This is very sad development for me, Djokovic's countryman who really bought his story. Nut facts are facts.
I can share my own (positive) test, which confirms timestamp and id theory. My test was taken on the 7th January, it was a rapid test, not a PCR. But it's in the same government database:
Timestamp: 1641591150, which translates to GMT: Friday, 7. January 2022. 21:32:30. That seems to be right, it was taken earlier on the 7th and probably entered later to the central database.
Also, ID of my test is: 7601263. Djokovic IDs are 7371999 (16/12 test) and 7320919 (22/12 test).
It really looks like IDs are incremental, and that his test that was supposedly taken on the 16th was taken on the later date.
One consolation fact is that he wasn't positive when he took photos with kids on 17th.
EDIT:
I messed up and copied Novak's QR url! fixed now!
Ok, this is getting strange. There are two ways to get test results:
- it's automatically sent to email (if they have it)
- you can download it from ezdravlje.rs portal
The test I shared above is the one I got on email. However, I went to portal, downloaded pdf, and now I have two copies. They're different! IDs and all the data are the same, but QR codes are different.
Timestamp on new pdf is: 1641923234, which is GMT: Tuesday, 11. January 2022. 17:47:14
So it appears that timestamp is related to when pdf is generated, and when you download it from the portal it's generated at that point of time, i.e. there are no pdf documents sitting on government server!
So this timestamp is definitely no proof of forgery. But test ID might be - that one is still suspicious.
And one more thing, when I switch tabs with my two QR codes - page content is the same but shifted a bit. I didn't look into html/css to see what's different.
I have 2 more datapoints. My wife went with me to the testing on the same date. If you're negative on rapid test, they usually take PCR as well. Since she was negative on the first one, there was a PCR too. These are her QR urls:
Timestamp: 1641924832, time: GMT: Tuesday, 11. January 2022. 18:13:52
I downloaded PCR from portal today, that's why it has today's timestamp.
What's interesting is that her test IDs are 7601574 and 7631146 while they were taken within 15 minutes from each other. There's some 30k difference, and I think Serbia runs around 40k tests a day. PCR samples are sent to central lab and processed later, that would explain why PCR's ID is much higher.
However I don't think we have definite proof of how these test IDs are generated. Different labs could be assigned batches of IDs, PCR tests itself could have preassigned IDs (you can see they have same ID when you're tested, but I'm not sure it's the same ID as presented in results). If test ID is generated when results are inserted into database, then they should always be incremental and Novak's test IDs point to forgery. But there could be other explanations.
Intro:
Looking at covid19.rs/homepage-english/ I can see that there was a total of 1.444.532 people tested and the data is marked for 10.01.2022 at 15:00.
From the dataset:
Date: 2021-12-16, new tests: 13690.0, total tests: 7032035.0
Date: 2021-12-22, new tests: 14808.0, total tests: 7107851.0
Date: 2021-12-26, new tests: 9265.0, total tests: 7158932.0
As We can see Djoko's "ID" (7371999) is much larger than total number of tests for 26th of December 2021 (by 213067) and for me this furthers your point that We don't know how this number is generated.
(It seems to be sequential, but is it?)
They probably generate ID when results are stored in database, not when samples are taken. Difference in processing time explains this. What are the dates of result (stated at the bottom of the pdf)?
All valid reports ("Report is VALID!") - both negative and positive tests - are in green color (Bootstrap 3 class .alert-success).
All invalid reports ("Report IS NOT VALID!") are in red color (Bootstrap 3 class .alert-danger). You can see it when open https://pcr.euprava.gov.rs without any subdir/script/query string.
Green/red have the same semantics in Serbia as in Germany.
This green for positive test mean just that QR code and associated test are valid, not that it’s good or bad. Positive test is bad in the first 14 days but after that it’s good - it gives you same rights as if you were vaccinated. But it’s the same test in both cases and green just tells us it’s a valid document.
Digital certificate is different kind of document. That’s the one you need to enter restaurans, bars, etc. after 20h - it will be red if you don’t fulfill conditions, e.g. vaccination or positive test within last 6 months (but not within 14 days), etc.
In programer’s lingo, test result is const, while digital certificate is a function of multiple conditions in context of current date/time.
Can you see from your records whether the confirmation number (i.e. 7601263-535518) is fixed at the time of the report, e.g. sent as part of the email? An alternative that comes to my mind is that the number is assigned when the report is first generated, which could in principle explain why Djokovic's numbers are out of order if the first time he accessed his PDF was on 26 Dec.
My two PDFs with different QR codes have the same test ID (7601263-535518). So that one is not generated on the fly. But we don't know 100% if it's generated on database insert (altough it very much looks like that), or if there are some batches depending on lab, PCR batch, etc.
This is super important for everyone to see. The timestamp is not proof of time of test but rather the time that the test was "generated" for download. Anyone prominent on Twitter should respond and assist with this information.
I've done these kinds of systems many times in the past and there could be any amount of reasons why a timestamp is included like this. Especially with weird government regulations, policies and rules that mandate all sorts of info to be included inside government documents. Like adding a year or date to when a company was registered to a company's company registration no.
I've been beating this drum for a while, but HN really needs to just ban direct links to Twitter threads. I can't remember the last time I saw one on the front page that was actually true.
When the messenger is spreading false information all the time, yeah, you shouldn't let them be a messenger anymore. I wasn't being hyperbolic: the vast majority of Twitter threads that I've seen make it to the HN frontpage, easily above 75%, are factually incorrect ragebait.
No, I go on Twitter multiple times a week and generally like it. Any active Twitter user will tell you that it's common for false and misleading tweets to go viral. That doesn't mean the site is bad, but it does mean it's a bad idea to go around posting random tweets on news aggregators, since there'll always be someone tweeting any take you can think of.
> That doesn't mean the site is bad, but it does mean it's a bad idea to go around posting random tweets on news aggregators, since there'll always be someone tweeting any take you can think of.
We’re not talking about random tweets, we’re talking about on-topic tweets from posters like foone which consistently post relevant content. You’re throwing the good out with the bad and claiming that folks submitting off topic links are bad apples that ruin the whole barrel. I just don’t find your logical argument internally consistent or rational.
Again, what I'm saying is that I don't think there's much good being thrown out. I don't know who foone is, so it's possible I have a biased sample somehow (maybe I don't visit at the right times?) but almost every tweet I've seen linked on HN has been false or misleading.
There have been multiple tweets that reached the front page in the last 24 hours that were quality, substantive, relevant to HN content.
I’ll admit I do use Twitter (and HN!) a lot, though.
Here’s one with 600+ points. You’re telling me we should block Twitter on HN. I’m saying that’s a bad idea for HN. Seems like the users of HN agree with me. HN is for all of us, not just any one user’s preferences.
Yup, its timestamp for creation of PDF. Just tested on my old PCR tests and timestamp i get in URL is from 11.1.2022. and PCR swab was done on 27.2.2021.
The question I have is this - is the test ID generated when the test results are generated for the first time (either sent by email if they have it, or accessed through eGov or eHealth portal), or are they generated as soon as test results are complete? If it's the former, then it's theoretically possible that the first (positive) results have been downloaded for the first time on Dec 26, and thus have a higher ID number.
Unfortunately, no data points from me, even though I have been tested MANY times due to my profession. They've got my email, so they obviously get generated immediately.
However, I do have a data point for screenshots when QR code of the positive test stated that the result was negative. This is something that happened to me as well (back in 2020, once, and never since then). It was a bug, obviously. The second part of the ID is person-specific (all my test results have that second part identical, regardless of when they were taken) - it seems that if a positive test is followed by a negative test, that happens sometimes.
Third option: the test ID is generated well before the test is taken.
When I donate blood the nurse pulls out a sheet of around 20 pre-generated identical barcode stickers, and attaches one to each piece of paper and bag of blood. This uniquely identifies my donation end-to-end.
Djokovic's PCR tests were done at two separate labs. It is quite possible that each lab is bulk-allocated a unique range of IDs every day or week from the central authority. You'd see big "time jumps" from one lab to the other if you assumed the ID was always in time order.
Depending on how they handle their range (e.g. if they are handing physical stacks of barcode stickers around) the code may not even always be in time order in the same lab.
Additionally, on Novak's PCR test from Dec 16th on the website, the test result "NEGATIVE" had been changed to "POSITIVE" sometime around 14h00 on January 10th.
Noticed by several people, including myself (took screenshot even myself before and after).
BTW, apparently my IP address has now been blocked accessing to that website :)
I get this message now:
"Ваша адреса је блокирана 24 сата!
Vaša adresa je blokirana 24 sata!
Your address is blocked for 24 hours!"
While I guess in these cases governments don't really worry about enumeration aka https://en.wikipedia.org/wiki/German_tank_problem - it's still often a security risk that means you usually try to avoid it.
Even when internally you have auto-incremental ID - you can provide a non-sequential public ID (e.g. at least use SkipJack/Skip32 of that incremental value).
Rate limiting has been implemented on this validation page from the start to prevent crawling and abuse.
And please do not lie about changes on the test! Really bad thing to do right now, not just for Novak, for everyone in his situation.
Skipping the part where I discuss my general doubt of intellectual capabilities of the fellow commenters here.
- Datum uzorkovanja (Date of sampling): 22.12.2021 14:12:10
- Datum izdavanja rezultata (Date of issuance of results): 22.12.2021 16:15:49
=> I will ignore the time needed to get the actual swabs to the laboratory and do the necessary paperwork etc and round this to ~2 hours of time available for testing.
- Vrsta analize i proizvodjac testa (Type of analysis and test manufacturer): Real Time PCR test-SARS-CoV-2, , Sansure Biotech INC; Hunan Province
See, unless my fellow countrymen have developed a way to do PCR tests 5 times faster than the fastest tests available in the (rest) of the world, this test in itself is a joke. This is the reason PCR testing: costs, is usually indicated by symptoms already present/positive antigen test.
>See, unless my fellow countrymen have developed a way to do PCR tests 5 times faster than the fastest tests available in the (rest) of the world, this test in itself is a joke.
While I have no clue how they work in detail they offer 60 min express PCRs in Germany at least at my airport.
Those are NAATs, which, while they are based on polymerase chain reaction (PCR), are not the same as PCR reported in the test. Plus, I'm unsure as to where you saw 20 minutes, the shortest I see offered there is 'whithin an hour'.
It is not directly helpful (or unhelpful) to your point or to the parent as data doesn't seem broken down in that way. However, in all these sorts of discussions it would be really great if things had context. So, for example (and sake of argument) if someone says 800 children per day were admitted, we had a comparison. Is it high, low? How about a rate per 100,000 comparison across other countries? Not asking for anyone to do this, merely attempting to articulate my point.
A bit of eyeball math shows 12 million people in UK under 16. Even if 800 a day was true...should I worry?
Unfortunately the Serbian registry doesn't provide a timestamp for when each test was taken.
But our intrepid OSINT researcher discovered that the data in the QR code begins with a UNIX timestamp, such as cqcode=1640187792... and cqcode=1640524880...
From that one might infer that the positive test actually happened 4 days after the negative test.
The documents Djokovic provided to the court claim the positive test happened 7 days before the negative test.
There are scientists who state we're at the point where "we need to target the vulnerable" (rather than giving boosters to all over-12s) and that "there [is] no point in trying to stop all infections, and that at some point, society has to open up".
Professor Sir Andrew Pollard, chairman of the [UK's] Joint Committee on Vaccination and Immunisation is one of them.
The point when society has to open up is when there is enough community immunity that removing mitigations doesn't cause healthcare shortages due to staff infections or resource constraints. That's after Paxlovid is readily available or vaccine mandates have driven up vaccination rates, not today.
> The point when society has to open up is when there is enough community immunity that removing mitigations doesn't cause healthcare shortages due to staff infections or resource constraints [..]
Currently many staff shortages are being made much worse by public health policy, not Covid19 itself, in that otherwise healthy staff being forced to stay away from work to comply with quarantine requirements.
These requirements are now being relaxed[0], which is a good thing, but at some point the requirements need to go back to how the world worked before Covid which is approximately "if you're sick, please stay at home; if you're healthy, please come to work".
Most of the country. There are only a few places where the vaccination rate is already high enough that a mandate couldn't increase it at least 10%.
The scare quotes around "fully" are unnecessary. Two doses is enough to drive down hospitalization risk to flu levels. Boosters aren't necessary from a public health perspective because boosting the already vaccinated has a miniscule effect on total hospitalizations. (Sure, if you want them to reduce your own risk, that's fine because they have been approved. If you want them to reduce disruptions in your workplace, that is also fine. Just don't expect to materially impact health system availability.) Vaccinating the unvaccinated has a much larger effect. Alternatively, Omicron seems like it will reach them before mandates take effect or Paxlovid supply is ready, with worse outcomes on the health system.
> Two doses is enough to drive down hospitalization risk to flu levels. Boosters aren't necessary from a public health perspective because boosting the already vaccinated has a miniscule effect on total hospitalizations.
If you look at the data, it appears that vaccinating the young and healthy has "a miniscule effect on total hospitalizations", too.
There are very few young and healthy in the parts of the country where vaccination rates are low. The last Covid hospitalization surge in the US was mostly working age adults, whom the mandates would apply to.
> There are very few young and healthy in the parts of the country where vaccination rates are low
I'm not quite sure what to make of that claim. There are an awful lot of unvaccinated young people in the USA.
"13.2 million of US children and adolescents ages 12- 17 are fully vaccinated. [this] represent[s] 53% of 12-17 year-olds"[0] (as of 5 Jan 2022)
also
"Child vaccination rates vary widely across states. In 10 states, at least three-quarters of children (age 12-17) have received at least 1 dose, and in 16 states, fewer than 50% have received 1 dose."
You then said "there are few young and healthy in parts of country where vaccination rates are low".
I'm still not understanding that statement. Across the globe - and across the USA - there are loads of unvaccinated young people, and (happily) most of them are healthy, and (happily) the data show that young healthy people are at very low risk from Covid19 even without vaccination.
Do you understand now? The entire point of this thread is that vaccine mandates will allow society to open up, which is not yet possible due to health system constraints, nor was it possible earlier. Your doctor quote is nonsensical in that it doesn't say anything about when society can open up. Today? When the pandemic first started? Obviously not — only when immunity is high enough or effective treatment is readily available.
From that same Dr. Pollard:
“When we do open, there will be a period with a bump in infections, which is why winter is probably not the best time. But that’s a decision for the policy makers, not the scientists.
“Our approach has to switch, to rely on the vaccines and the boosters. The greatest risk is still the unvaccinated.”
2. Increased vaccination rates mean the health system won't be overwhelmed, allowing society to open up.
The doctor you yourself cited agrees with step 2, as do most of the governments in the world that are managing their countries' transitions to endemicity. There are multiple examples showing that step 1 is correct.
It appears that some regions may actually be at risk of driving ratios downwards as they shorten the validity of vaccination certificates for those already "fully vaccinated" but who haven't had additional shots since then.
Judging by my vaccine confirmation (same system), it's when the certificate was created. In my case the timestamp points to a day after I've received my dose.
'Цовид-19' has to be one of the laziest transliterations I've ever seen. Coronavirus is spelled with an initial К in every Cyrillic-using language I'm aware of, not a Ц (ts) sound in English. It's basically a keyboard IME transliteration, since in Serbian, "c" would be the Roman equivalent of "ц".
Yep, Serbo-Croatian (technically Bosnian-Montenegrian-Croatian-Serbian) "K" for "koronavirus". The only difference between languages is Latin versus Cyrillic.
Thank you for pointing this out. I kept out these differences on purpose, because it culturally divides us.
I am well aware of them: Croatian is not my native language. But, I learned it and I am conversational in the Shtokavian (Štokavian) dialect. I am Štokavski. This is the standard dialect of Croatian, in Croatia.
My family however were Čakavski. They spoke the Chakavian (Čakavian) dialect. They are from the islands of Croatia. Unfortunately, it is a dying dialect of Croatian that is Venetian in origin. It is not mutually intelligible with Štokavian, but everyone in Croatia seems fond of it.
Čakavski dialect is not Venetian in origin. It is Slavic, like rest of Croatian dialects, but with many loanwords of Italian and Venetian origin (or, more likely, from extinct Dalmatian [romance] language). While many romance loanwords and particular unique sound shifts make it sometimes hard to understand to rest of Croatian/Serbian/Bosniak crowd, it is not that you need a translator
I've just managed to get my ip address a 24 hour ban by tweeking the timestamp parameter once! Which is a pretty obvious DoS vulnerability if anyone wanted to disable a venue's pass verification ability.
You turn up at a venue which is scanning these QR codes as part of some vaccinated only entrance policy, let them scan your amended code, you don't get in, nor does anyone else after you.
https://pcr.euprava.gov.rs/validate.php?cqcode=1640187792DOH...
The positive test result:
https://pcr.euprava.gov.rs/validate.php?cqcode=1640524880jk8...