Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Can you prevent me from hacking Facebook to check in from Siberia?
1 point by hawkharris on May 17, 2013 | hide | past | favorite | 1 comment
I'm sitting in Florida. Can you stop me from faking a Facebook check-in by altering the coordinates provided by JavaScript location services?

I'm curious because I'm working on a Web app (geopackages.com) that relies heavily on JS loc services, and I hope to prevent tampering.

No luck on Stack Overflow, so I'm trying here because this community always has creative ideas concerning security.

Plus, I think it's an increasingly relevant issue, as more apps are using client-side loc services to offer special promotions, etc.




I guess the only thing to do would be to compare the GeoLocation API result with some other data like GeoIP[1] failing that you could look through the browser history - assuming that if you were in siberia you would have visited a siberian domain (by TLD) recently.

[1]http://briancray.com/posts/find-web-visitors-location-javasc...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: