Open in app

Sign in

Write

Sign in

How to visit the pub while retaining your privacy

Tips on keeping your privacy, while complying with contact tracing guidance

Scott McGready
8 min readJul 30, 2020

As pubs and restaurants are re-opening all over the UK, both staff and patrons are slowly getting used to the so-called “new normal”. With new rules being implemented — such as temperature checks on entry, mandatory pre-bookings, and strict time slots — both pubs and patrons themselves have responded excellently to these new rules. One rule, however, which has caused a little bit of concern in regards to privacy (and admittedly garnered some ridicule) is the “contact tracing” data collection aspect of visiting a pub.

If you’re unaware of the rules around customer contact tracing, the gov.uk guidance states that information of customers that should be gathered by the venue are:

  • The customer’s name (if there is more than one person, only one name is required as the “lead member”).
  • Number of customers entering as a group.
  • A contact phone number for each customer, or the lead member of the group.
  • Date of visit, arrival and departure.
  • Interactions between customer and staff members should be recorded.

For many people, such information being held by a private organisation is a privacy nightmare — especially when considering that many small, or independent, venues might not be used to handling that data. Normally, this would result in many privacy advocates giving out fake details and calling it a day. The Catch22 here, however, is that customers would perhaps like to know if they may have come in contact with another patron that turned out to be COVID-19 positive.

As a result of the guidance, many people have spoken out on Twitter about receiving messages from venue staff as a result of visiting a venue following such guidance. It doesn’t take a genius to work out how that information could be abused now, or in the future, and, as a result, has made a large number of people nervous about giving out their data — and rightfully so.

With this in mind, I thought of putting together a quick guide on how to keep your privacy safe while still visiting these venues and complying with the government rules around track and trace.

Using physical “burner” SIM cards

Using “burner” SIM cards are nothing new and, at least in the UK, it’s not terribly difficult to acquire some. Nearly every supermarket and convenience store has a plethora of PayG (Pay as you Go) SIMs available, from every operator. Costing under £1 per SIM, and no requirement of using ID to purchase, this solution is definitely among one of the cheapest. Often the SIMs don’t need to be pre-paid or “topped up” with money in order to receive messages and calls and will continue to work 3–6 months after activation.

For the truly frugal amongst you, some network operators will ship a SIM card to an address, however it should be noted that the operator will have your name, address, and other contact details.

The only caveat with this method would be requiring a second phone. Many of us have a drawer full of “old” phones (which are not that old if truth be told) just waiting for a new purpose. Swapping out your main SIM is also an option of course, but would likely be forgotten about at the bottom of some drawer after the first week of swapping.

This method, despite being incredibly easy for the vast majority of the public to understand and implement, would likely be the most difficult to maintain. Different operators have different rules around how long a SIM remains active, and carrying around two phones can become a bit cumbersome… and that assumes the 2nd phone has been charged…

SoftSIM using On/Off, Skype, or Google Voice

Services — such as OnOff, Skype, Google Voice, and others — all offer a really simple way for customers to have a virtual number capable of making or receiving calls/texts via their own apps. Simply download the apps, sign up, purchase a number, and you’re good to go.

It should be noted also that simple often means slightly more expensive. To rent a number from OnOff, for example, it costs £4.99 per month. Skype offer similar pricing at £5.16 per month. Google Voice, although free, was a hit-and-miss to get working based on what type of Google account and region you’re in.

One issue with Skype however, that may confuse venues, is that they only seem to supply “landline” numbers for rental. This could result in a confusing situation between the patron and the venue when giving over their details as trying to explain that it’s a virtual number and not a traditional landline physical phone could end up being a barrier to entry. Literally.

Twilio relay

If you’re willing to spend a little bit of time, services like Twilio might be more workable and provide greater control over the message or call flow. I personally love Twilio, and while it is a little bit more complicated than OnOff to get set up, the potential uses for it are exceptionally good. For example, the image above is a screenshot of my setup at home which forwards incoming text messages, and calls, to two numbers seamlessly.

Obviously there’s other solutions that provide VOIP services much like Twilio but given the simplicity of their Studio builder (literally drag and drop), and low cost ($1/month per number and very minimal running costs) — Twilio is my go-to recommendation when dealing with VOIP services.

Although slightly more work is involved in the initial setup — literally 30 minutes, rather than OnOff’s 5 minutes—the monetary saving, along with the flexibility and reusability (think Amazon, JustEat, and anywhere), really does pay for itself in the long run.

Unlike Skype, you can register a UK based 07 number (mobile), as well as traditional landline numbers for any region — saving any potential eyebrow raising moments giving out an 0330 number when registering for SMS updates.

Additional information

While the gov.uk guidance states that “No additional data should be collected for [contact tracing]” other than name, date and time of arrival, date/time of departure, and interactions with staff— this does not cover information collected, say, during the booking process by the third party app. When I last booked, I had to give over my name, email address, date of birth, and mobile number in order to reserve a slot. This, while convenient, does raise the same potential privacy issues in giving out your email address to third parties.

Given that email is slightly more prolific (and our industry has come up with some ingenious spam solutions), there are some similar options when it comes to privacy of email addresses.

Maildrop

Maildrop, for example, is a great little service which allows you to give out an address, which will redirect any mail sent to it to a webpage. You can literally give anything out as the left hand side of the email address (like examplemail@maildrop.cc) and simply visit https://maildrop.cc/inbox/examplemail to retrieve any email sent to it. While convenient, it should be noted that anyone can read mail sent to that address.

Gmail aliasing

If you have a Google mail account, one slightly unknown feature is that you have multiple email addresses, and the ability to create aliases on the fly. Google strips periods from email addresses, meaning that sending an email to “joe.bloggs@gmail.com” is the same as sending one to “joebloggs@gmail.com”. As far as Google is concerned, there is no difference but when you receive the email — you can see the period meaning you can technically use this as a canary to tell who leaked your email.

Similarly using a plus symbol at the end of the email address (such as myemail+something@gmail.com will be shortened by Google to myemail@gmail.com) can be a useful way of finding out where your email was potentially leaked from, especially if you use the company name as the alias after the plus symbol.

There are, however, a few caveats with using these solutions. Some websites can be a little bit funny when trying to use the plus symbol in an email address. Similarly using the period trick can quickly get a bit of a pain to manage and remember which one you gave out to who.

Finally, none of these solutions really protect your privacy all that much given that it’s trivial for a human to remove the plus symbol and end up with your real email address.

Firefox Relay

Firefox have recently launched a new service (currently in beta) called Firefox Relay that looks promising. Simply sign up, give them your email address and then create a new relay address for each service you sign up for.

This is definitely a step in the right direction when it comes to adding another step in email privacy, but trying to remember “zx04b2kk1ndllajd2@relay.firefox.com” might be a bit difficult for some. Still, it’s a good solution and well worth joining the waiting list.

Custom domain catchall and forwarding addresses

Personally, I use a catchall with subdomain stripping — meaning that I can give a company an aliased email without having to log into my email management console and set it up first. This, much like Twilio, does take a little bit more technical knowledge in order to set up but is worth its weight in gold when it is all working smoothly. There’s several different vendors that offer catchall email addresses and subdomain stripping as part of your plan (Microsoft 365 and ZOHO for example) and it’s really not that difficult if you already own a domain or two.

The advantage of this solution is that multiple domains can be used, so even if someone was smart enough to figure out that you were using subdomain stripping and catchall aliases — you could still have an extra layer of privacy by using a throwaway domain purely for spam which forwards to your real email domain.

Conclusion

As with everything tech based, there are a million different ways to do things and not every solution will be the right one for you. Some are more expensive than others, while some are more technical than others. Regardless of these caveats — everyone has a right to privacy but I’m also understanding of the Government’s guidelines for visiting these venues, with regards to contact tracing. With the methods listed above, hopefully it should give everyone a little bit of confidence at giving out their personal information without feeling that they’re giving away their privacy completely.

Privacy
Covid-19
Contact Tracing

--

--

Scott McGready

Written by Scott McGready

341 Followers

Maker, breaker, fixer, faker. Trying to build a safer world. Trading Standards Scambassador, ScamAcademy tech expert, resident on @theradiohustle, also on TV.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams