Introducing Pricora – FOSS for privacy-enabled digital contact lists

The Corona pandemic introduced heavy use of paper lists for contact tracing into Germany (very likely more countries – tell me if you know more). Those lists can be later used by health authorities to trace back people that might have been infected by later positive-tested individuals.

While being an important tool for allowing some part of normal life, they are also seriously flawed:

  • They are not trusted much because there are multiple was your contact data could be stolen by people having the list after you or other authorized or unauthorized people that have access to the lists. This probably is one cause for the frequently wrong data on those lists.
  • Writing down your contact data is nerving what is why people try to avoid it.
  • They are often not helpful for health authorities because of bad handwriting
  • They might increase the likelihood of infections due to touching paper and a commonly shared pen
  • Pills of paper can be hard to manage or lost and increase the use of paper

The idea of using smart phones for tracing contact data is not new at all and came up very early. So there are already commercial software solutions out there that could replace your paper lists already. Some of them are even free of charge – what is not necessarily a good thing for an application gathering personal data.

Those commercial solutions usually have other flaws:

  • They require your guests to install an App (usually they are not web-based). People are probably reluctant to install Apps just for entering their contact data. Apps are also limited in the number and age of smart phone platforms they support.
  • Handling of the collected data is a black box. You do not know what happens with it and whether it is properly secured. (Thanks to the general bad state of information security I generally guess that this is not the case – but this can be wrong in the concrete case) The contact data may also be misused – it is out of your control.
  • Companies gathering the contact data of multiple customers in one spot might also become a valuable target for attack and data-theft.

You can draw a few conclusions out of those flaws. A “good” alternative to paper lists should be:

  • web-based for compatibility and low usage barrier
  • not sending the collected data to a third party
  • faster to use than a pen

This does not sound too hard. There are many great Open Source web-softwares out there which you can throw on a web-server of yours and run it.

There are also millions of people out there who are qualified to do just that and provide some contact list service for themselves, friends or family members. Good software cannot so hard to be found… err, wrong. At least I did not find anything some weeks ago when I wanted to do exactly that.

This is why I am introducing:

Pricora

live instance

Pricora is Node.js based web software which attempts to fix all those flaws listed above and gives some piece of open software into the hands of all the professional and hobby administrators out there who have been asked to provide a digital contact list solution for someone.

The project’s goals are:

  • provide a trustful and easy to use contact management solution to anyone obliged to gather contact information (like restaurants, shops, clubs, …)
  • provide superior data protection compared to paper lists and Apps by utilizing strong encryption
  • be easy to install and light on required resources both on server and client
  • run fast on mobile devices and be light on data traffic (currently 80kb for opening the “add contact data” page)

Pricora is still in an early phase of development and would benefit of contributions of any kind. Nonetheless all those goals are already met.

For data protection it uses an encryption system. All contact data is encrypted before being written to disk and can only be decrypted by the owner of the meeting using its password. Downside: Do not loose your password! User passwords can be changed (if you still know the old one), but they cannot be restored when you forget them. There is a feature around that should allow admin users to decrypt the contacts of meetings that people created – but that is also a complicated story. So keep the password’s save!

How to use Pricora

There is information about how to install and how to configure Pricora on the project page.

After you have changed your admin password, you should create accounts for other users. A user account is required to create meetings – it is NOT required to add contact information to an existing meeting. Everyone who is hosting meetings should receive a personal user account. E.g. each teacher at a school. If you intend to use Pricora alone, you do not need more users.

Create your users

Afterwards you can start creating meetings for which you want to collect contact information.

There is probably much to add here in the future

Afterwards you land on the meeting page.

The buttons at the bottom are only available to the creator and admins – but every user of at Pricora instance can show QR codes

While you can send a registration link to your guest by clicking “Create Link” and send it to your guest by mail or messenger, the probably most useful button is labelled “Show QR-Code“.

That button will turn your device into a display for an QR-Code, which you can position somewhere where your guest can scan it.

People scanning this code with their mobile phones will land on a form on which they can enter their information using their main browser. Auto-completion is utilized – people usually will not have to enter all data every time by hand.

Required fields are configurable.

The owner of the meeting can live-monitor the additions of the guests. So no “Donald Ducks” any more if you do not want them.

Of course there is a CSV export available also.

How can you contribute?

I currently welcome all kind of contributions. Please share, make suggestions, help in naming things, provide translations or provide code.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s