Luca App: CCC calls for a moratorium

The Luca app really is a complete train wreck. And what&#x27;s worse is that the federal governments don&#x27;t even have any direct control over the app itself, they just bought access to the contact tracing data for 12 months from the company operating the app. Meanwhile the company controls the app and all connected user accounts and can repurpose it in whichever way they see fit (and they already announced they have plans for the app beyond the pandemic).<p>It&#x27;s absolutely mind-boggling to me how our government(s) can get the idea to &quot;rent&quot; contact tracing data from a private company like this, it just reeks of corruption. I wasn&#x27;t a big fan of the Covid tracing app in the beginning, but in retrospect the concept of that app seems miles ahead of the current situation with the Luca app.

There is so much incompetency in governmental IT&#x2F;software decisions and software it&#x27;s actually sad.<p>Is it a product of smart people simply not working in this sector or corruption?. It seems from the outside to be filled with imbeciles masquerading as administrators.<p>We need to somehow make the government way more accountable, if only there was an organization that could do that, we could call it the media.

This is amazing.<p>There should be hacker clubs in each country double checking all suspicious public procurements.

Is this one of the many examples of German government wasting taxpayer&#x27;s money?

This is a privacy issue, in the country which thinks so highly of the GDPR. So it&#x27;s not something which they should be able to sweep under the rug as if nothing happened. As the article explains, the issue is far bigger than just vulnerabilities, it&#x27;s about how politics supported this app.<p>If this would be some other thing, like the implementation of a video surveillance system in the political center of Berlin, or any other important place, they would have taken care to at least adhere to the basics in how to give whom the job to do this, how it will be licensed&#x2F;owned, how it will be run, what happens with the data. A thorough check of the company would have been made.<p>But in this case? It&#x27;s a small startup with no expertise whatsoever in data protection, expecting the silliest terms and conditions, and the politicians are just glad to throw the money at them, and even expecting citizens to install this app if they want to take part in public life.<p>This is as crazy as it gets and shows how incapable they are of controlling this pandemic, even how little they care to seriously work on it, and I wonder how much this represents what they have been doing over the last decade in general.<p>I was glad to install the Corona-Warn-App and am a bit sad that there are so few people using it, but it was implemented correctly. Not only from a technical point of view.<p>But should any of these apps become a requirement to participate in public life, I&#x27;d take it as far as going to jail for not installing or uninstalling it.

Related discussion from a few weeks ago about the mentioned licensing issue:<p><a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=26644053" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=26644053</a>

worst thing is, my university seemingly developed something similar (which has been used for exams for half a year now) already: <a href="https:&#x2F;&#x2F;qroniton.eu&#x2F;" rel="nofollow">https:&#x2F;&#x2F;qroniton.eu&#x2F;</a><p>But I guess kickbacks for using something created by state employees are not as good as for something new from a private enterprise (with blockchain! - they silently removed it, when the CCC called that out and now the CEO claims: &quot;we&#x27;ve never used blockchain&quot;).

If a lot of people with good pentesting skills started bashing the hell out of this app in an organized yet brutal fashion, that could be very interesting and likely legally problematic. I wouldn’t advise anyone to do that. Ever. Honestly.

What&#x27;s the difference between this Luca app and the &quot;official&quot; German covid tracing app (Corona-Warn)? Or are they the same thing?

Germany paid 20M+ for this already, without owning anything (code, data, ...).

Haha I&#x27;m waiting for Smudo&#x27;s disstrack!

Is there a U.S. based Chaos Computer Club (CCC) or CCC like group?

Wow this is bad, I&#x27;m sorry to hear it&#x27;s already mandatory in one German state.<p>I&#x27;m really surprised Germany is playing so loose and fast with privacy as they&#x27;re known to be one of the countries with the strictest privacy laws around.<p>By the way how does this work being mandatory with people that don&#x27;t own a smartphone??

What was wrong with Corona-Warn-App? Looked amazing compared to ‎TousAntiCovid last year yet I&#x27;m learning here that it isn&#x27;t improved anymore and I haven&#x27;t seen ads for it anywhere. The differences between German states and the way news are communicated is so complicated, and it&#x27;s been more than a year that it&#x27;s like that now.<p>As a French citizen living in Germany I can get vaccinated if I go back to France soon (the French state literally sent me an email to tell me that as they know I&#x27;m living in a foreign country), meanwhile I keep on reading that some German states are trying to get more vaccines than the others (e.g. Sputnik in Bavaria) and I cannot get a free PCR in a state where I do not live. Why having such friendly fire in your own country, especially when my health insurance works at the national level?

&gt; Mecklenburg-Western Pomerania even wants to make installation of the app a prerequisite for participating in public life.<p>This is the trajectory for everything essential it seems. Want to function in the modern world? You need a pocket computer with approved applications on it to do increasingly important, but basic tasks. Banking, health, transportation, etc. are all sitting on the pocket computer that can watch where you go and track what you do to the minute.

Is there any government contact tracing app that is considered successful by tech people? Japan had a similar problem: its contact tracing app, COCOA, was originally developed by volunteers in open source. Then the government &quot;purchased&quot; the app and subsidized it to some medium IT vendor, which further subsidized it to six (!) other companies. The app has been regarded clusterfuck and failed to support the latest version of iOS&#x2F;Android.

Source code for the app can be found here: <a href="https:&#x2F;&#x2F;gitlab.com&#x2F;lucaapp" rel="nofollow">https:&#x2F;&#x2F;gitlab.com&#x2F;lucaapp</a>

german hiphop star smudo has been promoting the luca app in german tv, etc.<p>- funnily enough the same smudo who was a very vocal &quot;Napster bad!!11eleven&quot; voice back in the day ... however napster would at least meet 2 op the ccc criteria(instead of 0, like luca :)

I’m shocked (and amused) how little of this is comprehensible to me without more context.

Yeah, I knew this shit was gonna happen. I installed literally zero of these apps.

Ireland has a Covid19 tracker app that can easily intergrate with other EU covid apps. NearForm the Developer sells a branded version for a million.<p>It&#x27;s also open source with a generous licence.<p>Why didn&#x27;t Germany use that? Corruption.