The geolocation hack lets you travel the world in Gowalla

Jon Jon
Image by @keeg via Flickr

On Friday I saw some posts on Twitter about people traveling all over the place. I must confess that I did not see the hoax until I read a post that put me on the right track.

I started to dig into the issue and all I found was people bragging about the fact that they found the hole but where unwilling to share their knowledge. Why?
[Update] Sorry to the people I might have offended, it was not my intention. I now better understand their reasons.

Well anyhow I did my homework and found a way to fake my geolocation. I am not sure this is the same hack that others have found, but probably.

So here goes a step by step on how to travel the world in Gowalla.

1. Create a  text file with the following text:
{“location”: {
latitude“: 39.7391536,
longitude“: -104.9847034,
“accuracy”: 10.0}}

2. Save the file to your desktop.

3. Open Firefox (I have only tried this in 3.5.8) and enter the url: about:config. Please read the warning you get prior to continuing with these steps.

4. Search for “geo.wifi.uri” and when found change the value (https://www.google.com/loc/json) so it points to the file you created in step 1.

5. Close and reopen the browser. Just shift-reload (thanks @dabitch).

6. Go to m.gowalla.com and login.

7. If you “Check in” you will see spots in Denver, US.

Change the latitude and the longitude and restart your browser to check in somewhere else.

Have you solved this in any other way, please share!

[Update] Why did I publish this small step by step guide?
This problem is not connected to Gowalla, Foursquare or any of the other services that base their product on geolocation. Currently I am working on a project where Gowalla is a small part of the total package. By publishing this guide I hope to show a weakness you must take into consideration when working with these types of solutions. I love geolocation, Gowalla and Foursquare but believe it is better to bring things out into the open as soon as a issue is found. If we publish with good intentions, which I hope people feel I do, the risk of missus is smaller then if you try to hide it.

Reblog this post [with Zemanta]

7 Replies to “The geolocation hack lets you travel the world in Gowalla”

  1. Why I didn’t want to share the trick was pretty simple:
    a) it’s so easy pretty much anyone could figure it out (except those who need spelled out instructions like the ones you’ve given), as you’ve proven.
    b) I’ve emailed gowalla about it and thought they should have a chance to look at it before … well, I just thought that if it was spelled out somewhere people who need instructions would go nuts with it, and Gowalla might need a little time to fix it.

    See, I actually like playing gowalla. It would be a tad sad if an avalanche of players do this (instead of just a handful).

    You don’t need to close and reopen the browser, though. Just shift-reload.

    1. Thanks for your feedback. I see your point but still feel a bit confused about your real motives. If you are concerned about Gowalla why did you blog about your geolocation hack in the first place? You could just have emailed Gowalla without putting out the bait.

  2. This doesn’t really explain your reasoning for publishing the howto.

    My blogging about it was a stab at the faulty assumption the Pleaserobme site which everyone in my network was discussing at length. I then emailed Gowalla how it’s done, and an idea of how to fix it (based on what little I know about cellular phones and mobile sites), and thus I didn’t want to print a howto until Gowalla had a chance to check it. Perhaps I’m following a type of etiquette you’re not familiar with.

    1. Ah. Gotcha.

      Since as you point the problem isn’t in Gowalla itself but in how Firefox is open to tinker with, native apps (such as the one soon released for Android) will likely do away with the m.gowalla.com site alltogether.

      It is a god reminder for those creating mobile sites intended for use on actual phones to make a call to grab the *phones* gps location rather than the browsers, though.

Comments are closed.