Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The linked page says Telegram fixed this, but they only say they're now rounding the results. Hasn't this come up previously in other services and rounding is _not_ enough? It seems like it just makes it very slightly less obviously possible but doesn't prevent exploitation.


It depends on when they do the rounding.

If they round the final distance number, all you've done is reduced the accuracy to concentric circles like a dartboard, and you simply need more samples to regain the precision.

If they round the input location to the centroid of some larger region-- a square several kilometers on a side or a map shape for a region-- there's no precise information to be leaked.


On an iPhone, that's what disabling "Precise Location" does.


Android 12 has it too.


Is there a go-to library for this thing? So many apps mess this up.


Telegram fixed it one or two weeks ago, problably because of the war.


From what I recall, some services that rounded locations could still be abused by brute forcing the current location of the attacker to identify the threshold of rounding. This has been mitigated in some cases by changing the rounding threshold or truncating the value.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: