information if the holder is able to link it to a personal identity (and Google has the ability to do this for most of us). priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda-compliance-help/pipeda-interpretation-bulletins/interpretations_02/#fn50-rfPermalink On twitter.com
Mood +1 🙂
-
So, it does seem that this app is unnecessarily, repeatedly identifying me to Google (in a way that could probably be tied to reporting data, with some clever data science). The actual reports come from retrieval•covid-notification•alpha•canada•ca, though, which is good.Permalink On twitter.com
Mood +5 🙂