Is this app legit? Has anyone played with this app yet? Thanks
1 Like
Hi Joseph!
Yes, they are legit! You can learn more about the team through their readme doc on Github.
The application was developed over the last month and is currently released in beta status at the link below. The group is interested in having people test it out and file issues if they come across any!
Best Regards,
Jason
1 Like
Do you know the developers? has anyone vetted this code, there seems to be a lot of open source? I’m am really paranoid when you are exposing health data. Thanks
1 Like
I do want to say disclaimer-style that I am not an employee nor do my individual views represent those of the CoronaTracker team, but with that in mind I will do my best to point to the resources they have available for your questions and offer my opinions.
Do you know the developers?
I have had limited interaction; I help manage the documentation on Github and chat with the team on Discord. It started as an idea between a few people and has grown as a community effort, from their about page:
Brought together by a global community of 260+ contributors from four countries and five states speaking 10+ languages, we’re a group of developers, clinicians, marketers, and public health advocates working to bring a community-led solution to individuals seeking to have complete ownership of their health in this uncertain time.
They also have a list of the project leads on Github in the SUPPORT.md file.
has anyone vetted this code, there seems to be a lot of open source?
Who would vet the code? What authority?
I understand wanting to make sure the code is solid, but the beauty of open source is that you can either inspect the code yourself or hire someone to do an independent analysis.
I’m am really paranoid when you are exposing health data.
Exposing is a strong word, but I agree you should be very cautious whenever storing any type of sensitive data. Blockstack offers a method to make things secure, but like open source software, it doesn’t guarantee security.
The idea is that Blockstack and Gaia are the perfect tools to store this type of data, considering the user owns their data and is the only one with access to it. I can see potential in this idea, but the best way to understand it better is to get involved! I am still learning, too.
There are definitely some bigger picture questions about what the application can do with the data, ethical and privacy-focused approaches to analytics, how the data could be used to benefit doctors and those on the front line, and more - but these are all open items that could be taken up directly with the team on Github.
2 Likes
Exposing is not strong word. They can very easily funnel the data to multiple storage locations, that’s why i asked about ‘has code been vetted’. Why is someone from this apps team not responding to my forum post?.?. I have been involved in the blockstack community since onename. My problem now is all the early adopters are scattering. What do people like @dant and @friedger feel about this app? It’s a healthcare app we need to take this app seriously before the whole community starts to use it. Blockstack has so much potential and still has no apps that have value and No way to monetize, its been years. I am not a blockstack basher, I love it, but we just dont know how or who really develops some of these apps, Thanks for response.
1 Like
As far as it seems to me it’s a (small) community made app to help the (world wide) community – not to turn a profit.
For vetting, it’s fairly easy to open up your browser dev tools, use a dummy account and enter bogus data, and see where the network requests go. The only thing (I could find) the app is POSTing to outside of hub.blockstack.org is the map provider (with client id and other app-authorization codes, not user data) and the mobile text-subscription service (which only sends the phone number you put in). Nothing to heinous – yet =) .
Thanks Michael, your the man! Stay healthy and safe!
2 Likes
I helped the team to get started with blockstack. So, what I have seen is that they are serious about doing good things.
Using the newinternet plugin for your browser might give you some more trust in the app(s) as well.
1 Like
Exposing is not strong word.
The point I am trying to make is more around word choice. To say an application is “exposing” any kind of data implies there is an issue, and saying that without a claim or reason to back it up is assuming there is a problem when there might not actually be one.
They can very easily funnel the data to multiple storage locations, that’s why i asked about ‘has code been vetted’.
Yes, technically any developer can do this, and that’s why I made the point earlier: using Blockstack’s technology or being an open source application does not automatically make it safe. We should ask these type of questions for any application.
My problem with the idea of “vetting” an application is that the process can create a false sense of security. Even if an application gets a stamp of approval now, what happens when they change their code base down the road, or if the company is bought out by another?
In the end, the responsibility is on us as users to best identify how our data is being used. At least with an open source application we have the option to review the code or have someone do it for us, instead of having to rely on a company to say “this is what we are doing, promise!”
As @MichaelFedora mentioned, if we learn how to do things like open up the dev tools in the browser to review network activity, then we can start to get a better idea of what our applications actually do. As @friedger mentioned, there are tools like the New Internet Labs extension for Chrome that try to help with this as well. Information security is an ongoing process and should be treated that way.
Why is someone from this apps team not responding to my forum post?
While I would hope the CoronaTracker team is involved in the Blockstack forum, it is not a requirement to develop on Blockstack, so I would either give it time, join their Discord to ask questions, or post an issue to their Github linking to the forum post here asking someone to review the contents.
I did my best to answer because I saw your post after posting the business model working group update, and I offered a number of resources both about the project and team, all of which could be used to learn more and/or raise further questions.
I have been involved in the blockstack community since onename. My problem now is all the early adopters are scattering.
It is great that you have been involved since early on, and it is my hope that everyone will continue to see value in this technology and what it could do to help create a user-owned, privacy-focused Internet revolution. I see a ton of potential myself!
What do people like @dant and @friedger feel about this app?
I highly respect both of these developers’ opinions, but I don’t think it should be their responsibility to say if an app is “good” or “bad”. I think their feedback is very valuable but still come back to the point that, in the end, we have to figure out a method as a user to verify this type of information for ourselves.
This can be through our own knowledge, such as inspecting via the dev tools, or through a community-led program, such as the New Internet Labs browser extension. I would love to see more of this type of work done in the community and look forward to how this type of conversation will affect the next version of app mining.
It’s a healthcare app we need to take this app seriously before the whole community starts to use it.
We need to take any app seriously before we start to use it in production. Look at some of the other popular dapps and you can ask yourself similar questions. The same idea applies if I am storing personal data, website data, client data, accounting data, or healthcare data - I believe I should have a way to know where my data is going and what it’s doing.
Blockstack has so much potential and still has no apps that have value and No way to monetize, its been years.
This is really a separate issue. I feel there are definitely people out there using dapps on Blockstack, but I also feel this ecosystem is still in a very young stage. With the launch of testnet around the corner we are only beginning to explore the opportunities available in Stacks 2.0.
I am not a blockstack basher, I love it, but we just dont know how or who really develops some of these apps
Again, I think this is an important question to ask: who are the developers and what are their motivations? My point earlier was that the code is open source, the development team is listed in the linked files, and there is an active community you can tap into for more information.
1 Like
I’m am really paranoid when you are exposing health data.
Good idea. Keep it that way.
The CoronaTracker project is open source, so you can inspect the code and run it yourself if you like. I have helped them a bit, as has a few others from the Blockstack community. From their Discord and private messaging with them, the team behind seems devoted to privacy and to use Blockstack for user ownership of data, but still facing challenges as they’re also eager to use data for analytics that can benefit development of treatments and disease management. I am confident they’ll make good choices with our support and guidance.
1 Like
Jason, thanks for your input.
Hi Joseph, apologies for not being on the forum. I’m just getting up to speed with blockstack. I’m the data + analytics lead for Coronatracker. We’re taking every precaution to make sure the user is in full control of their data and there’s no misuse of data and opacity. We’re a grassroots effort to help during this difficult time and we want to highlight the innovative platform that Blockstack developed. If you have questions you can reach out to me. But I am in no way fluent in blockstack or dApp development - I’m learning, our team is learning, and we have only good intentions that will be backed up by best practices.
1 Like
Thanks for your input, Appreciate the transparency.