(For a tweet-sized take: https://twitter.com/sanchom/status/1250508266171437056)
Apple and Google have collaborated to create specifications for tracing COVID contacts using Bluetooth and cryptography (
https://covid19-static.cdn-apple.com/applications/covid19/current/static/contact-tracing/pdf/ContactTracing-BluetoothSpecificationv1.1.pdf, https://covid19-static.cdn-apple.com/applications/covid19/current/static/contact-tracing/pdf/ContactTracing-CryptographySpecification.pdf).
These protocols look like they would actually preserve privacy.
Your phone would generate a unique key each day.
Your phone would also generate and transmit a unique ID (based on the daily key, but that changes every fifteen minutes) over Bluetooth. It would also be recording IDs broadcast from nearby. Given that this ID changes every fifteen minutes, and that the contact IDs are stored on each device individually, the risk to privacy here is low: someone could follow you for fifteen minutes to confirm that a particular fifteen-minute ID was you, and they’d know where you went during those fifteen minutes, but they would have had to physically follow you in order to discover that anyway.
Later, if you happen to be diagnosed with COVID, you can voluntarily release your daily keys to a publication server, which would recreate and broadcast the associated 15-minute keys to the world. Then anyone whose phone was close to one of your 15-minute keys would be told that they were in contact with a person who had been diagnosed with COVID. They would also know whether this was a somewhat prolonged contact or just in passing.
I can’t imagine a way to use this information to determine the contacts or locations of any particular person, given that the actual contact events are stored on the contacts’ phones and never uploaded to a central server.