Downsides of a decentralised approach are... what?

[micolous]

From https://github.com/vmware/herald/blame/6fe526d2b20b9d3dad5515daf7ae3f9a3d2473bd/background/index.md#L143-L145

This mentions a downside of a decentralised approach being that only first-order contacts can be notified.

This issue impacts all systems that do not have a way to check logs of all participants in the system at all times, and has nothing to do with a decentralised approach. However, "fixing this" tends to fall afoul of privacy expectations in most democratic countries, which will also impact the adoption of any app.

From https://github.com/vmware/herald/blame/6fe526d2b20b9d3dad5515daf7ae3f9a3d2473bd/background/index.md#L150-L155

This references a Forbes article which reports on a paper describing attacks on ENF-based contact tracing apps being a threat to US elections.

This is played down in the article by Ron Rivest:

MIT professor Ron Rivest helped lay the foundation for what later became GAEN with a class he taught on Apple’s Find My Phone feature. Rivest, who helped invent the public-key cryptography used in bitcoin and more in 1977, downplays the threat, saying a simple campaign on Facebook or Twitter would be a much easier and cheaper way to achieve the same voter suppression. “If you have the desire to affect voter turnout, you can suggest to people that the poll sites might be contaminated, might be havens of disease,” he says. “Social medias of various sorts would be the way to do it today.”

Looking at information about its citation and status, it appears it has not been accepted into any journal, or gone through peer review. I was only able to find one other paper that cites it, which describes a block-chain based black market that would allow COVID-19 positive patients to sell their upload tokens.

The circumstances described both papers do not appear to be a problem that is unique to any decentralised contact tracing system, but rather an attack on Bluetooth based contact tracing systems in general. It would be possible to attack any protocol, even a centralised one, through either leaking upload tokens given to COVID-19-positive individuals, or by replaying or proxying the various Bluetooth protocols that they use between venues.

From https://github.com/vmware/herald/blame/6fe526d2b20b9d3dad5515daf7ae3f9a3d2473bd/background/index.md#L156-L164

This says that a decentralised protocol cannot operate across international borders, specifically citing travellers between Ulster and the Republic.

Both Northern Island and the Republic of Ireland agencies already share this data across borders with their ENF based system: https://www.bbc.com/news/uk-northern-ireland-52736896

As a counter-point, the Australian government has adopted a centralised protocol originally based on Singapore's system (which had support for international interoperability after server federation). However, this is not possible for Australian app users, as the protocol has been modified by the Australian authorities in incompatible ways.

There is nothing to stop any agency from sharing data in an in a decentralised data model, so it should not be listed as a "disadvantage". If anything, whether two countries or regions use the same system is more important than whether it is centralised or not.