2

Newbie question.

I'm trying to make a mobile site using html5's geolocation (I know technically it's a separate spec, but still) to identify user's current position and post that to a web service which then does something. Basically a browser version of Four Square.

Is there anyway that I can verify that the user is really at that location? I want to prevent someone from making something, say a console app, that sends fake lat/long to the service.

Any suggestion is welcome, even if it doesn't get me there 100%. Thanks, SO community!

|improve this question
4

The short answer is no. All you can know for sure is where the browser claims to be. A sufficiently determined user could fake this.

A feature like this is really best used for convenience, not for security.

|improve this answer
  • 1
    You could verify it somewhat on the server-side by using IP-based geolocation, since there is no way to fake it other than by spoofing your IP (which does not work for 2-way communication across subnets and is nigh impossible to do across the internet) or by using a proxy. Though I don't know how accurate IP-based geolocation is for mobile devices. – Lèse majesté Jul 23 '10 at 15:19
  • yeah, that's pretty much what i thought too. bummer @lese, good call with IP checking, definitely an improvement :) – Yellowmoon Jul 23 '10 at 15:58
0

Ask the user to take a photo of the area, and compare that with Google Street View images near their stated location.

Or no. You might be able to get location information from DNS LOC (RFC1876), which might be accurate to within a few tens of kilometres, and only then if the DNS information is also accurate.

|improve this answer
  • Is DNS LOC implemented anywhere? Seems like a major breach of privacy. At least HTML5 geolocation can be disabled in the browser configuration. – Lèse majesté Jul 23 '10 at 15:25
  • Given that the hostmaster has to choose to serve up the DNS LOC information, I don't see how it's any less private than other opt-in location sharing. – user23743 Jul 23 '10 at 15:31
  • Is each user their own hostmaster? Can I disable this service as easily as I can change the settings of my browser? Is this geolocation info accessible by only the applications I'm running or by anyone who can perform a DNS lookup? – Lèse majesté Jul 23 '10 at 15:41
  • hehe, sometimes human eyes are harder to fool than machines :) unfortunately, it'd probably be too labor intensive – Yellowmoon Jul 23 '10 at 16:06
0

Yes - I know there is because GoWalla (available for free at the iPhone app store) requires a user to be at a given location before checking-in.

Unfortunately I'm not familiar with how they did this.

|improve this answer
  • 2
    If this is an application, I'm sure they are accessing the GPS directly. He is asking about doing this in HTML5. – monksy Jul 23 '10 at 15:25
  • My guess would be, and this is a guess at best, they probably use the cellular tower information and or the GPS information in conjunction with IP based geolocation. – Deep Kapadia Jul 23 '10 at 15:33
  • @Deep, IP based geolocation is a good idea. Any way I can get cell tower/GPS info from browser/html5? – Yellowmoon Jul 23 '10 at 16:11
  • Probably not via HTML 5 but most mobile toolkits may have something. – Deep Kapadia Aug 10 '10 at 17:38

Your Answer

By clicking "Post Your Answer", you agree to our terms of service, privacy policy and cookie policy

Not the answer you're looking for? Browse other questions tagged or ask your own question.