After I lost my phone a few weeks ago, I realized I could track it down in real time using my google maps location history. Our team discovered that, by default, "Google Timeline" logs all of our location data unless the smartphone user opts out. We also discovered that this is all downloadable via "Google Takeout". If this data could be aggregated and secured in a user friendly way, the public health implications are astronomical.
What it does
The immediate issue that retrospective contact-tracing solves is the silent, uncontrolled transmission of COVID-19 during asymptomatic stages of the disease. To solve this issue for anyone concerned about their risk of being a carrier, we developed a web application that enables users to upload their location history data via Google Takeout, assesses the extent to which users received harmful exposure to COVID-19 carriers, and processes all such user data securely. A longer term issue that this platform solves is deciding which public venues to reopen; our app-generated data could be analyzed to predict the risk of transmission at event spaces, tourism hotspots, and entertainment venues.
How I built it
We built a web application that emphasizes the user journey of our target user: those who want to check whether they have come in contact with a COVID-19 patient. The platform’s landing page focuses on educating users on how to download their “Google Takeout” location history data as a JSON file and upload it seamlessly via drag and drop. Alternatively, users can choose to manually input their location data. In either case, the user is redirected to a “manage your data” page, which enables users to select what pieces of location data they want to upload; for example, home addresses can be deleted before users upload their data and receive a “risk score”. Our UI/UX designer focused on optimizing the user journey of uploading one’s location data selectively, which our web developer built our MVP— the buttons, the video tutorial integration, and the html formatting— on webflow for demo purposes.
Challenges I ran into
- How can we trust self-reported COVID-19 cases? To what extent can this be centralized vs crowdsourced?
- How can uploaded user data be secured?
- How do we inform the public of the risks and benefits with sharing their data, which may be identifiable if improperly filtered? To what extent can we effectively educate users on this process?
- What heuristics best inform the public on their risk score, ie "percent time spent in a high incidence zone" or "minutes spent within 'x' feet of an individual with 'y' level of risk"
What's next for Norona
The next step would be to build a database that can securely manage sensitive location data. We are currently collaborating with another hack group, SafeTrace in the health and wellness track, to ensure that no central authority can view this data encrypted by the SafeTrace API. While we collaborate with SafeTrace on the back end, we will consult public health officials to define what heuristics are the best metrics for a “high risk” exposure case. For example, a commonly suggested “threshold” for reporting a user as “high risk” is a 10 minute exposure time of <6 feet within a COVID-19 victim. Finally, we hope to define future use cases of our technology. By developing a mobile app, we can notify users about the real time diagnosis of individuals who they recently encountered. Furthermore, we are currently in contact with developers of prospective, bluetooth contact tracing technologies (NOVID from CMU and Private Kit at MIT). By combining the retrospective location history data with continuously logged bluetooth interactions, we will be able to provide app users with a full picture of their risk, beyond the day they upload their location history. Perhaps most compelling of all is to train ML algorithms on location data labeled with user-reported “risk-scores” to assess the “risk score” of various locations in the future; this data has unquestionable power in public health decision making, especially when opening back up public venues and entertainment hotspots. Notably, we are on track to launch the first iteration of our platform— location logging and uploading to a secure server— by this Monday.
High level mission statement
Our vision is to empower anyone to take control over their data to better inform themselves of their risk as a potential carrier, thereby reducing the chance that high-risk individuals will transmit COVID-19 to others. To do this, our primary concern is destigmatizing the beneficial use cases of unidentifiable yet secure location data. We also hope to communicate to the mass public that their data, by default, will be invisible to central authorities unless they opt-in to share such data to help drive informed public health decisions. Furthermore, we hope to add value to the contact-tracing “market”. Due to data privacy concerns, every single institution or firm in this space is exploring bluetooth monitoring rather than location tracing. Because bluetooth data is only logged after an application is downloaded, the efficacy of Bluetooth monitoring hinges on the number of people who download the app preemptively. However, GPS data that resides on phones is highly valuable because a user can check their risk reactionarily at any point in time, even if they don’t have a specific contact-tracing app. Thus, we hope to impact a broader group of individuals who may not have downloaded such apps early enough. Finally, we enable users to self report their location data, which provides a contact tracing option to individuals who don’t have bluetooth access, which isn’t uncommon in developing nations.
Try It out