Although they address the same problem, the so-called “centralized” and “decentralized” approaches to COVID-19 proximity tracing rely on different threat model assumptions. The goal of this document is to analyze the impact of these two options in terms of privacy, security and reliability. The main objective of the decentralized approach is to protect users against a malicious server or a state-level adversary and to prevent the leak of sensitive data due to attacks or negligence at the server side. Therefore, the role of the server is reduced as much as possible, and the exposure verification is performed on the user device. In contrast, the centralized approach puts more emphasis on the protection of users against other malicious users trying to infer who is infected. Hence, the role of the server in the centralized approach is more important, including the verification of exposure. This design choice involves different privacy risks: ● The decentralized approach provides many opportunities to malicious or curious users (through wide scale and undetectable attacks or during normal usage) to infer the identity of infected users or to monitor specific areas. These privacy risks coming from users (e.g., neighbors) can easily lead to abuses as well as stigmatization and harassment of diagnosed users. On the positive side, the server learns little information about users. ● In the centralized approach, in contrast, the capability of users to learn who is infected is drastically limited. This better protection however comes at the cost of relying on a server which is able to learn some information about users. Law enforcement agencies and third parties colluding with the server are sources of risk in both approaches but they do not concern the same population. Only infected users who consent to declare themselves are concerned in the decentralized approach, while these risks concern all users (infected or not) in the centralized approach. However, the likelihood of these risks needs to be assessed and balanced, as all other risks, with the potential benefits of these applications in the fight against COVID-19. To this respect, the centralized approach can bring added value because the health authority is aware of the number of exposed people and can use it both for statistical purposes and to easily adjust the risk calculation algorithm (to decide if a user should be classified as “at risk”).