The RISKS Digest
Volume 31 Issue 65

Thursday, 9th April 2020

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Problems With Zoom Are Mounting
Thousands of Zoom video calls left exposed on open Web
A Surge It Didn't Expect Has Zoom Rushing Fixes
Zoom Meetings Do Not Support End-to-End Encryption
The Intercept
Boeing 787s must power cycle every 51 days
The Register
Can Solid Save The Internet?
Turning Back the Clock on Aging Cells
Online Credit Card Skimmers Are Thriving During the Pandemic
Marriott data breach, Millions of records spilled
Can artificial intelligence fight elderly loneliness?
Autonomous weapons, AI and Facial Recognition, Pandemic priorities
Diego Latella
Cloudflare launches mass censorship product
Lauren Weinstein
Domain Name Registration Data at the Crossroads
Content Delivery Networks and clouds join MANRS Internet security effort
A first-world 2020 issue…
geoff goodfellow
David Reed comment on models
via Dave Farber
Reminder on Planning for the Future
Measurement units risk in those Open Source ventilators?
Tony Harminc
Russia's Planned Coronavirus App is a State-Run Security Nightmare
How to Refuel a Nuclear Power Plant During a Pandemic
NJ's 40-year-old system increases delays for unemployment checks amid coronavirus crisis
Philip L. Lehman
Touch-screens in rental and other shared vehicles for COVID-19
U.S. government & tech industry discussing ways to use smartphone
Broadband engineers threatened due to 5G coronavirus conspiracies
The Guardian
An unprecedented wave of personal data could be heading to federal agencies
Re: Risks of Leap Years, and depending on WWVB
Bob Wilson
Re: What happens when Google loses your address?
Steve Golson Dan Jacobson
Re: MIT Will Post Free Plans Online for an Emergency Ventilator That Can Be Built for $100
Amos Shapir
Re: Mathematics of life and death
Amos Shapir
Re: A computer virus expert looks at CoVID-19
Dan Jacobson PGN Dan Jacobson
Masking the CoVID-19 problem
Rob Slade
Info on RISKS (comp.risks)

Problems With Zoom Are Mounting (TechCrunch)

Charles Dunlop <>
Wed, 1 Apr 2020 16:19:43 -0400

Both Windows and Macs are affected:

Thousands of Zoom video calls left exposed on open Web (WashPost)

Lauren Weinstein <>
Fri, 3 Apr 2020 10:22:59 -0700

Many of the videos include personally identifiable information and deeply intimate conversations, recorded in people's homes.

A Surge It Didn't Expect Has Zoom Rushing Fixes (NYTimes)

“Peter G. Neumann” <>
Thu, 9 Apr 2020 10:09:29 PDT

Natasha Singer, Nicole Perlroth and Aaron Krolik The New York Times business section front page today

A Council of Chief Info Officers from other companies is helping!

Zoom Meetings Do Not Support End-to-End Encryption (The Intercept)

Gabe Goldberg <>
Wed, 1 Apr 2020 12:52:47 -0400

“When we use the phrase ‘End to End’ in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point,” the Zoom spokesperson wrote, apparently referring to Zoom servers as “end points” even though they sit between Zoom clients. “The content is not decrypted as it transfers across the Zoom cloud” through the networking between these machines.

Matthew Green, a cryptographer and computer science professor at Johns Hopkins University, points out that group video conferencing is difficult to encrypt end to end. That's because the service provider needs to detect who is talking to act like a switchboard, which allows it to only send a high-resolution videostream from the person who is talking at the moment, or who a user selects to the rest of the group, and to send low-resolution videostreams of other participants. This type of optimization is much easier if the service provider can see everything because it's unencrypted.

Boeing 787s must power cycle every 51 days (The Register)

“Peter G. Neumann” <>
Thu, 2 Apr 2020 9:44:15 PDT

Boeing 787s must be turned off and on every 51 days to prevent 'misleading data' being shown to pilots The Register

Can Solid Save The Internet? (Hackaday)

the keyboard of geoff goodfellow <>
Sun, 5 Apr 2020 09:37:19 -1000


We ran an article on Solid this week <>, a project that aims to do nothing less than change the privacy and security aspects of the Internet as we use it today. Sir Tim Berners-Lee, the guy who invented the World Wide Web as a side project at work, is behind it, and it's got a lot to recommend it. I certainly hope they succeed.

The basic idea is that instead of handing your photos, your content, and your thoughts over to social media and other sharing platforms, you'd store your own personal data in a Personal Online Data (POD) container, and grant revocable access to these companies to access your data on your behalf. It's like it's your own website contents, but with an API for sharing parts of it elsewhere.

This is a clever legal hack, because today you give over rights to your data so that Facebook and Co. can display them in your name. This gives them all the bargaining power, and locks you into their service. If instead, you simply gave Facebook a revocable access token, the power dynamic shifts. Today you can migrate your data and delete your Facebook account, but that's a major hassle that few undertake.

Mike and I were discussing this on this week's podcast <>, and we were thinking about the privacy aspects of PODs. In particular, whatever firm you use to socially share your stuff will still be able to snoop you out, map your behavior, and target you with ads and other content, because they see it while it's in transit. But I failed to put two and two together.

The real power of a common API for sharing your content/data is that it will make it that much easier to switch from one sharing platform to another. This means that you could easily migrate to a system that respects your privacy. If we're lucky, we'll see competition in this space. At the same time, storing and hosting the data would be portable as well, hopefully promoting the best practices in the providers. Real competition in where your data lives and how it's served may well save the Internet. (Or at least we can dream.) […]

Turning Back the Clock on Aging Cells (NYTimes)

the keyboard of geoff goodfellow <>
Sun, 5 Apr 2020 09:38:36 -1000

Researchers report that they can rejuvenate human cells by reprogramming them to a youthful state.


Researchers at Stanford University report that they can rejuvenate human cells by reprogramming them back to a youthful state. They hope that the technique will help in the treatment of diseases, such as osteoarthritis and muscle wasting, that are caused by the aging of tissue cells.

A major cause of aging is thought to be the errors that accumulate in the epigenome, the system of proteins that packages the DNA and controls access to its genes. The Stanford team, led by Tapash Jay Sarkar, Dr. Thomas A. Rando and Vittorio Sebastiano, say their method, designed to reverse these errors and walk back the cells to their youthful state, does indeed restore the cells' vigor and eliminate signs of aging.

In their report, published on Tuesday in Nature Communications, they described their technique as “a significant step toward the goal of reversing cellular aging” and could produce therapies “for aging and aging-related diseases.”

Leonard P. Guarente, an expert on aging at M.I.T., said the method was “one of the most promising areas of aging research”, but that it would take a long time to develop drugs based on RNA, the required chemical.

The Stanford approach utilizes powerful agents known as Yamanaka factors, which reprogram a cell's epigenome to its time zero, or embryonic state.

Embryonic cells, derived from the fertilized egg, can develop into any of the specialized cell types of the body. Their fate, whether to become a skin or eye or liver cell, is determined by chemical groups, or marks, that are tagged on to their epigenome.

In each type of cell, these marks make accessible only the genes that the cell type needs, while locking down all other genes in the DNAs. The pattern of marks thus establishes each cell's identity.

As the cell ages, it accumulates errors in the marking system, which degrade the cell's efficiency at switching on and off the genes needed for its operations.

In 2006 Dr. Shinya Yamanaka, a stem-cell researcher at Kyoto University, amazed biologists by showing that a cell's fate could be reversed with a set of four transcription factors—agents that activate genes—that he had identified. A cell dosed with the Yamanaka factors erases the marks on the epigenome, so the cell loses its identity and reverts to the embryonic state. Erroneous marks gathered during aging are also lost in the process, restoring the cell to its state of youth. Dr. Yamanaka shared the 2012 Nobel Prize in medicine for the work.

But the Yamanaka factors are no simple panacea. Applied to whole mice, the factors made cells lose their functions and primed them for rapid growth, usually cancerous; the mice all died.

In 2016, Juan Carlos Izpisua Belmonte, of the Salk Institute for Biological Studies in San Diego, found that the two effects of the Yamanaka factors — erasing cell identity and reversing aging—could be separated, with a lower dose securing just age reversal. But he achieved this by genetically engineering mice, a technique not usable in people.

In their paper on Tuesday, the Stanford team described a feasible way to deliver Yamanaka factors to cells taken from patients, by dosing cells kept in cultures with small amounts of the factors.

If dosed for a short enough time, the team reported, the cells retained their identity but returned to a youthful state, as judged by several measures of cell vigor. […]

Online Credit Card Skimmers Are Thriving During the Pandemic (WiReD)

Gabe Goldberg <>
Tue, 31 Mar 2020 19:03:58 -0400

Unfortunately, there's not much you can do to protect yourself. A site infected with a skimmer looks and acts no different from one that's not. Researchers suggest sticking to big retailers that have a good track record of maintaining site security. Organizations without the resources for dedicated IT teams are more likely to miss the software updates and routine maintenance that keep sites secure over time.

This is especially worth considering during the current pandemic, as small retailers and other groups rush to transition more of their business online. When possible, use crowdsourcing platforms like GoFundMe or third-party payment processors like Paypal to handle transactions rather than filling out payment forms directly from small organizations. And for older sites that are getting more use now, Segura suggests checking the copyright tag that's often floating around at the bottom of the page.

“Check as best you can whether a site has been maintained or not,” he says. “If the copyright notice is from 2017 it could mean that somebody hasn't looked at the template in awhile. You can't eliminate the risk completely, but you can reduce it.”

Marriott data breach, Millions of records spilled (CNBC)

“Peter G. Neumann” <>
Wed, 1 Apr 2020 5:50:57 PDT

Can artificial intelligence fight elderly loneliness? (

Richard Stein <>
Wed, 1 Apr 2020 09:37:33 +0800

“In the current climate, in which billions of pensioners around the world are in social isolation due to the risk of spreading coronavirus, Astell believes smart speakers could prove to be an increasingly useful tool.”

A skilled conversationalist, welcome in your home. Easy to trust and known to supply free information (weather, traffic, top headlines, music, etc.) and tells jokes when asked.

Risk: Psychological manipulation of isolated or emotionally vulnerable individuals via digital truth default.

Autonomous weapons, AI and Facial Recognition, Pandemic priorities

“Diego.Latella” <>
Wed, 01 Apr 2020 11:28:56 +0200

A few links of interest

  1. Interview by Lucas Perry with Paul Scharre: AI Alignment Podcast: On Lethal Autonomous Weapons with Paul Scharre

  2. AI and Facial Recognition: Challenges and Opportunities
  3. It is useful to circulate this message from ACA

Cloudflare launches mass censorship product

Lauren Weinstein <>
Wed, 1 Apr 2020 10:15:45 -0700

[Not an April Fools' Joke] (From Network Neutrality Squad)

Cloudflare, long the home of many right-wing hate and other disreputable sites, has announced that their DNS product now includes “Family” flavors with malware and “adult” blocking. Reports are already coming in of LGBTQ and other sex education resources being blocked by these versions of their DNS servers.

It was bad enough news when Mozilla switched Firefox users by default to Cloudflare DNS servers. But the irony of a firm that continues to happily host hate speech also running a vast censorship service is beyond disgusting.

And yes, Cloudflare confirms that this is not a joke.

Domain Name Registration Data at the Crossroads (Interisle)

Lauren Weinstein <>
Wed, 1 Apr 2020 15:07:49 -0700

“Overall, there is a failure to provide the domain name registration data access, predictability, and reliability that ICANN exists to deliver, and registrars are obligated to provide. For the past 15 years ICANN has tried, and failed, to deliver domain name data policies that balance legitimate needs, applicable legal obligations, and ICANN's Commitments and Core Values. The findings of this study clearly illustrate the extent to which the current regime is broken. ICANN and its community stand at a crossroads: can they develop and implement policies that meet the vital needs of the Internet?”

Content Delivery Networks and clouds join MANRS Internet security effort (ZDNet)

Gabe Goldberg <>
Sat, 4 Apr 2020 00:33:47 -0400

With the Internet being hammered as never before, CDNs and cloud are joining with the Internet Society to help secure vital Internet routing.

A first-world 2020 issue…

geoff goodfellow <>
Tue, 31 Mar 2020 09:53:25 -1000

“2020. I cannot change the temperature in my house because the my thermostat provider is having a global outage.”

David Reed comment on models

Dave Farber <>
Sat, 4 Apr 2020 18:19:34 +0900

I agree with David and have said the same to my colleagues

“The ability to make such forecasts accurately is not there. These forecasts are like hurricane path forecasts, except the data for this is far worse, and the inherent variability of results are much bigger. Most of them being made, if not all of them, don't use Monte Carlo methods, which run many simulations with randomized inputs to calculate the variability of results. Hurricane path forecasts do. So all of the stuff to te right of the peak is inherently wildly uncertain. But it “looks” to a layman like the right hand side of the graph sort of gets more predictable! That's because Monte Carlo models weren't used! Because the uncertainty is bigger than that.

One clue: there is clearly an assumption that immunity is created long term. But how long term is the immunity? We have NO data that discusses immunology long term, and some for short term. But there are other issues: premature reduction of social distancing may happen, because the causality is not indicated at all. If everyone sighs with relief after “turning the corner” and just starts hugging all their friends, disease will spread and the curve will stretch out or go up. If “immune” people go out and hug everybody because they feel invulnerable, they WILL spread it much faster, and they may feel no responsibility at all, if they have a certificate of immunity, many will fight any restraints in their “freedom”. This latter will be justified by this VERY graph! Printing this permanently on a chart , and not showing how it changes with every new learning, that's what may kill us. Sticking to a plan is dangerous. Businesses that “stay on plan” by pretending new data doesn't exist and adjusting their accounting to meet The Street eventually die, suddenly. Like Enron. Or more importantly, the “perfectly hedged” financial system in 2007. As they realized that risks were not independent gaussians, but dependent non-gaussian”

Reminder on Planning for the Future

“Peter G. Neumann” <>
Sat, 4 Apr 2020 16:56:30 PDT

The maintenance contract for the Federal stockpile expired a while back. It should not be surprising that many of the procured ventilators don't work. PGN

Measurement units risk in those Open Source ventilators?

Tony Harminc <>
Wed, 8 Apr 2020 15:52:30 -0400

I've been following a couple of these projects, and while I completely support the idea, I am dismayed by the muddle of units being used for various mockups and prototypes and in discussions. Notably, for gas (air/oxygen) pressure I have seen all of mm of water, inches of water, the same but using “H2O” instead of “water”, mm of Hg, kPa, 1000s of kPa (!), bar, millibar, and PSI. Nowhere have I seen Absolute or Gauge mentioned. For volume and flow there have been L, ml, and cc, each per second, per minute, and per hour. Doubtless there are more.

Clinical—and to a lesser extent, research—medicine has been highly resistant to full SI compliance for many years, and I don't want to restart that argument; perhaps there are good reasons to keep using units like mm Hg for blood pressure that are based closely on actual measurement. And it may be that by good luck none of the plausible real-life ranges for the above units actually overlap. But given that customary medical units vary from country to country (notably blood glucose, measured in mmol/l or mg/dl, which scales do overlap at the extremes), and that the target users for these ventilators are in many countries likely to be minimally trained “barefoot doctors” rather than specialist clinicians, surely some consistency is called for. Maybe most important - input and display of these values needs to always have a unit label attached.

Air and space craft have failed because of unit mixups; let's hope we don't have very ill patients being over or under ventilated because of someone's assumptions.

Russia's Planned Coronavirus App is a State-Run Security Nightmare (Gizmodo)

Lauren Weinstein <>
Wed, 1 Apr 2020 14:18:01 -0700

How to Refuel a Nuclear Power Plant During a Pandemic (WiReD)

Gabe Goldberg <>
Sat, 4 Apr 2020 16:18:38 -0400

NJ's 40-year-old system increases delays for unemployment checks amid coronavirus crisis

“Philip L. Lehman” <>
April 5, 2020 9:25:14 JST

[via David Farber]

It turns out New Jersey needs COBOL programmers!

NJ's 40-year-old system increases delays for unemployment checks amid coronavirus crisis

New Jersey officials vowed Saturday to speed up the processing of unemployment claims despite relying on a 40-year-old computer system that has been overwhelmed by the record number of requests due to the coronavirus crisis.

Labor Commissioner Robert Asaro-Angelo said a plan to increase phone lines, train additional staff to handle claims and provide laptops to workers at home will help ease the crushing amount of claims being sought amid the economic meltdown brought upon by the virus.

“There is nothing I want more than to put your hard-earned benefits into your family budget sooner,” he said at Gov. Phil Murphy's daily coronavirus briefing.

Recently jobless New Jerseyans have experienced heavy lag times or issues while trying to collect unemployment insurance, partly due to a “clunky” 1980s computer system that the Department of Labor still depends upon to process claims and issue checks.

“We literally have a system that is forty-plus years old,” Murphy said.

“There will be lots of postmortems and one of them on our list will be: how did we get here when we literally need COBOL programmers,” Murphy said of the outdated computer language. […]

Touch-screens in rental and other shared vehicles for COVID-19

“Peter G. Neumann” <>
Wed, 1 Apr 2020 14:44:41 PDT

Think of all the places you have to touch to drive a car. Apparently high-end Mercedes are eliminating touchscreens. Controls for shifting, hand brakes, steering, touch pads, lights, windshield-wipers, just about everything else. Do we need voice-only controls that have to be trained before renting a car? Stay home.

U.S. government & tech industry discussing ways to use smartphone (WashPost)

Jan Wolitzky <>
Tue, 17 Mar 2020 15:06:29 -0400

[Duane Thompson: Apparently they are already doing this in Colorado:] ]


To Track Coronavirus, Israel Moves to Tap Secret Trove of Cellphone Data

Broadband engineers threatened due to 5G coronavirus conspiracies (The Guardian)

Gabe Goldberg <>
Sat, 4 Apr 2020 01:19:09 -0400

EE suspects telephone mast engulfed by fire in Birmingham was an arson attack as celebrities claim Covid-19 caused by new network

An unprecedented wave of personal data could be heading to federal agencies (FedScoop)

Gabe Goldberg <>
Sat, 4 Apr 2020 11:31:40 -0400

Re: Risks of Leap Years, and depending on WWVB (Seaman, RISKS-31.64)

Bob Wilson <>
Wed, 1 Apr 2020 12:00:52 -0500

There is a nice detective story, /The Wyndham Case/, by Jill Paton Walsh, where a major component of the story has to do with both the change in when the year officially starts and the “loss” of days when the calendar was changed. Their relevance gradually appears as the story progresses. It includes the comment that anyone doing historical research from that period has to remember their effect, and I know it can also be important for genealogists.

Re: Risks of Leap Years, and depending on WWVB (Seaman, RISKS-31.64)

Steve Golson <>
Wed, 1 Apr 2020 13:57:31 -0400

The watch is receiving a 60kHz signal broadcast by WWVB. The time indicated is UTC, but also encoded in the signal is the current status of DST in the US.

So if the watch misses a DST adjustment, it could be the fault of WWVB. But that's highly unlikely, and I suspect the watch applied the DST correction on the correct day, but at the wrong time.

RISK: things that are highly unlikely, sometimes actually happen.

Re: What happens when Google loses your address? (RISKS-31.64)

Dan Jacobson <>
Thu, 02 Apr 2020 17:53:25 +0800

Yup, even one's prestigious “11 Nerdsburg Estates” address one ends up hastily taking off of all one's advertisements. As the moment Google starts sending one's customers to the wrong end of town, and your Feedback to Google going into a black hole, you'll go back to just giving out a latitude longitude pair.

Re: MIT Will Post Free Plans Online for an Emergency Ventilator That Can Be Built for $100 (Weinstein, RISKS-31.64)

Amos Shapir <>
Fri, 3 Apr 2020 10:44:03 +0300

> There's no good reason that ventilators have to be so expensive and > complex as the ones routinely used today, when not having any kind of > ventilator means DEATH for so many patients.

Coming to think of it, “not having … a ventilator means DEATH” is exactly why “ventilators have to be so expensive”…

Re: Mathematics of life and death (RISKS-31.64)

Amos Shapir <>
Fri, 3 Apr 2020 10:59:36 +0300

This article is a textbook example of the risks of relying blindly on mathematical models, especially in life threatening situations. Even the best models may implicitly rely on hidden assumptions and have many unknown variables.

Unfortunately, the results of such policies are now obvious, written in blood: The Netherlands is now at the top of the table of deaths per 1 million people (right behind Italy, Spain and France); and Sweden, which had taken a similar policy, suffers three times the death rate than neighboring Norway.

Re: A computer virus expert looks at CoVID-19 (Slade, RISKS-31.64)

Dan Jacobson <>
Fri, 03 Apr 2020 23:23:15 +0800 “The coronavirus genome ends with a snippet of RNA that stops the cell's protein-making machinery. It then trails away as a repeating sequence of aaaaaaaaaaaaa”

A computer virus expert looks at COVID-19 (Slade, RISKS-31.64)

Dan Jacobson <>
Fri, 03 Apr 2020 22:12:54 +0800 cguaggaauguggcaacuuuacaaacuuuacaa… As NSP12 duplicates the coronavirus genome, it sometimes adds a wrong letter to the new copy. NSP14 cuts out these errors, so that the correct letter can be added instead. gcugaaaauguaacaggacucuuuaaagauugu…

Re: A computer virus expert looks at COVID-19 (Slade, RISKS-31.64)

“Peter G. Neumann” <>
Wed, 1 Apr 2020 9:07:37 PDT

I received a few comments. Here's one set.

The article is riddled with errors and incorrect information, but has a lecturing tone as if it comes from an expert. I am not a molecular biologist or virologist, but I know enough to recognize the many inaccuracies in Mr Slade's article. He doesn't even get the name of the virus correct, calling it CoVID-19, which is the name of the disease, not the name of the virus. No virologist would make that basic mistake. The unfortunate use of the same word for a molecular virus and computer virus does NOT qualify someone to lecture on the virology of SARS-CoV-2, which he points out, but he then proceeds to do exactly that himself, and not very well.

There are far too many errors in the article for me to address individually, nor would I have the time or motivation to do so if challenged by Mr Slade, I will just say please don't allow the high frequency of contribution by a regular contributor lend a credibility to the quality of the contribution that isn't there when the topic is outside the contributor's expertise. (Perhaps this is a RISK in itself? A halo effect arising from contribution frequency?). I realize that screening posts is a monumental task and again I am grateful for everything you do… not trying to add to your workload… but this matters. The seriousness of COVID-19 and the wide audience seeking information and advice on how to protect one's health makes it imperative that misinformation from unqualified people apparently trying to sound knowledgeable and important be rejected and not published to the extent possible, as it can do actual harm to people.

Masking the CoVID-19 problem

Rob Slade <>
Thu, 2 Apr 2020 08:29:44 -0800

Properly fitting, and properly filtering, face masks are an important part of medical personal protective equipment for keeping front line medical staff safe if they are in areas or situations of high viral load. (Or, indeed, in many other situations where they may be encountering any number of infectious agents.)

Otherwise, having a piece of paper or fabric in front of your mouth does almost nothing in keeping you from getting infected with the CoVID-19 virus.

The trouble is that, at the moment, and in the midst of a crisis, a lot of people, some authoritative but with specialized agendae, some not authoritative, and some merely visible and persuasive, are saying, on the basis of very limited evidence, that masks might be good for you, and, besides, what could it hurt?

Let's look at the (remarkably few) benefits, and the (much greater) risks. There are quite a number of reasons that it might hurt a lot.

The first is, what do you mean by “masks”? There are dust masks, that are intended to keep you from breathing in relatively large particles like sawdust. There are surgical masks, which look almost identical to dust masks, but are made differently and of different materials and to different standards, intended to keep you from breathing (or, more realistically, spitting) out droplets of who-knows- what over patients with open wounds. There are slightly form fitting masks made of specially porous materials that provide a larger surface to breath through and so filter smaller particles, droplets, and some aerosols out of the air you are breathing in. (These also tend to catch most droplets that you are breathing out, but probably not all, and not aerosols, since, when you breath out, your breath tends to push the mask away from your face, and allow your breath, aerosols, and some droplets to escape above, below, and to the sides of the mask. The same happens with dust and surgical masks.) Then there are extended form fitting respirators, many with integrated face or eye shields, and with filters to deal with specific particle sizes.

And then there are home made masks, fashioned from whatever fabric is to hand, to whatever design comes to mind, with little or no regard for porosity, size of weave, or the ability to trap whatever particles are being breathed in or out. Just last night, on the nightly news, the news anchor proudly showed off a face mask that his wife had crafted. It had a lovely pattern on the fabric, and was lined with plastic from a bag. Excuse me? Plastic? Non-breathable, non-porous plastic? I'm not sure what that is supposed to do. Any breathing is going to take place around the edges of the mask. A normal person, under no effort or stress, is probably not going to be harmed by it, but anybody with respiratory problems who uses it may be in serious difficulty. It may, almost accidentally, trap droplets that are breathed out, but otherwise I can't see any possible benefit at all.

The second major issue is the “evidence” for the benefit of masks. There seem to be two points of evidence.

The first piece of evidence is that nurses and medical techs wear masks. You can see them. They are the “face” of the medical system, and, these days, that face is covered with a mask. Obviously, masks are important.

“Obvious”, as we say in mathematics, is what you say when you can't prove it. You do see nurses, medical techs, emergency first responders (on the news), and staff in intensive care units (on the news) wearing masks. You can't help but notice the masks. You don't notice gowns (changed between patients), gloves (changed between patients), face shields, and constant, everlasting hand-washing. You also don't see the vastly higher probabilities that these people will encounter the virus, nor the fact that the gowns (changed between patients), gloves (changed between patients), and masks (changed between patients) are intended as much to protect you as the medical staff. (Nor the “public relations” and “social engineering” aspects of “security theatre” intended to sooth fears in a time of poorly understood crisis. There are non-medical reasons to wear masks in some situations.)

The second piece of evidence is an “observation” (one cannot call it a study) that some populations with a high incidence of mask-wearing have significantly lower transmission rates of the virus. (You cannot call the observation a “study,” since the sample size is very small. We are talking about whole countries (of which there are less than 200), and not just countries, but “countries with high rates of CoVID-19” which takes you down to a double handful. “A double handful” is not a statistically valid sample set.) There are two additional (and easily observable) factors that may affect the transmission rate without recourse to the idea that masks prevent infection. The first is that masks are, demonstrably, effective at reducing the probability that those who have the virus (and twenty-five to fifty percent of those who are infected show few or no symptoms and don't know they are infected) will directly pass the virus to others. (Masks, of pretty much any kind, tend to vastly reduce the droplets breathed or spit out by those infected, simply by trapping the droplets as they come into contact with the fabric or paper of the mask.) The second factor is that those countries with low transmission rates also have some pretty authoritarian governments, who can effectively and quickly mandate that people have to stay home and isolate themselves.

But, I hear you cry, while all of this calls into question the effectiveness of masks, it still doesn't show that masks (other than the plastic lined ones) are harmful. So, who's hurt if I choose to wear a mask?

Well, first off, we currently have a world-wide shortage of proper masks (and other medical equipment). If you are wearing a mask and don't need it, you may be (likely are) depriving some front line worker who may actually need it. In fact, if you have a proper mask these days, you probably got it on the black market, and you are, even if only in a small way, supporting criminal activity that extends up to massive theft of hospital supplies and the fraudulent production of “certified” medical equipment that is not up to anybody's standard. So you are probably hurting those doing the most to keep us safe. (And from there on down to legitimate manufacturers and the legitimate economy.)

And, even if you have made your own, probably ineffective, mask, you may be hurting yourself. We know that frequent, even obsessive, handwashing is effective. We know that physical distancing and self-isolation are effective. We know that keeping from touching your face is important. Wearing a mask gives you a feeling of security and safety. An almost certainly false sense of security and safety. And if wearing a mask makes you feel more comfortable and you stop, or even reduce, constant handwashing, or are less careful about physical distancing, or go out more frequently, you are putting yourself (and likely others) at greater risk. And we also know that properly donning and doffing a face mask is a non-trivial task, and most people don't know how to do it properly. (By the way, if you made your own mask, how many did you make? How often do you launder them? With bleach? (Where can you find bleach these days?) Do you change masks every time you go out? And do you touch your face when you put your mask on? Or take it off?)

With your own, homemade masks, you might be protecting others, but it's not likely. Yes, masks trap droplets, but that only matters if you are infected. Even if you live in Italy, there is only one chance in 600 that you have the virus. And if you know you are infected, wearing a mask does nothing if you are alone at home. If you are infected, you should be home alone. What are you doing going out if you are infected? Do you want to kill people?

Okay. You wanna wear a mask when you go out? During the virus crisis, if you must go out, note that you might get coughed on or sneezed on, and, since disinfecting fabric is much more difficult than cleaning flat surfaces, you should wear older clothing that can be discarded if necessary. (If you have old torn clothing that will not be missed, this is probably best.) Since face masks are in short supply, a scarf worn over the mouth, nose, and lower part of the face may offer some protection. If you are infected, and must go out for some reason, take a staff to aid you in walking, should you be overcome with respiratory distress and need something to lean on. Best to have bells hanging from the top to summon aid if needed. As you go, it is best to give some verbal warning to others not to come into close contact. Since some you may encounter may not be proficient in English, it is probably a good idea to constantly call out something simple, such as, “Unclean! Unclean!”

(This is not meant to make fun of anyone who actually has Hansen's Disease …)

Masks are not magic. Since there is as-close-to-zero-as-makes-no-difference evidence that masks prevent normal people, in normal situations, from getting infected, those who believe that masks help obviously believe in magic. “Magical thinking” will not help us in this virus crisis. And it may do an awful lot of harm.

Now go wash your hands. (And, if you have any actual, medical grade masks, go and give them to a front line medical worker.)

Please report problems with the web pages to the maintainer