

Gaming Foursquare with 9 lines of Perl - jmillerinc
http://compbio.cs.uic.edu/~mayank/4sq.html

======
jorgeortiz85
Disclosure: I work at foursquare, but my opinions are my own and not those of
my employer.

Foursquare is a game to be played with yourself and with your friends, and was
designed to encourage you to get out and explore your city, helping you
discover new and interesting things about the world around you. Sure, you can
cheat, but that's kind of like stealing Monopoly money from the bank in a game
with your friends. You'll "win", but you're totally missing the point. We'll
try our best to detect cheating and not reward that kind of behavior, but
we're not going to get draconian about it. Ultimately, if you want to lie to
your friends, that's your problem.

Getting businesses to give rewards to foursquare users was NOT a use case that
was contemplated when the original game mechanic was built. But business
owners were so excited about the engagement that foursquare users had with
their business, that "mayor specials" started popping up organically. The
demand for this kind of functionality was so great that it was built into the
product, but it was not something that was there (or even contemplated)
originally. Recognizing mayors was an obvious way to add rewards onto the
existing game mechanic, but there are flaws with this approach. First, it
doesn't scale very well, as there is only one mayor per venue. This isn't very
useful for large retailers who have many customers. And it's also not great
for users because as foursquare gets more popular then mayorships get more
competitive and more difficult to retain. Second, as the original poster
notes, there's much more incentive to cheat if there are real rewards being
offered.

But "mayor specials" aren't the only way for businesses to reward their
foursquare customers. Retailers like Gap, American Eagle, Steve Madden, and
f.y.e. are offering discounts to anyone who checks in. Jimmy Choo ran a "Catch
a Choo" campaign in London, where a pair of shoes were running around London
checking in to places, and if you "caught" them when they checked in you got a
free pair of shoes. Gogo is offering a badge if you check in using their in-
flight wifi on any number of flights. Restaurants like Kona Grill and AJ
Bombers have hosted "Swarm Parties" (you get a "Swarm" badge on foursquare if
>50 people are checked in at the same venue at a time) with special menus and
prices to attract customers and get them to unlock a badge together. Another
restaurant, B&O American Brasserie, offers discounts for checking in and
bringing friends with you (the more friends, the bigger the discount). All of
these are by definition rewards that you can only benefit from if you are
where you say you are.

It's early days in the space, and there are still a lot of issues that no one
has figured out yet, but people who dismiss foursquare because of how easy it
is to "cheat" are kind of missing the point.

~~~
ivankirigin
You're competely correct. It became an open joke at facebook about my cheating
- it wouldn't make s sense to keep it a secret. It was also in line with some
past shenanigans there: there are some really, really amazing scores in
Bejeweled Blitz & Rockband.

------
ivankirigin
It is so much easier than that.
[http://giantrobotlasers.com/post/973558561/im-mayor-of-
faceb...](http://giantrobotlasers.com/post/973558561/im-mayor-of-facebook-on-
foursquare-i-got-it-by)

    
    
      58 23 * * * curl -u CELL:PASS http://api.foursquare.com/v1/checkin.json -d vid=VENUE

~~~
Terretta
Missed the point, I think. The extra code is perturbation to avoid automation
detection. Your line is regular, and can be easily programmatically filtered
out.

~~~
ivankirigin
There is certainly a lot more in the post, and I encourage everyone to read
it.

My point was that you don't need to do as much to get results. Also, I'd been
doing this since last fall IIRC. Those at foursquare didn't catch it or don't
care.

I also think there are some interesting things cheating bring out in any open
platform. Either foursquare enforces rules about checking in with data they
validate, or they allow input from an API by third parties. They can't really
prevent cheating and keep the platform open. I can certainly get around any
filters put in place to detect these things.

------
toffer
Back in February, Jim Bumgardner wrote up his experiments with gaming
Foursquare:

 _"Eventually I amassed a huge number of mayorships, spread among multiple
accounts, including the Statue of Liberty, Mount Rushmore, the Lincoln
Memorial, Stonehenge and the Taj Mahal"_

[http://www.krazydad.com/blog/2010/02/mayor-of-the-north-
pole...](http://www.krazydad.com/blog/2010/02/mayor-of-the-north-pole/)

------
Volscio
I use Foursquare but I rarely check in while I'm at a place. Or even right
after I'm there. I MIGHT check in before I get there, if I'm bored or am
waiting. But I usually check in at the end of the night or next morning. I
know this doesn't help me meet up with people who might happen to be in the
area, but none of my friends in DC use Foursquare. More useful has been seeing
my friends who leave Google Latitude on by default.

So basically I would hate it if they enforced stricter checkins, unless they
could find a way to let bars, restaurants, etc. verify checkins through a
quick scanner or something.

~~~
WiseWeasel
You mean because you're not really interested in using Foursquare, and you
have no apparent business using the service in the first place, since none of
your friends in the area use it? Is that the point you were trying to make?

~~~
Volscio
I use it to keep a record of places I've gone to. I would check in when I get
to a place if it were easier for me to do so. But when I go to a place, I'm
usually with friends or trying to find them and don't feel like typing a
location into my phone.

That's why I use it. Are you happy with that? How do you use it? Or if you
don't use it, how do you think people are supposed to use it?

~~~
WiseWeasel
I personally don't use it, as none of my friends use it. But my point is that
since you don't really use it either, except to keep a record of the places
you've gone to, instead of its common usage of meeting up with friends, you
may not be the best reference for how the service should be working. I don't
think the single-player version of Foursquare is very emphasized; it's more of
a multi-player-only game.

~~~
Volscio
Just because your friends aren't on it doesn't mean it's "single-player",
since you have visibility with other people who live in your city -- I have in
fact met people solely because we friended each other or traded mayorships
through Foursquare.

Also I'd question how many people use Foursquare to meet up with friends. Are
you saying that friends meet up at locations not because they set it up via
email or Facebook or Twitter beforehand, but because they were in a location
randomly and saw a friend in a nearby location? What if they weren't invited?

I don't think you really understand how Foursquare is actually used.

~~~
WiseWeasel
I'm saying that you see when a couple friends check into a social meeting
location, and say, hey, that location is near me, and seems like a good time,
I think I'll check it out... Or maybe you ask yourself where everyone is on
this Saturday evening, see that all your friends are checked into a local
party spot, so you immediately know where the action is. I don't see using it
as a way to make new contacts through leaderboards and achievements and such,
but I'll admit I'm not all that interested in meeting new people through such
a geeky venue. Might as well go all out and join a D&D club at that point.

------
svag
Interesting find jmillerinc. Now I can have an alibi whenever I want ... :P

------
pmjordan
I always assumed these services had at least some very basic spoof protection,
like an HMAC, with the secret obfuscated in their apps. I guess not, which
means wireshark is all it takes to build a script like this.

~~~
bconway
Exactly what I was thinking. One of the first things that comes to mind when
starting designing a new web service in my head is some minimal spoofing
prevention. At least make them go to the effort of running a debugger.

~~~
10ren
I sympathise, but I note that that wasn't the first thing foursquare did, and
they've made a very popular service out of it, whereas you (I assume) and I
have not.

When we don't have the resources to do absolutely everything perfectly, how do
we decide what to spend our time on, to what standard - and what to let slide?

~~~
pmjordan
Any such spoofing protection is of course not real security, as you could
still extract the key from the app, or intercept the GPS API calls and feed
them false information. So this isn't "having to brute force RSA or AES" level
security, just making it slightly harder.

Still, it could be relevant:

It's not quite clear to me what Foursquare's business model is, but if
location owners are handing over cash in return for checkins (i.e. new
customers or increased repeat business) either indirectly or directly, then as
such a customer of Foursquare you'd probably want the system to be less easily
gamed - which is the reason I was surprised.

EDIT: the comment by a Foursquare employee blows that theory out of the water
- the locations aren't paying them as far as I can tell, and are providing
incentives for users on their own accord.

------
afshin
A two-line shell script with a random sleep interval and a curl call (see
invankirigin's on this page) has here put into a cron job does the trick. No
Perl necessary :-)

------
bmalicoat
I'm only familiar with these services in concept, what incentives do
businesses give their mayors? Anything unique or just XX% off coupons?

~~~
ben1040
Often bars will offer a free beer to the mayor, and I've seen a few
restaurants that offer the foursquare mayor a free appetizer when they buy a
meal.

