{"id":675,"date":"2022-01-17T17:44:46","date_gmt":"2022-01-17T15:44:46","guid":{"rendered":"https:\/\/catalin.francu.com\/blog\/?p=675"},"modified":"2022-01-17T21:48:27","modified_gmt":"2022-01-17T19:48:27","slug":"cerere-de-informare-la-sts","status":"publish","type":"post","link":"https:\/\/catalin.francu.com\/blog\/2022\/01\/cerere-de-informare-la-sts\/","title":{"rendered":"Cerere de informare la STS"},"content":{"rendered":"\n<p>Tocmai am trimis aceast\u0103 cerere de informare la STS. V\u0103 anun\u021b ce r\u0103spund. \ud83d\ude42<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Bun\u0103 ziua,<br><br>\u00cen baza Legii 544\/2001 privind accesul la informa\u021biile de interes public, doresc s\u0103 primesc o copie a codului-surs\u0103 pentru aplica\u021bia Check DCC pentru scanarea certificatelor Covid-19.<br><br>Doresc ca informa\u021biile s\u0103 \u00eemi fie furnizate prin e-mail la adresa cata@francu.com.<br><br>Precizez c\u0103 s\u00eent inginer software \u0219i doresc s\u0103 studiez codul-surs\u0103 pentru a m\u0103 asigura c\u0103 face doar opera\u021biile necesare (validarea certificatelor) \u0219i nimic altceva, \u00een special c\u0103 nu transmite nic\u0103ieri informa\u021bii despre ce persoan\u0103 a fost la ce adres\u0103 IP la ce moment \u00een timp.<br><br>V\u0103 mul\u021bumesc,<br>C\u0103t\u0103lin-Andrei Fr\u00e2ncu<\/p><\/blockquote>\n\n\n\n<p>De ce este relevant: Aplica\u021bia oficial\u0103 pentru scanarea certificatelor \u00een mall-uri, restaurante, hoteluri etc. este <a href=\"https:\/\/play.google.com\/store\/apps\/details?id=ro.sts.dcc\">Check DCC<\/a>, o aplica\u021bie neliber\u0103 \u00een sensul <a href=\"https:\/\/ro.wikipedia.org\/wiki\/Software_liber#Formele_de_libertate\">libert\u0103\u021bii software<\/a> (adic\u0103 al c\u0103rei cod-surs\u0103 nu este publicat). Asta \u00eenseamn\u0103 c\u0103 trebuie s\u0103 ne punem \u00eencrederea \u00een dezvoltator (STS &#8211; Serviciul de Telecomunica\u021bii Speciale) c\u0103 aplica\u021bia face doar ceea ce promite \u0219i nimic insidios.<\/p>\n\n\n\n<p>Ce promite s\u0103 fac\u0103 aplica\u021bia? S\u0103 scaneze un certificat Covid \u0219i s\u0103 confirme sau infirme validitatea certificatului. At\u00eet este suficient pentru ca gazda s\u0103 aib\u0103 \u00eencredere c\u0103 i-am prezentat un certificat valid. (R\u0103m\u00eene \u00eentrebarea de ce nu i-a\u0219 putea prezenta un certificat desc\u0103rcat de pe Internet, dar validarea identit\u0103\u021bii este o alt\u0103 discu\u021bie).<\/p>\n\n\n\n<p>Ce lucru insidios ar putea s\u0103 fac\u0103 aplica\u021bia? Av\u00eend \u00een vedere c\u0103 printre permisiunile necesare este accesul deplin la re\u021bea, ar putea face orice. De exemplu, s\u0103 trimit\u0103 la compania-mam\u0103 (STS) informa\u021bia c\u0103 eu am fost la o adres\u0103 IP anume \u00eentr-o zi anume, la o or\u0103 anume. Din adresa IP, dac\u0103 este o adres\u0103 de cablu \/ fibr\u0103 optic\u0103 (de exemplu wifi-ul restaurantului), se poate afla destul de u\u0219or adresa fizic\u0103. Iar STS ar putea s\u0103 stocheze aceste informa\u021bii pentru o durat\u0103 \u0219i un scop nedeterminate.<\/p>\n\n\n\n<p>Exist\u0103 \u0219i varianta candid\u0103, \u00een care aplica\u021bia nu trimite nimic prin re\u021bea, sau \u00een care aplica\u021bia trimite aceste date strict pentru validare, validarea se face pe serverul STS, iar STS nu stocheaz\u0103 nimic. Din p\u0103cate, aceasta este problema cu software-ul neliber: el face un apel la \u00eencredere care pur \u0219i simplu nu ar fi necesar dac\u0103 am folosi software liber.<\/p>\n\n\n\n<p>Revin c\u00eend am nout\u0103\u021bi.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Tocmai am trimis aceast\u0103 cerere de informare la STS. V\u0103 anun\u021b ce r\u0103spund. \ud83d\ude42 Bun\u0103 ziua, \u00cen baza Legii 544\/2001 privind accesul la informa\u021biile de interes public, doresc s\u0103 primesc o copie a codului-surs\u0103 pentru aplica\u021bia Check DCC pentru scanarea certificatelor Covid-19. Doresc ca informa\u021biile s\u0103 \u00eemi fie furnizate prin e-mail la adresa cata@francu.com. Precizez [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[1],"tags":[],"class_list":["post-675","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/catalin.francu.com\/blog\/wp-json\/wp\/v2\/posts\/675","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/catalin.francu.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/catalin.francu.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/catalin.francu.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/catalin.francu.com\/blog\/wp-json\/wp\/v2\/comments?post=675"}],"version-history":[{"count":4,"href":"https:\/\/catalin.francu.com\/blog\/wp-json\/wp\/v2\/posts\/675\/revisions"}],"predecessor-version":[{"id":679,"href":"https:\/\/catalin.francu.com\/blog\/wp-json\/wp\/v2\/posts\/675\/revisions\/679"}],"wp:attachment":[{"href":"https:\/\/catalin.francu.com\/blog\/wp-json\/wp\/v2\/media?parent=675"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/catalin.francu.com\/blog\/wp-json\/wp\/v2\/categories?post=675"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/catalin.francu.com\/blog\/wp-json\/wp\/v2\/tags?post=675"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}