If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!
Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.
Wait, what, did Jiska just submit a talk claiming that Bluetooth is secure?! Is this just another 2020 plot twist?
No, it's not. Assuming that we need an app that enables exposure notifications based on distance measurements, Bluetooth is the best trade-off. Audio would be more accurate but requires permanent access to the microphone. GPS does not work indoors, Wi-Fi and LTE chips are less accessible through smartphone APIs, so we're left with Bluetooth. And Bluetooth LE Advertisements are actually a great choice for such a protocol, further reducing exploitability.
As someone who was involved in finding multiple Bluetooth security issues within chips and operating systems, Jiska should be more afraid of Bluetooth, you might think. However, attacking Bluetooth on an up-to-date smartphone with recent chips is very complex and requires physical proximity. Those using outdated smartphones face similar risks when browsing the Internet, without the physical proximity requirement.
There are other issues within the CWA, such as missing awareness of places like restaurants and public transport, and a health system that lacks fast test reports. We should care about real problems instead of claiming security issues that barely have an impact on average users.