Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proposal: Do not save scanned credentials #24

Open
pc-coholic opened this issue Jul 11, 2021 · 1 comment
Open

Proposal: Do not save scanned credentials #24

pc-coholic opened this issue Jul 11, 2021 · 1 comment

Comments

@pc-coholic
Copy link

Since the app contains a dedicated login screen and nice cards to display scanned credentials (again), I am assuming that the choice was made on purpose.

However I would like to encourage the idea of not saving the scanned credentials - or at least reduce the saving to an absolute minimum.

Assuming that the idea behind this feature is to have a list of (for example) customers that have visited my venue, I could probably do with a lot less details than the whole QR-credential which can include the name, DOB, vaccine, LOT number, dates, etc.

I do not know if there is concrete legislation for this, but at least in a few countries saving health related data (which vaccination credentials are a part of) cannot be saved without the users consent and especially not in an unsafe manner (I guess, this would open up the discussion, if a sqlite-database can be considered safe).

Also, especially since "replaying" the saved barcode allows for impersonation, as a user I would expect from the person checking my credentials to not save them.

I think, for 99% of all users of such a verifier app, just displaying a message containing the name, DOB and if the vaccination is acceptable (taking into consideration the amount of vaccinations and the time from the last shot) should be enough. Saving even those details should be an opt-in on the verifier settings.

Please don't get me wrong: not trying to badmouth your project - when it comes to the amount of supported vaccination certificates, it's the most advanced one I've seen so far. I'm just more sensible to this specific subject since I'm implementing vaccination certificate validation into my employer's apps right now and had to deal with those details :)
@gustavovalverde
Copy link

As this is (mainly) a credentials scanner, it makes sense not to save the credentials. But, as a generic app, which can be used as a scanner and wallet, it would be great to limit somehow the number of saved credentials, no more than 10 (for example). Or have a process to select which credential(s) will be stored.

cc: @vitorpamplona

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pc-coholic @gustavovalverde