

Ask HN: Can you prevent me from hacking Facebook to check in from Siberia? - hawkharris

I'm sitting in Florida. Can you stop me from faking a Facebook check-in by altering the coordinates provided by JavaScript location services?<p>I'm curious because I'm working on a Web app (geopackages.com) that relies heavily on JS loc services, and I hope to prevent tampering.<p>No luck on Stack Overflow, so I'm trying here because this community always has creative ideas concerning security.<p>Plus, I think it's an increasingly relevant issue, as more apps are using client-side loc services to offer special promotions, etc.
======
jakeburtn
I guess the only thing to do would be to compare the GeoLocation API result
with some other data like GeoIP[1] failing that you could look through the
browser history - assuming that if you were in siberia you would have visited
a siberian domain (by TLD) recently.

[1][http://briancray.com/posts/find-web-visitors-location-
javasc...](http://briancray.com/posts/find-web-visitors-location-javascript-
google-api/)

