I'm using the web application at http://m.rummble.com website and when I click find my location using gears. The application returns my current location (approximate city location) with various establishments in a given mile radius. To further understand how this works, I opened up wireshark and what I notice is that a POST request is sent to www.google.com/loc/json. Then the google server responds with 200 OK and location data in JSON format. I understand this part. The next step is what I don't understand. Apparently after the rummble application receives the location data (lat, long, address, etc.) it sends this information using a GET request to some api on another server that acquires the various establishments in a given mile radius. All I did was click, find my location using gears. I would reasonably expect the application to just return my location but it's returning more than that without clicking any other buttons in the application. Can someone explain how this happens? Is there a script that makes this happen? I hope I explained my situation better.
alt text http://img211.imageshack.us/img211/1236/examplel.jpg
Well, the first step in determining an anonymous user's location, is by his IP. If that's what you want, you need to do one of two things:
Find a database of IP-and-locations. A quick Google search turned up http://ip-to-country.webhosting.info/downloads/ip-to-country.csv.zip
Trace route and reverse-lookup the IPs to host names using DNS, and try to read the host names for geo-information, such as country and city.
Either way, once you have a country and/or city, you can do a lookup geo-lookup to find latitude and longitude, and display a map based on those coordinates.
Presumably, Google Gears uses something similar, or perhaps based on data mass-collected by Google using their various data-collection techniques. That way, once Google Gears has figured out where the user is, it knows which city/country he's in, and requests the matching latitude and longitude.
For whatever reason, rummble.com isn't querying navigator.getlocation on my machine, so I can't confirm your report myself.
However, when you click to allow rummble.com to get your location from Gears, you're handing over that location information to the rummble.com website. That website is then free to do with it as it wants -- the information is returned to a piece of Javascript running on the browser, and in this case it sounds like that piece of Javascript is using your location information to load a list of nearby restaurants.
You might very reasonably be worried about this. What if rummble were sending your name and location information to an advertiser or to the government? How long are they storing your precise location information? You should consider these implications before giving permission to share your location with a website.
Related
I've hosted my website in Firebase. I'm using firebase onRequest functions to track user Lat & Lag.
Below is the code,
User Geo Location Coordinates (Lat,Lag): ${req.headers['x-appengine-citylatlong']}
I accessed the website from my location, but firebase function gives me different Lat/Lag.
I'm getting correct Lat/Lag from this website https://www.gps-coordinates.net/
Currently I'm getting this Lat/Lag listed in this website https://ipinfo.io/
How do I get exact user coordinates ? please help.
Note: I can't use client side to get Lat/Lag. I have to do this in server side
Google App Engine-specific headers may not be enough for your expectations. You cannot get exact location using headers only. According to App Engine-specific headers:
X-Appengine-CityLatLong
Latitude and longitude of the city from which the request originated. This string might look like "37.386051,-122.083851" for a request from Mountain View.
Getting a precise address from the server without data and consent from the client side is impossible. That would be a huge privacy issue. I'm not sure if you're using web or mobile, but location permissions will always apply regardless of the platform.
This is also mentioned from this thread:
The specification explicitly states that since the nature of the API (Geolocation) also exposes the user’s location and therefore could compromise their privacy, the user’s permission to attempt to obtain the geolocation information must be sought before proceeding
While Maps SDK has wrapper libraries so you can run them on a server, Geolocation API is not mentioned, so what you want is really not possible.
I am looking for as reliable and accurate / quick means possible to add in some htaccess code to block visits to a website from countries / IPs which are not in the white listed list of countries I want to allow access for. I have looked at https://www.ip2location.com/free/visitor-blocker which seems to offer a solution - for the 4 allowed countries I want to allow access - it has created a 4.1MB htaccess file! Will this mean slow access when someone attempts to view the site? I guess using a free service like this means the data is likely nowhere near comprehensive?
Does anyone have any suggestions on a good way to allow just visitors from a few countries access to a website?
It sounds like the service you used basically tried tried to brute force the blacklist. If you look into the htaccess file I'm sure you will be a long list of hard coded IP blocks.
In my opinion this is a terrible way to handle a geographic blacklist. To your original question - there is no "most reliable, most accurate, and quickest" method. Those are separate categories and you will need to preference one over the next.
For performance you could consider blacklisting at the routing level / dns server / proxy. This obviously isn't going to be the quickest way in terms of performance. There are Apache Modules that exist that allow you to use a local database to compare the incoming IP address with a list of known IP blocks from the blacklisted country. One of the main issues with this is that you need to constantly update your database to take in new IP blocks.
In my opinion the "best" method to do this is a simple redirect at the application layer using server side code. There exists several geographic API's where you can send in the IP or Hostname and get back a country of origin. An example:
$xml= new SimpleXMLElement(file_get_contents('http://www.freegeoip.net/xml/{IP_or_hostname}'));
if($xml->CountryCode == "US") {
header('Location: http://www.google.com');
}
There are two ways to block a visitor in web server. One is using firewall (.htaccess etc) and another one is using server-side scripting (PHP etc).
If you are concern of the performance of the firewall option, then you can download the IP2Location LITE database from http://lite.ip2location.com and implement the database in your local server. For every connection, you query the visitor IP address and find their country. You can redirect or block them using the PHP codes. Please find the complete steps in https://www.ip2location.com/tutorials/redirect-web-visitors-by-country-using-php-and-mysql-database
There is also another option to use remote geolocation API. However, we do not suggest this method because of network latency. It will slow down all user experience due to API queries.
I need to get user's current location.
I can ask for location by location keyboard and user will send his current location clicking on it. But he can also reply to message, choose any location on map and share it.
Either way, the returned results to my Bot are identical.(At least as I see.)
Is there a way or a trick to make sure that the shared location is also his current?
FYI - I'm using TeleBot library written in Node.js.(Even though I don't think it will affect the answer.)
My workaround is I ask user send the location twice.
If two location are different. I will keep ask them to send new location.
Another solution is I create another inline bot which will create an Venue result which includes security check. The Venue is generate by the inline bot using current user location.
Anyway, I would like to use native telegram bot api to do that. Wish Telegram team add this feature in future.
Updates: Telegram 4.4 released a new feature - live location which is very difficult to cheat https://telegram.org/blog/live-locations
There is no way to do that :(
I also have the same problem.
I have some webservices which are called by some clients and that includes through mobile and web. I have no control on the clients code.
But, I need to identify who is calling my web services, via the IP address or something else.
Is there any way to identify that?
A better approach to tracking this sort of thing is to introduce the notion of an API key. That way you know exactly who is using your service and you can track their usage etc.
On every call to your service the user would have to provide their key as a means of authorisation (not authentication). This sort of approach can generally help avoid misuse of an API, however, it can't eradicate it completely. At least with this approach if you do find malicious user it's as simple as disabling that particular API key.
You should check your IIS Logs, these will list (if you have them turned on, default they are on) all the requests made to your server.
So search through the log for the URL of the service and check the logs around the time of requests you are having issues with and it will list the IP address.
Your logs can generally be found at: C:\inetpub\logs\LogFiles
If the folder is empty then you are out of luck currently, you will need to turn logging on in IIS and then you will be able to check them after a few hours and start seeing where requests are coming from.
E.g a sample from a log.
2012-10-29 04:49:44 129.35.250.132 GET /favicon.ico/sign-in returnUrl=%252ffavicon.ico 82 - 27.x.x.x Mozilla/5.0+(Windows+NT+6.1;+rv:16.0)+Gecko/20100101+Firefox/16.0 200 0 0 514
So the first highlighted item is the date and time, and the second highlighted item is the IP address (redacted as it's a real log.)
I am working on a project which requires a server side access to google map api. i want to calculate distance (actual distance, not straight line). google map api supports javascript and not asp.net. please give suggestions ...!
you specified google maps in your question - but have you looked at Virtual Earth? Specifically this routing with Virtual Earth Web Service example sounds exactly like what you want:
server-side access (just Add Service Reference inside visual studio)
actual distance (not straight line) since it is using a route
The concerns raised by others about T&Cs for 'internal/intranet use' apply to VE as well as Google I think - you'll have to read up about whether your application needs licensing or not.
p.s. if you did just want to calculate straight-line distance, I have instructions using SQL Server 2008; which also links to some straight c# code that does it too.
The Google API allows you to Geocode via a server side call:
http://code.google.com/apis/maps/documentation/services.html#Geocoding_Direct
This would allow you to get the longitude and latitude of the locations. You can then cache these and use them to calculate distance using the techniques CMS suggests.
You will need to be careful of the Google T&C's though as you are only allowed to store the geocoding data for use on a Google map which is publicly available.
You would probably also run into limitations on the number of requests you could make from a single IP.
However I think what you mean by non-straight line distance is distance taking into account roads and one way streets etc.
If this is the case I think a commercial service is your only option. Although theoretically you could do it all via screen scraping, I'm almost certain that this would break Google's T&C's.
The simplest solution would probably be just to embed a Google map on a page of your application and let the user calculate the distance. You could pre-fill the to and from fields if required.
Again if this is for an internal app i.e. Not publicly available "my understanding" of the Google T&C's would forbid this.
Use something like firebug or fiddler to look at the requests that are being sent to Google from javascript you should then beable to build the request using that information and an HTTPWebRequest in .net and retrieve the same information.
HTH
You can calculate the distance of two geographical coordinates (latitude, longitude) using the Great-circle distance algorithm.
Here you can find some other formulas for distance calculation.
Well, you've pretty much identified the key issue, the Gmaps API is a browser resident javascript API and there's not much getting around that. Most of the API is executed in the browser so there's not much network traffic to spy on.
As tsaunders mentions there is a geocoding API call that is restfully accessible, but it only does reverse/geocoding and if you have lat/lng's already you can use the calculations the rms suggested, but they are as tsaunders points out 'as the crow flies' distance.
If indeed you are looking for road taken distance, the API does do routing but you are back in the browser to get the start/end points from the user.
Perhaps you can be a little more specific about what you are trying to do and why you feel this requires you to to access the API from your server. My application for instance has features that gather information from the user and sends requests back to my server to work on, some of that data are processed by the Gmaps API first.
If I were to use a API platform, I certinaly would not use Google as the free one does not include advances Geocoding menaing the accuracy is poor. There is also no sla , support or rights of service.
The directions are poor, the coverage for Ireland and Geocoding is almost childlike and the privacy stinks. No professional business would use a google mapping solution.
They copy everyone else's idea, say they are there own and get loads of press (they only added tube stations in 2006) an dcyclc lanes (2010), viamichelin added these 2006 and Traffic in 2009 !
Any agency or developers looking for an API should stick to Bing or ViaMichelin for better customisation and user experience which is killer !