Everybody agrees: To end this coronavirus-imposed lockdown we need a contact tracing app. But how do these actually work? And are they really the right solution to the problem?

On today’s episode of The Private Citizen, I’m trying to get a handle on all these new contact tracing technologies that are cropping up. This isn’t exactly easy, as everything is very much in flux at the moment and things are changing very rapidly. But I’m going to try to give you at least a decent overview.

The website now has a link-blog-style News section. You can use it to follow what I’m reading during the week as I’m preparing future episodes.

An update to what was discussed in episode 4 about TLS and mixed content: Chrome will stop loading mixed content in version 81.

Chrome 81 will auto-upgrade mixed content images without a fallback. This has the potential to break websites. That means that if an image asset cannot be loaded via https then Google will not show the image, potentially breaking the web page.

This also, as far as I can tell, applies to audio and video files. Previously “passive content” was exempted from this behaviour.

State of the Madness

This week, the German government has relaxed the curfew conditions. There are already people shouting that this will kill us all, as cases are on the rise again, apparently.

In the neighbouring federal state of Schleswig-Holstein, face masks will be mandatory from next Wednesday . In my state of Hamburg, the top health official had said on Tuesday that masks would remain a recommendation . A few hours later, the mayor of Hamburg announced in a press conference that masks will be mandatory from next Monday . They just had to beat Schleswig-Holstein in cracking down even earlier.

Keep in mind that there is currently no scientific consensus at all about the effectiveness of PPE in preventing SARS-CoV-2 infections in a general society setting, which is reflected by the official WHO recommendation.

If you are healthy, you only need to wear a mask if you are taking care of a person with COVID-19.

An analysis of the infection data from the Robert-Koch-Institut (RKI) seems to suggest that the curfew isn’t working very well either . The biggest effect on new infections seems to have come from suspending school and events.

Meanwhile, in Saarbrücken (Saarland), a supermarket decided it would measure people’s temperature at the entrance . If they register a temperature, they’d force you to explain it. Obviously, this caused massive criticism from data protection experts and the supermarket decided to backtrack and uninstall the infrared camera.

The city of Munich has cancelled the Oktoberfest .

How Contact Tracing Apps Work

With people going stir crazy in lockdown all around the world, everybody seems to agree that we need a technological solution to COVID-19. So how is this supposed to work? Here’s an overview from The Register:

In an effort to fend off the coronavirus while getting economies restarted, the world has hit on the same idea: a smartphone app that alerts people if they have been close to someone who has the virus. It may be the only effective solution to mass lockdowns; the virus is spreading “too fast to be contained by manual contact tracing, but could be controlled if this process was faster, more efficient and happened at scale,” researchers from the University of Oxford have concluded in a new paper. They argue that “a contact-tracing app which builds a memory of proximity contacts and immediately notifies contacts of positive cases can achieve epidemic control if used by enough people.”

c.f.: Quantifying SARS-CoV-2 transmission suggests epidemic control with digital contact tracing, Ferretti, Wymant et al., Science

There are already COVID-19 apps in use in China, Hong Kong, Russia and Singapore and both the US and Europe are working hard on their own versions that could be released before the end of the month. Not all these apps work in the same way however and with experts saying that to be effective they would have to be used by at least 60 per cent of the population, it is critical that whatever approach is taken is acceptable to a vast majority of the population.

There are three main approaches for contact tracing apps.

The first approach is also the simplest: using your phone’s built-in GPS receiver and get everyone’s location to within a few meters. This is tried-and-tested technology used by a huge array of smartphone apps to give people everything from directions to local listings, and so it is quick, cheap and easy to do.

But there are problems, the most significant of which is that all that data needs to be assembled and analyzed in a central location in order to be effective. If someone reports they are positive from the virus, it is possible to go back in time and see where they were physically and then warn everyone that was near them that they should seek to quarantine themselves to prevent further spread.

Technologically this is a good system but how it is implemented is crucial. In China, the government has told everyone it must download and run the app and has put monitoring at most public spaces, such as public transport and shops, to enforce it. The Chinese app has been simplified to give people one of three statuses: green, yellow and red. Green means you are free to travel around – and you will be constantly asked to show your green status – but those with yellow and red colors will be prevented from moving around.

South Korea also uses a GPS app which citizens are required to download but only works to make sure people don’t leave a specific quarantined area.

This is obviously horrible if you care about privacy. Or any personal freedoms, for that matter. GPS also doesn’t work indoors, where, presumably, you’re most at risk of infection.

The second main method for tracking and tracing is QR codes: machine readable codes. China, Hong Kong and Russia are all using this system where people are required to scan (or be scanned) at public places and the resulting data is then sent to central servers. The system means that people can be pinpointed to a specific location at a specific time – which can then be tracked back if someone is later found to have the virus.

This is also, in theory at least, a technologically savvy way of keeping track of the movements of millions of people. But it does mean a lot of people scanning and being scanned and that brings both time delays and inevitable tensions. It is also not the most effective solution: just because someone has been in the same building as someone with COVID-19 doesn’t mean they have been affected; they could have never been closer than 100 meters, or they could have been sat next to them for hours, the system can’t say.

It also sends vast quantities of location data, each attached to a specific individual, to a central database with no certainty on how it will be used or how long it will be stored.

Any system with checkpoints and people being scanned mandatorily for just leaving their home is unacceptable, in my opinion. By definition, you need to implement a police state to enforce it.

Bluetooth is the latest method – and one that is being pushed by Google and Apple as the best solution to tracking and tracing. It will end up in apps in the US and UK, and likely across Europe.

Unlike the other systems that have been run centrally and with very limited information about how they function, Apple and Google have published the APIs that they propose using and focused on how to put the user in charge of their data.

In this case, the system uses your phone’s Bluetooth function. Bluetooth uses short-wavelength UHF radio waves to transmit data over short distances. Your phone constantly broadcasts a Bluetooth identifier that allows others nearby to see it and connect to it.

Apple and Google’s system would use this function to keep a record - on your phone - of every other Bluetooth device that you come close to – an effective method of knowing that your device was physically close to another device. If someone is then diagnosed as having COVID-19 they can self-declare that fact and their phone will release the identifiers of all the other devices that they were close to over the past 14 days. Other people’s devices will then grab this list of identifiers and if their phone is on the list, they will be informed that they were close to someone with COVID-19 and may need to quarantine themselves.

This approach has several advantages: it doesn’t require precise location data, only relative location – you were close to this other person but it doesn’t matter where exactly you were when you were close to them. It also avoids the issue of a centralized database and control, with all the relevant data stored on individuals’ phones; data that is effectively worthless from a financial perspective. And it puts the reporting of a positive result into the hands of the individual.

Not to mention that it is the only solution that doesn’t turn any existing privacy laws, like the GDPR, into a complete farce.

The API documents foresees a Bluetooth identifier changing every few minutes with each phone having a single daily tracker that is used to generate a day’s worth of identifiers before being changed the next day: the idea being to make it hard-to-impossible to track a specific phone and hard for people to push false claims into the system by generating false identifiers.

Another advantage to publishing the technical details is that anyone will be able to produce an app and Apple and Google will then only be acting as gate-keepers for the apps themselves, checking that the apps don’t do anything malicious (watch out for that Facebook update). By working together to create a seamless system, it means the majority of smartphones on the market will also be covered. In the UK and US, citizens are less likely to respond to an edict from the government to download a specific app, and they are far less likely to accept constant checks and roadblocks by others, so this approach is likely to gain broader acceptance. It also means that the app will be able to work in the background – rather than having to be open all the time or have the phone unlocked – and shouldn’t use too much battery power.

On paper at least, it looks like a viable solution that could help limit the spread of the virus until a vaccine is available while also allowing people to move around more freely and so get the economy back up and running. It’s worth noting though it did require the manufacturers of the phone’s operating systems themselves to develop it; the other methods of GPS and QR codes could use existing phone functionality.

I actually disagree with that last point, because competing systems for Bluetooth tracing from third party developers were announced long before Apple and Google announced their API. Which brings us to PEPP-PT and DP-3T.

PEPP-PT and DP-3T

PEPP-PT is the Pan-European Privacy-Preserving Proximity Tracing initiative. It is an intradisciplinary team of researchers that is building a framework that every local European country can then use to implement a contact tracing app. It would, presumably, codify the rules the European Commission laid down for such apps last week:

  • App should be deactivated automatically and all remaining personal data and proximity data should be erased, as soon as the crisis is over.
  • App should be consent-based with full information of intended processing of data
  • Location data is not necessary nor recommended for the purpose of contact tracing apps, as their goal is not to follow the movements of individuals or to enforce prescriptions. Collecting an individual’s movements in the context of contact tracing apps would violate the principle of data minimisation and would create major security and privacy issues.
  • The app should ensure that no user knows the identity of any infected persons or of close contacts of infected persons
  • In order to enhance privacy and security, proximity data (close contacts) should be stored only on the device, and be deleted after the epidemiologically relevant period as recommended by ECDC (14-16 days). Only after a user has been confirmed infected, the proximity data of that user may be uploaded to the central server and/or the competent health authorities, depending on the system chosen by the Member State.
  • The ephemeral IDs transmitted between devices via BLE should be generated pseudorandomly and changed periodically. They should neither allow any user to identify the user of the specific device nor to associate multiple signals to the same device.
  • Pseudonyms should have no relation to long-lived personally identifiable information (PII).
  • The app should encrypt data as much as possible in order to enhance security and privacy

There’s also a call for independent review of the apps by technical experts, open-sourcing the apps, and a fair bit of commentary about such software being a complement to manual contact-tracing. The document also cites an Oxford study that suggests 60 percent of a national population will need to adopt the app for it to be effective.

However, PEPP-PT seems to have hit some dire straits recently with a lot of member organisations jumping ship. This seems to stem mostly from a lack of transparency in the organisation and an unwillingness to publish source code early. Something I can attest to personally. They or their partners have not answered any of my own technical questions concerning their specifications or the planned German tracing app. PEPP-PT had also originally endorsed technology called DP-3T (Decentralized Privacy-Preserving Proximity Tracing) but is now being accused of trzing to steer European governments away from it.

Security researcher Nadim Kobeissi – who some will still remember from early crypto fails with his Cryptocat messenger – has written a very good analysis of the problems with PEPP-PT.

On April 3rd, 2020, a team of 26 European researchers, led by the EPFL’s Prof. Dr. Carmela Troncoso, published the whitepaper for the Decentralized Privacy-Preserving Proximity Tracing protocol, DP-3T, meant to enable privacy-preserving contract tracing mechanisms at scale in order to help track and manage the COVID-19 pandemic in the general population.

DP-3T has attracted substantial attention, with many fruitful discussions on its GitHub repository as well as reasoned critiques by a handful in the cryptography community. Nevertheless, on April 10th, it was announced that a close variant of DP-3T had been adopted by Apple and Google for roll-out on all of their mobile devices, and the project seems to be moving forward productively.

The earliest record of PEPP-PT’s existence appears to be on April 1st. By April 10th, the website mentioned DP-3T in the following context: “Our privacy core: At PEPP-PT we support centralized and decentralized approaches and each country chooses which is suitable for their legislation. The DP-3T approach is the project currently under review for a decentralized implementation of the crypto part of an end-to-end implementation. Anything we provide is based on voluntary participation, provides anonymity, does not use personal data nor geolocation information, operates in full compliance with GDPR, and has been certified and tested by security professionals.”

On or around April 16th, the above text was erased from the PEPP-PT website. Prof. Dr. Kenneth Paterson, one of the researchers working on DP-3T, expressed his concerns thus: “Their system is closed and not open to review by external experts. We can’t look at a specification,” said Paterson. “We can’t look at code. So the system could be full of bugs. It could have a backdoor for the security services. No one outside their closed project can tell.”

The concern is that PEPP-PT is attempting to steer its partners into an opaque, centralized approach to contact tracing instead of following the public academic standard maintained by DP-3T.

So who is running PEPP-PT? And why?

PEPP-PT appears to be the brainchild of Hans-Christian Boos, founder of Arago GmbH and member of the Digital Council of the German Federal Government. Boos’s name is listed on the website’s impressum and headlines every communiqué that PEPP-PT has. PEPP-PT’s press communiqué also lists Prof. Dr. Marcel Salathé of EPFL and Prof. Dr. Thomas Wiegand of TU Berlin as “interview and discussion partners”.

It is worth mentioning that no other name is available in any disclosed PEPP-PT materials whatsoever, be it their website, press releases, or anything else. Only these three names appear, and the latter two very sparingly. Really, the only name that appears to be strongly associated with PEPP-PT despite its 40+ partners is that of Hans-Christian Boos. Boos’s online presence has him claiming to be an expert on Artificial Intelligence and many other fields in IT, at many times professing his expertise in a field precisely at the moment in which its name was becoming a public buzzword. Boos is also listed as a participant in the 2019 Bilderberg meeting.

But what is perhaps most concerning about Boos is that in an interview with Der Tagesspiegel on April 17th, Boos is quoted as saying: “For Germany, I favor a centralized solution [for contact tracing].”

On April 17th, Marcel Salathé, who was still listed as the second name out of the three names in PEPP-PT’s press communiqué, publicly disassociated from the project: “I am personally disassociating from PEPP-PT. While I do believe strongly in the core ideas (international, privacy-preserving), I can’t stand behind something I don’t know what it stands for. Right now, PEPP-PT is not open enough, and it is not transparent enough.”

On the same day, PEPP-PT was publicly attacked by the DP-3T community, including Prof. Dr. Michael Veale and Paterson. The criticism of Veale, Paterson and others seems to center around the fact that despite its long list of prestigious members, PEPP-PT has not yet produced any technical or research output whatsoever, and seems to be, on the contrary, withdrawing further into itself. It’s striking how, aside from issuing press releases and accruing industry partners, PEPP-PT has not accomplished anything whatsoever, aside from continuously regressing its practices into opacity.

The insinuation here is that Boos and PEPP-PT are trying to steer governments away from decentralised apps and towards a central server solution that uses AI technology from Boos' company.

There is a lot that seems to suggest that PEPP-PT is Hans Christian Boos’s attempt to capitalize on the fear and uncertainty of major European institutions during the COVID-19 pandemic in order to drag them into a group which he leads but which is nevertheless opaque, centralized, ill-managed and untrustworthy. PEPP-PT’s behavior currently appears to be political and irresponsible. At the very least, it can be said that PEPP-PT has not earned the institutional credibility required for an entity such as itself being charged with devising a protocol that deals in matters relating to a major global crisis.

Aside from DP-3T, which has actually released source code, there have been documents published by PEPP-PT, by INRIA for its ROBERT protocol and for another proposal by some scientists from the University of Munich and some industry partners which is called DCTS (Digital Contact Tracing Service).

I currently don’t know what technology is used for the German contact tracing app that is been developed under the auspices of the RKI.

It does seem, however, that pretty much everyone else has honed in on DP-3T as the technology we want to be implementing, including Apple and Google.

The Proposal from Apple and Google

Apple and Google, according to episode 762 of the Security Now podcast, are the perfect people to be implementing contact tracing. From what I can tell, they are implementing a system that is a close analogue of DP-3T. They also seem to be working together with the scientists and engineers involved in that project.

The companies' joint proposal is called Privacy-Preserving Contact Tracing and consists of a specification for Bluetooth distance measuring, cryptographic primitives to create and store phone identifiers and a framework and API for writing apps that interface with the underlying OS. Apple and Google will build capabilities into iOS and Android respectively, so that developers can access this infrastructure and build their own apps on top of it. They have also announced that they will monitor their app stores and make sure that only legitimate COVID-19 tracing apps will be published there.

From what I can tell, Apple and Google want to store the permanent ID of a given phone on the phone itself and once someone self-identifies as infected, a different, more ephemeral set of IDs is released to a central server which sends these on to phones of people who might have been in the vicinity of those ephemeral IDs. Like DP-3T, this approach has the users' phones do all the work. Comparisons of ephemeral IDs are done on individual phones, the server is only there to distribute ephemeral IDs of infected users.

There are already demands that the system must be central instead, though. First among those demanding this is, who else, the poster child for centralism, the government of France.

The criticism comes two weeks after a landmark collaboration between the two companies to build technology enabling digital contact tracing apps, which would track contacts between users in an attempt to help slow the spread of Covid-19. The collaboration enables phones from both companies to work together, but also sets strict limits on what data can be sent back to public health authorities. It is those limits that France wants lifted, France’s digital minister, Cédric O, said in an interview with Bloomberg News.

“We’re asking Apple to lift the technical hurdle to allow us to develop a sovereign European health solution that will be tied our health system,” O said.

After the Health Crisis and the Economic Crisis Comes a Privacy Crisis

With all this tracking and tracing going on, people are slowly understanding the risks posed to their privacy by these apps.

The Guardian writes:

The coronavirus pandemic has led to an unprecedented global surge in digital surveillance, researchers and privacy advocates around the world have said, with billions of people facing enhanced monitoring that may prove difficult to roll back. Governments in at least 25 countries are employing vast programmes for mobile data tracking, apps to record personal contact with others, CCTV networks equipped with facial recognition, permission schemes to go outside and drones to enforce social isolation regimes.

The methods have been adopted by authoritarian states and democracies alike and have opened lucrative new markets for companies that extract, sell, and analyse private data. One of the world’s foremost experts on mobile phone surveillance said the pandemic had created a “9/11 on steroids” that could lead to grave abuses of power.

“Most of these measures don’t have sunset clauses. They could establish what many people are describing as a new normal,” Ron Deibert, who heads the Citizen Lab at the University of Toronto, said in an interview with the Guardian.

In Europe, some of the world’s most privacy-conscious governments are collecting telecom data, employing drones and copying contact-tracing apps pioneered in Asia. In the US, Apple and Google have announced they will open up their mobile operating systems to allow for similar apps, which will run on iPhones and Android phones alike.

Israel, with its global reputation for both state and private sector intelligence gathering technology, was quick to implement surveillance on a national scale, initially with phone tracking measures endorsed by the prime minister, Benjamin Netanyahu. Lawmakers, however, opposed a proposal from the hardline defence minister, Naftali Bennett, to involve a private sector company in data analysis, which was later identified as the controversial Israeli spyware company the NSO Group.

Bennett had outlined a system in tweets that would give people a rating of one to 10 on their likelihood of carrying the virus, based on their movements and other factors. Israel is not using an NSO-developed system but a person familiar with the company said a “handful of governments” were already piloting the software it made to track the virus.

The German federal state of Hesse’s COVID-19 emergency task force is using software by Palantir , a known CIA spook outfit.

COVID-19 Digital Rights Tracker
Pandemic Big Brother

The Register also published a good piece on what is coming and why it’s obvious for anyone who’s covered tech for a while that it will be a problem.

The need for that exit strategy is plain because whenever businesses or governments get us all to sign up for data collection, the assumption is that it’s for the greater good and giving up a little privacy is worth it in the end. Then, whether sooner or later, that data is always criminally and cynically abused, usually in utterly predictable ways. Abuse of contact-tracing data is intolerable, because it is designed to be a verbose description of our movements and encounters. That may be acceptable in this moment of crisis, but it cannot endure.

So while we’re thinking about exit strategies, let’s develop one for contact-tracing, too, so that we can plan how to exit the temporary benefits of enhanced surveillance for a more balanced future. First, I believe Google and Apple could usefully kick things off by defining conditions under which they’ll deprecate their contact-tracing schemes. That deprecation plan should explain how, once coronavirus is behind us, the two firms will expunge contact-tracing from devices they power and ensure similar functions never make it into their app stores. Their operating systems will need to alert users whenever any activity that looks remotely like contact-tracing is in operation.

Above all, we’ll need to agree that contact-tracing as an “In case of emergency, break glass” tool rather than something worthy of regular deployment. And let’s make sure this gets done, because if we don’t, the consequences are utterly predictable.

As a comment on our story about Singapore open-sourcing its contact-tracer observed: “We’ll soon see similar products being offered by shady security outfits but with slightly different use cases.” And if the world holds true to form, we’ll also see:

  • Bad advice given to users who are therefore effectively coerced into releasing their location data;
  • Authorities neglecting the fine print about exactly what contact-tracing data they can use, and when they’re allowed to access contact-tracing data, followed by misuse and insincere promises to do better;
  • Large-scale leakage of contact-tracing data, followed by insincere apologies and slow reform of the practices that led to the leakage; Cynical misuse of the data by a social network;
  • A taboo-busting startup that, like Clearview AI did with mass facial recognition databases, goes where others won’t in order to make a buck.

And, of course, Snowden also sees it coming:

The future may be unpredictable, but global pandemics aren’t. There isn’t a single government on the planet that hasn’t been warned, repeatedly, that at some point a viral pandemic will sweep the globe, causing untold death and economic disruption. And yet most failed to prepare for the novel coronavirus.

‘Every academic, every researcher who’s looked at this knew this was coming," says famed whistleblower Edward Snowden in an exclusive interview with Vice co-founder Shane Smith. “Yet when we needed it, the system has now failed us, and it has failed us comprehensively.”

As authoritarianism spreads, as emergency laws proliferate, as we sacrifice our rights, we also sacrifice our capability to arrest the slide into a less liberal and less free world. Do you truly believe that when the first wave, this second wave, the 16th wave of the coronavirus is a long-forgotten memory, that these capabilities will not be kept? That these datasets will not be kept? No matter how it is being used, what’ is being built is the architecture of oppression.

Many academics see it coming:

Hundreds of academics have warned governments around the world not to commission coronavirus contact-tracing apps that collect and store personal data on entire countries’ populations. Published today, the open letter has been signed by professors from 26 countries and urges governments to think about the dangers of building pools of data revealing precisely who you meet, when and where.

The academics fear that a centralised approach would either create an irresistible temptation for “mission creep”, fuelling the worst authoritarian instincts of governments collecting population-scale social graph data –  or simply create a hugely valuable store of that data ripe for criminals, spies and similar undesirables to hack into.

And Reporters Without Borders is also sounding the alarm:

“The public health crisis provides authoritarian governments with an opportunity to implement the notorious ‘shock doctrine,'” Reporters Without Borders secretary-general Christophe Deloire said. Leaders could “take advantage of the fact that politics are on hold, the public is stunned and protests are out of the question, in order to impose measures that would be impossible in normal times,” he said.

→ c.f.: The Shock Doctrine: The Rise of Disaster Capitalism

Especially a tracing mechanism built right into the two operating systems that run on virtually every single smartphone is worrisome. Since they control the OS, they can easily deanonymise you if they want – or get ordered to do so by the US government. If you trust Apple, Google and the US government to never do anything bad when it comes to privacy it’s fine, I guess. But especially Google is a company that made its fortune by tracking people. And the US government’s lack of commitment to anyone’s privacy has become crystal clear since Snowden. And all of this doesn’t even address the possibility of Apple or Google getting hacked, possibly by a well-funded intelligence agency.

Is This a Problem That Can Be Solved with Technology?

To me, this looks like Silicon Valley tech bros thinking, as they usually do, that all of humanity’s problems are solvable with technology. They are all giddy about this crisis because first of all the lockdown benefits many of their companies and secondly it gives them the feeling of being important because they think they can help. But what if this isn’t a problem we can solve with technology. Are we building a nightmare surveillance state in return for empty promises that apps will make things better?

Like may thing in this crisis this seems to be an ill-thought-out solution to a problem we don’t fully understand. These people tell us we need to do these things because science! But they don’t fully seem to grasp how the scientific method works and when science has its limits. In the current situation, where we have limited data and very conflicting results on almost every front, there just doesn’t seem to be enough of a consensus to clearly indicate a solution in many cases. This is the same problems these apps are faced with: apps and computer models need solid input and they need to be built on good assumptions to work. But we simply don’t have enough data and understand too little to make solid assumptions.

I am not opposed to any of the measures that have been taken in general. But we clearly need to understand and communicate why we are taking them and what their limitations are. That goes for these apps and their underlying technology as well. But I feel like this is simply not done right now. People just decide something must be done, but don’t really analyse or justify the decision. They just quote a study or an expert and yell “science!!!” to drown out any counter arguments. All of this leads to a very knee-jerk decision making process that doesn’t take any of the long term consequences into account. Which is a shame, because when it comes to privacy it doesn’t really take a genius to see where we are headed.

Feedback

On the patrons-only Discord server, Butterbeans said:

Fab, do you sleep? I love all the content, but don’t kill yourself!

1i11g said that they’ve been following what I do since the old Linux Outlaws days and are glad that I am “working more on privacy now”.

It’s my pleasure to return some value!

Rasheed Alhimianee told me something along very similar lines:

I have enjoyed your content for years and continue to enjoy, supporting your Patreon is the least I can do.

I appreciate all of your generous support. I really do!

If you also have thoughts on the things discussed here, please feel free to contact me.

Toss a Coin to Your Podcaster

I am a freelance journalist and writer, volunteering my free time because I love digging into stories and because I love podcasting. If you want to help keep The Private Citizen on the air, consider becoming one of my Patreon supporters.

You can also support the show by sending money to via PayPal, if you prefer.

This is entirely optional. This show operates under the value-for-value model, meaning I want you to give back only what you feel this show is worth to you. If that comes down to nothing, that’s OK with me, pard. But if you help out, it’s more likely that I’ll be able to keep doing this indefinitely.

Thanks and Credits

I like to credit everyone who’s helped with any aspect of this production and thus became a part of the show.

Aside from the people who have provided feedback and research and are credited as such above, I’m thankful to Raúl Cabezalí, who composed and recorded the show’s theme, a song called Acoustic Routes. I am also thankful to Bytemark, who are providing the hosting for this episode’s audio file.

But above all, I’d like to thank the following people, who have supported this episode through Patreon or PayPal and thus keep this show on the air: Niall Donegan, Michael Mullan-Jensen, Jonathan M. Hethey, Georges Walther, Dave, Kai Siers, Eric gPodder Test, Rasheed Alhimianee, Butterbeans, Mark Holland, Steve Hoos, Shelby Cruver, Fadi Mansour, Matt Jelliman, Joe Poser, Vlad, ikn, Dave Umrysh, 1i11g, Vytautas Sadauskas, RikyM, drivezero, Dirk Dede, David Potter, Jackie Plage, Jonathan Edwards and Barry Williams.