Quoting Hans-Christoph Steiner (2015-01-09 16:01:55) > I'm digging through the guts of how apps are sharing location > information. For the most part, its not a great situation, but there > is a lot of hope with the geo: URI (http://geouri.org). Anyway, lots > of Google apps share location using a http://goo.gl shortlink (e.g. > http://goo.gl/maps/V9dIV), which is even worse for a number of > reasons: > > * it uses http: to connect to goo.gl > > * the link that the goo.gl redirects to is also http://, so even if you do > https://goo.gl/maps/V9dIV, then the next step is http://. > > * the link that goo.gl redirects do obfuscates the latlong, so it can't be > parsed out of it by other apps, even though the final link when you get to the > page includes the latlong (very lame, Google).
I wouldn't call it lame but a deliberate design to not expose semantics (gold to them) but replace that with tracking URLs (more gold to them). > Any ideas on how an app can get the latlong securely? One simple way > to improve this situation would be to pass something in the query > string to https://goo.gl/maps/V9dIV to make it only use HTTPS. Anyone > know if anything like that exists? Or is that ftid thing parseable? > > Otherwise, I think an app will have to actually connect to > https://goo.gl/maps/V9dIV, then get the redirect URL and convert it to > HTTPS. I expect it is by design not possible to resolve the underlying geodata securely. If my suspicion is correct, then I guess the only possibility is if someone hosts a proxy to expand those tracking URLs on behalf of privacy-concerned users (who then would need to trust that proxy to not log anything). - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
_______________________________________________ Guardian-dev mailing list Post: [email protected] List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: [email protected] Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/archive%40mail-archive.com You are subscribed as: [email protected]
