
Ask HN: Easiest Way to Verify Location? - fuqted
I&#x27;m interested in creating a product (e.g. something that works with Meetup.com) that would require us to verify they went to the meetup location. This should be as seamless as possible for the user, preferably without them downloading a new app.<p>How could we:
A) allow the meetup organizer to ping phones to verify the people that went to the meetup<p>B) use Google Maps to allow users to give us a one-time ping of their location<p>Edit: We&#x27;d essentially reward the organizers for getting people to show up. We want it to be as difficult as possible for them to game.<p>Much appreciated
======
Nextgrid
What is the threat model? Do the organisers have an incentive to cheat? Do
invitees have one?

If the organisers can be trusted then the solution is to have a device
displaying a QR code that rotates regularly (30 seconds?) at the location and
have attendees scan it.

If the invitees can be trusted then the process can be reversed. Each invitee
displays an unique QR code during check-in the organiser should scan.

If neither can be trusted then you’d need a neutral third-party to act as a
witness by scanning both the organiser’s code and the invitees’. This proves
that the witness was at the event (and it was indeed open to the public) and
that invitees did show up.

Out of curiosity, how do you prevent a malicious party from creating dozens of
fake accounts and using them to check in at their fake event?

------
phillipseamore
Keep it simple. Have a sign with a QR code to check in.

~~~
fuqted
That's great, but we don't want to allow them to game the system. The idea is
that they're rewarded for having people show up.

~~~
phillipseamore
Location can be faked as well (besides not necessarily being accurate). You
could look into bluetooth beacons that an app can detect. In the end, if there
is an incentive for the organizer to fake attendance they can do that in
multiple ways. However QR codes which open your app or a webpage where the
user is logged in can have additional detections. Always same IP and user-
agent would be an obvious indication of fraud etc.

