Hacker News new | past | comments | ask | show | jobs | submit login

That was unbelievable, nice find. Hope you share a POC on Github of how trivial it was. Welcome to the future, where an unauthenticated API by a company can tell you the position of anyone.



from https://www.locationsmart.com/platform/privacy

First Sentence: >> LocationSmart has built the most secure LBS location data exchange available today.

They go on:

>> Privacy and security are paramount in LBS services. Locking down privacy is not only core to our brand, it's also our unwavering business practice.

what a crock


> the most secure LBS location data exchange available today

To be fair, they are not wrong. I looked into getting real time cell location data a while back, and the security was basically IP whitelisting.


The old "We take privacy and security very seriously" line.

But for some reason, access control has something to do with LocationSmart's entity body serialization format... hmm, okay then.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: