3.2 [7] It has been argued that this approaches compromises privacy, but has the benefit of human-in-the-loop checks and health authority verification.
[7] While users are not expected to register with their real name,[8]: p. 13 the back-end server processes pseudonymous personal data that would eventually be capable of being reidentified.
[11] Authentication during registration is required to prevent malicious actors from creating a multiple false user accounts, using them to interfere with the system.
In order to preserve the anonymity of the users, traditional authentication models using static identifiers such as email addresses or phone numbers could not be employed.
11 The suggested proof-of-work algorithm is scrypt as defined in RFC7914, popularized in various blockchain systems such as Dogecoin[12][13] and Litecoin.
If another client is found, the two exchange and log EBIDs, along with metadata about the encounter such as the signal strength and a timestamp.
[16] When a user, out of band, has been confirmed positive for infection the patient is asked to upload their contact logs to the central reporting server.
[16] Once the reporting server has received a contact log, each entry is run through a proximity check algorithm to reduce the likelihood of false positives.
The reason a random sample of users is sent a message for every report is so that eavesdroppers are not able to determine who is at risk for infection by listening to communication between the client and server.
[16] The Helmholtz Center for Information Security (CISPA) confirmed in a press release on April 20, 2020 that it was withdrawing from the consortium, citing a 'lack of transparency and clear governance' as well as data protection concerns around the PEPP-PT design.
[17] The École Polytechnique Fédérale de Lausanne, ETH Zurich, KU Leuven and the Institute for Scientific Interchange withdrew from the project in the same week.
[21] On 20 April 2020, an open letter was released signed by over 300 security and privacy academics from 26 countries criticising the approach taken by PEPP-PT, stating that 'solutions which allow reconstructing invasive information about the population should be rejected without further discussion'.