Comment by BanAntiVaxxers
2 days ago
There's so many ways to fake your location data. There's one way that you can't really fake: Send them a secret code on a piece of paper in the US mail to their physical address. NextDoor used to do this at one point.
At the start, getting users is the first problem. No one is going to bother scamming your app if there is no one there.
Then once people exploit the app, that doesn't mean they wont add value (e.g. contribute positive content). Maybe they are just a high school kid that wants to talk to his friends in his last town?
Once you have users, then there will be other easy signals to detect: Is the person teleporting? Do they hit rate limits freq? Is their GPS location the exact 'center' of the city? Is there GPS a nice pretty number? Does their GPS location never move?
It's hard to fake a reputation score. If someone is providing services in an area, they aren't going to start faking a location, and if they do they won't gain any reputation.
But location is already baked into many social media apps anyway, though. https://gemini.google.com/share/68d4fd324d94 ...that'd be the real issue here, perhaps.
Locally produced food is the important one, going forward. It can be much cheaper living away from a city, yet people still want their services. They want to know where the best place to live is.. even to the nearest mile for walking reasons. They want to know where a doctor is, if the nearest hospital is over an hour's drive away. Also language.. how can digital nomads move about and find same-language speakers.
What's wrong with Google maps for this type of stuff? Is there a competitor with downloadable data? What if a war breaks out in your region or the internet goes out or is inaccessible. Need offline data. What happens if service providers don't trust users enough to want to share their data?
A good idea would be for people to take photos of their local community board and share that, so long as the next Pol Pot doesn't see it as well.
Another interesting use-case will be listings of locally tokenized assets. If I need access to a vacuum cleaner or power tools, who would have those nearby? Who has farm land for my heirloom seeds? Where can I buy dairy from pure, healthy livestock? Tokenized assets I expect to eventually grow in size as inequality becomes more K-shaped. People will start selling off these things to the ones with the gold or at least be more willing to rent their stuff out. People are being increasingly homogenized physically, mentally and financially. Location is one of the last areas of differentiation ... and targeting.
This is a completely different idea though.
I worked on a location-based app a few years ago and this was the exact validation method we used (after having learned about it from using NextDoor). It’s incredibly slow and tedious though. We abandoned the app for other reasons but I always wondered how one could continued to manage this approach once network effects kick in and the app really starts to grow.
I think it's a neat service layer: and infra layer that attests to people's addresses -- to break it you need to intercept mail, which is a federal offence in most states. So it piggybacks on assurances of states, even while being nonstate.
In an experimental identity system I prototyped as a civic tech project[1], I paired this with scraping a government "voter registration check" form and comparing against, and it was a two-fold guarantee: someone had to either submit false info to the voter registry or intercept mail. In theory it was very cheap to get very high assurances, for only the cost of a postcard API per user
[1]: https://github.com/patcon/id.c4nada.ca?tab=readme-ov-file#ab...
> Send them a secret code on a piece of paper in the US mail to their physical address.
Many people will refuse, on principle, to provide this information to any company, unless perhaps it's for home delivery of some good.
That seems a little excessive for an app like this. The only way I know of that users can fake their location is with a rooted device. I check for rooted devices in the app though so locations can't be spoofed.
Device doesn't have to be rooted to spoof the location.
Also, I hope you're not using Play Integrity (lol), because that means all the old phones you allow can be rooted, hide it from you and/or spoof positive chdck result........ because they're insecure like sieves..... Whilst you'd be banning modern and unrooted phones.
>> I check for rooted devices in the app
Is that possible on iPhone, or only on Android?
So presumably this will be an evil app that reinforces Google monopoly by using Play Integrity?
What else would you suggest for an app with this concept?
4 replies →
Obviously not unhackable and often outdated as people move around, but I always thought phone number area codes were a quick and dirty way to establish or roughly segment people by location.
Most people I know have kept whatever mobile phone number they happened to have when number portability was introduced in late 2003.
How does this work if you don't get mail service at your physical address? (PO box service only)
I don't know how Nextdoor does it, but if you're an entity where establishing physical location is important you can courier letters to pretty much anywhere. (At some multiples higher cost than regular mail service.)