Some have asked me to explain. I snooped through the source, but I think this https://www.canada.ca/en/public-health/services/diseases/coronavirus-disease-covid-19/covid-alert/privacy-policy/assessment.html does a better job. The key section is quoted below.

Each device with the app installed is sending out and listening for random codes called rolling proximity identifiers (RPIs) which are not static: On a daily basis, the Google/Apple layer automatically generates a random temporary exposure key (TEK). The TEK of the day then generates a new random ID ("rolling proximity identifier" (RPI)) every five to twenty minutes. It is these ever-changing random IDs that are shared with other devices.

The daily TEK generation and frequent RPI generation are design features with the purpose of minimizing the risk of re-identification of users. (In addition to this, they are designed to minimize data transfer to conserve bandwidth.) The RPIs are not identifiable and are not accessible to the app or transmitted to the key server. By design, the RPIs are meant to be public (they are shared to other devices via Bluetooth), and as such do not provide any form of identifying information in the absence of other information. Even if an RPI were intercepted by a device operated by a malicious actor, it would be an entirely meaningless number, and would not be linkable to a device without significant effort. TEKs are stored on the device, but may only be released to the key server in the case of a positive test result and explicit user consent.

When a user receives a positive COVID-19 test result, provincial/territorial (PT) health authorities who have adopted the app will provide them a one-time code Footnote2 and instructions on how to enter it into the app. Footnote3 The app will validate the one-time code and ask the user if they would like their past 14 days of TEKs to be sent to the key server. Footnote4 If the individual says yes, the app communicates with the Google/Apple layer. The Google/Apple layer asks a second time whether the individual consents to sending the past 14 days of TEKs to the key server. If the individual consents, the TEKs are sent to the key server, allowing other users they have come in contact with in the past 14 days to be notified, once their app has downloaded these keys. App users also have the option of uploading their diagnosis keys for the 14 days following receipt of a positive diagnosis, in the unfortunate scenario where an individual who has COVID-19 cannot self-quarantine (e.g. doesn't have sick leave; lives alone and has to buy groceries, etc.).

TEKs are generated once a day and expire after 14 days on the device. A TEK become a "diagnosis key" once released for upload to the key server. If the user consents to upload and transmit the diagnosis key, other users with whom they were in contact may receive a notification. Footnote5 We note that if an individual has had contact with a very limited number of individuals in the past 14 days, it's possible that the user who receives the notification may be able to associate it with an individual.Footnote6

So earlier I wrote about the Covid Tracing App. If you haven't installed it yet, now is your chance, check it out here. You lose nothing, you gain a lot.

Yesterday I got my first results. 124 codes in my list, none of whom have identified they have tested positive. Yay me! Now, the 124 codes doesn't mean 124 people, since their codes change over time. It just means that >0 <124 people I was near ran the app, I cannot figure out who they are, I cannot figure out where that was. But, none of them got the test and clicked the button.

In a nutshell, you get a crypto-graphic identifier that rotates, so does everyone else. It never shares that w/ the network: your phone keeps track of the id of those nearby. Daily it checks a list of which ID have self-identified they have tested positive, and notifies you that one or more of your contacts have.

This is the type of data you get, i blurred most of my code, you get the picture.

Now, I am amazed by the number of people who refuse to install it, sight unseen. They assume it uses your GPS and logs you like a character from your favourite show. Well, the code is available, have a look, but, in a nutshell,

It never logs your location, it never logs you to the network until you click the "I tested positive" button. I know a lot of people who refuse to install it just do so on principle not facts. Get the facts. You are not being tracked, its a tool for *you* to track yourself.

Join me in the install https://play.google.com/store/apps/details?id=ca.gc.hcsc.canada.stopcovid (or find your own link for Apple, its out there).

Its pretty simple. A random bluetooth code, your phone stores the ones you've been nearby. If you get a lab-test-positive, you get a #, you enter it, those folks get notified.

This is way better than the alternative (you test positive, we shut the city down).

It passed the first test (didn't ask for any android permissions), and, passed the 2nd (battery life test).

Join the revolution, and help make the 2nd wave a tiny ripple rather than a tsunami.

Years ago there was this Medical Doctor, Dr. Ignaz Semmelweis. He invented the concept of handwashing after observing that childhood wards run by Doctors had 3 times the mortality of those run by Midwives.

He found that simple antiseptic behaviour (hand washing) reduced mortality to below 1%.

Because this conflicted with the luddite's of the day (who felt that hand washing was beneath them) he was locked up in an asylum and beaten, where he died.

A few years later Lous Pasteur came along and confirmed the existence of germs. A bit late for poor Iggy.

But not too late for you. So wash your hands and ignore the anti-maskers, leave them for Darwin, another contemporary of these folks.