The Aura App was made mandatory by Albion College for all students to install. It tracks a student's location at all times and records the data. There are obvious privacy concerns with an app like this because it is impossible to know what data the college is looking at. They say that they will only access it when a student is found to have Covid or when a student leaves campus, but there is no way to verify that.
Is it worth it?
The natural question to ask when an app like this is created is are the costs worth the benefits. People often have strong opinions on topics about security vs. privacy, but there are legitimate pros and cons to an app like Aura. The benefit of this app is that it provides better information about who has come into contact with who when someone is found to be infected. This will likely help limit the spread of Covid-19, but it is hard to say how much. The downside of this app is that students have no way of knowing what the college is doing with their data and storing all of that data makes it an attractive target. I don't think we will ever come to a balance between security and privacy that everyone agrees with, but we should try to define what our limits are.
My Thoughts
Personally, I don't think the benefits of this app are worth the costs. I don't think a college should track it's students at all times even if they are doing it for good reasons. There are too many risks to privacy and there are also risks to security. If the wrong people get access to this location data, they could do a lot of harm. They could see when people go certain places and potentially attack someone when they know they will be isolated. Multiple security flaws have already been discovered with this app, some of them completely negligent. Leaving in hard coded login credentials is completely inexcusable in an app that stores data this private, and the school should have stopped using the app when they found this out. Instead the company that made it just patched it out, but there is no telling how many other security flaws there are. The "service" also has another flaw where someone can go to a hidden part of the Aura website and get users' personal information by simply incrementing the account number. I don't know how Albion College can justify using this app now that these horrific security flaws have been found.
A Better Way
I think a better solution would be to have students personally track people who they have been in close contact with. For classes, students would just need to sign in and it would be easy to tell who has been in contact with who. This system would obviously be worse at identifying who people have been in contact with, but students retain control of their own data and don't have to put blind faith in the college. It would be harder to deal with people leaving campus. If the college feels that they absolutely need to know if someone has left campus, then a solution that is at least better is to track students' locations but don't store that data. This way malicious people can't access weeks of people's location history.
Top comments (0)