Comment by Aachen

Comment by Aachen 6 days ago

12 replies

View on Hacker News

That just gives a false sense of security. Someone who means harm would simply set themselves to each city successively, while people believe it to be private (similar to the location feature in dating apps that keeps being broken to find people's exact addresses). Not that I see what harm there is in associating a username with a (nearby) city when one makes that choice consciously, so it's not like the dating app situation where you (1) believe the location will remain secret and (2) it being revealed means your exact address is now known

atmanactive 6 days ago

An app that would allow an account to change it's location more than 3 times in a year is a broken app in my book.

Reply View 11 replies
  • tacitusarc 6 days ago

    People move all the time. People also often have multiple accounts, which they could use to determine which accounts are located where.

    Reply View 9 replies
    • atmanactive 6 days ago

      Then it would need a GPS-backed proof to allow more location changes while preventing abuse. There's always an intended use case and corner cases which could be handled via support ticket, thus passing through human judgement.

      If there is a secure app on your phone, then how can you have multiple accounts?

      Reply View 8 replies
      • frde_me 6 days ago

        Well, one answer might be that someone could spin up emulators

        Or reverse engineer whatever app you have.

        Or reset their phone? (or would you restrict it somehow to one account per physical phone? What happens if it gets sold or given away?)

        Having worked in fraud detection a bit, it's _really_ hard to prevent people from making multiple accounts. Short of requiring ID based verification, and even then.

        And then you have to still not go overboard and keep the onboarding low friction enough that people will be willing to go through it

        Reply View 1 reply
        • atmanactive 5 days ago

          Your points are all true. But we must not forget that security is like onion layers. The fact that something can't be made military-grade hack-proof doesn't mean we should leave it wide open for the whole world to abuse.

          Reply View 0 replies
      • Aachen 5 days ago

        GPS is a one-way system, how could that ever be proof? You'd need to send people devices with some DRM on it so that they can't modify the code it runs and the check it performs (we all know how well DRM works anyway, or how desirable it is)

        Reply View 5 replies