2020 · Concept
NO-VID 2020: Contact tracing without a privacy breach
A crowdsourced threat tracking app concept designed in March 2020 — the first weeks of the global pandemic — to enable contact tracing without collecting or storing data from non-positive users.
My Role
What I did
Secondary research and market sizing to establish the feasibility of using existing Google location data as the backbone of the system.
Solution architect from both UX and technology perspectives — bridging product thinking with data privacy constraints.
End-to-end system concept including patient data flows, anonymisation architecture, and the risk-scoring logic.
Translating the system architecture into a concrete product — defining app screens, user flows, and the core interaction model.
Creating interactive prototypes for all key app flows, from onboarding through risk status and data sharing screens.
Documentation for healthcare workers on extracting patient location history via Google Takeout — a critical non-app data source.
Problem Statement
How do you trace contacts without breaching privacy?
"How to enable contact tracing to warn citizens ahead of time… without violating the privacy of their data."
— The core design challenge, March 2020
The global pandemic surfaced in November 2019 and spread rapidly. Countries went into lockdown. Since it took up to 14 days to develop any symptoms, contact tracing was the only viable mechanism for governments to track and contain the disease.
Despite the Government of India launching Aarogya Setu to trace contacts, public adoption was low. People were reluctant to share location data with governments, and patients relied on fragile human memory to recall where they'd been. The system was failing at the first step.
The challenge was not technical — it was about trust. The solution needed to prove it could work without the system ever seeing data from uninfected users.
Execution
How the system works
Research: Establishing data availability
The research phase focused on a single critical question: did the data even exist? Before designing any app, we needed to confirm that most users who use Google Maps would have intact location history available for extraction.
The Google Takeout service at takeout.google.com lets anyone download their complete location history as a JSON file. The key insight was that most users are opted in to Location History by default — and almost none had cleared it.
techies interviewed to establish the availability of Google Takeout location data as a viable source
92% had never heard of Google Takeout — meaning location data was accumulating without most users' knowledge
92% had not cleared their location history — confirming historical movement data was largely intact and downloadable
The data confirmed the thesis: nearly all Google Maps users had historical location data available — and were unaware of it. This made the Takeout-based approach viable even for users who never download the NOVID app.
Problem Framing: How to capture location data?
Multiple approaches were considered for capturing patient location data. Each option was evaluated against feasibility, historical data coverage, privacy implications, and the ability to reach contacts the patient may not even remember.
The chosen approach — capturing only from confirmed positive patients and publishing their data anonymously — was the only option that solved the unknown-contact problem without compromising anyone's privacy. No names, no data collection from non-positive users.
Patient Flow: From test to anonymised upload
The system activates only at the point of a positive COVID test. At the test facility, with the patient's explicit consent, a healthcare worker follows the NOVID protocol to extract location history data from the patient's device.
If the patient already has the NOVID app installed (for over 14 days), data is extracted directly through the app. If they are not on the system, the healthcare worker extracts the Google Takeout JSON archive manually. In both cases, data is anonymised before being uploaded to the NOVID portal.
Risk Logic: How exposure is calculated
Once a patient's anonymised data is in the system, it is pushed to all NOVID users every 6 hours. Each user's app independently compares its stored movement data against the infection windows — no personal data ever leaves the device.
Risk windows were based on early virology studies published by WHO on virus survival on surfaces:
Risk thresholds
Contact <15 minutes at a location → Moderate risk
Contact ≥15 minutes at a grocery store → High risk for 72 hours (cold surfaces)
Contact ≥15 minutes at a pharmacy → High risk for 24 hours
Contact ≥15 minutes at any other location → High risk for 72 hours
Contact at a hospital → Moderate risk (assumed PPE environment)
If a location is marked sanitised → status resets to Safe immediately
App Screens
The app was designed around three core moments: being notified of a potential exposure, checking your current safety status, and — for positive patients — sharing your data with the system.
Exposure Detected
Safety Status
Data Sharing (Patient)
The data sharing screen for positive patients was intentionally framed around gratitude and courage — acknowledging the anxiety of testing positive while emphasising the anonymous, one-time nature of the data contribution. The privacy guarantee is stated explicitly: not even the NOVID team can identify who shared the data.
Extended Use: Quarantine enforcement & border control
Beyond individual risk warnings, the NOVID system's location intelligence had two additional enforcement applications identified during the concept phase.
Quarantine Geofencing
Positive patients can be virtually geo-fenced within their quarantine location
Authorities are alerted automatically if the patient leaves the defined perimeter
Provides accurate, real-time compliance data without requiring manual check-ins
Border Control & International Arrivals
NOVID installation mandated for all international arrivals before immigration clearance
Provides accurate travel and location history for incoming passengers
If a traveller tests positive at the immigration test, authorities can immediately retrieve their in-transit contact history
Closing Thoughts
A privacy-first response built in the first weeks of lockdown.
NOVID was conceived and designed in March 2020 — before most governments had a working contact tracing solution. The system's core principle was radical: never collect data from anyone who hasn't tested positive. All risk computation happens on the user's device.
The research validated that the underlying data already existed for most Google Maps users — the problem was accessibility, not availability. By routing data only through confirmed positive patients (with consent), the system sidesteps the mass surveillance concerns that doomed government-led contact tracing apps.
The name NO-VID is deliberate: a play on the virus, and a statement of intent — no data collected, no identities exposed, no tracking of the healthy.