The geolocation hack lets you travel the world in Gowalla

Jon Jon
Image by @keeg via Flickr

On Friday I saw some posts on Twitter about people traveling all over the place. I must confess that I did not see the hoax until I read a post that put me on the right track.

I started to dig into the issue and all I found was people bragging about the fact that they found the hole but where unwilling to share their knowledge. Why?
[Update] Sorry to the people I might have offended, it was not my intention. I now better understand their reasons.

Well anyhow I did my homework and found a way to fake my geolocation. I am not sure this is the same hack that others have found, but probably.

So here goes a step by step on how to travel the world in Gowalla.

1. Create a  text file with the following text:
{“location”: {
latitude“: 39.7391536,
longitude“: -104.9847034,
“accuracy”: 10.0}}

2. Save the file to your desktop.

3. Open Firefox (I have only tried this in 3.5.8) and enter the url: about:config. Please read the warning you get prior to continuing with these steps.

4. Search for “geo.wifi.uri” and when found change the value (https://www.google.com/loc/json) so it points to the file you created in step 1.

5. Close and reopen the browser. Just shift-reload (thanks @dabitch).

6. Go to m.gowalla.com and login.

7. If you “Check in” you will see spots in Denver, US.

Change the latitude and the longitude and restart your browser to check in somewhere else.

Have you solved this in any other way, please share!

[Update] Why did I publish this small step by step guide?
This problem is not connected to Gowalla, Foursquare or any of the other services that base their product on geolocation. Currently I am working on a project where Gowalla is a small part of the total package. By publishing this guide I hope to show a weakness you must take into consideration when working with these types of solutions. I love geolocation, Gowalla and Foursquare but believe it is better to bring things out into the open as soon as a issue is found. If we publish with good intentions, which I hope people feel I do, the risk of missus is smaller then if you try to hide it.

Reblog this post [with Zemanta]