Hey all, I'm digging through the guts of how apps are sharing location information. For the most part, its not a great situation, but there is a lot of hope with the geo: URI (http://geouri.org). Anyway, lots of Google apps share location using a http://goo.gl shortlink (e.g. http://goo.gl/maps/V9dIV), which is even worse for a number of reasons:
* it uses http: to connect to goo.gl * the link that the goo.gl redirects to is also http://, so even if you do https://goo.gl/maps/V9dIV, then the next step is http://. * the link that goo.gl redirects do obfuscates the latlong, so it can't be parsed out of it by other apps, even though the final link when you get to the page includes the latlong (very lame, Google). Here's an example flow: https://goo.gl/maps/V9dIV - redirect - http://maps.google.com/?q=4761+Hacking%2C+Austria&ftid=0x47746f58dbfe9b5d:0x22ff26bff5c5b0d8&hl=en&gl=us - redirect - https://www.google.com/maps/place/@48.388835,13.6370603,15z Any ideas on how an app can get the latlong securely? One simple way to improve this situation would be to pass something in the query string to https://goo.gl/maps/V9dIV to make it only use HTTPS. Anyone know if anything like that exists? Or is that ftid thing parseable? Otherwise, I think an app will have to actually connect to https://goo.gl/maps/V9dIV, then get the redirect URL and convert it to HTTPS. .hc _______________________________________________ Guardian-dev mailing list Post: [email protected] List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: [email protected] Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/archive%40mail-archive.com You are subscribed as: [email protected]
