The last couple weeks have seen me make some pretty amazing progress with the new version of Geon. I’ve settled on a name for the service, managed to get a 4 letter TLD to host it under and the Silverlight client has seen a massive redesign that drove a complete rework of the underlying API. It’s been quite a learning experience and I’ve encountered quite a few problems along the way that have served to give me some insight into the issues that the big guys probably had when they were first starting out. Whilst the system currently only has a user of one (well 3, the Anonymous user, myself and a friend’s identity I stole to test out some features) I still got to thinking about the authenticity of my data and how I was going to manage that.
I first encountered this when I was coding up the login system for Geon. Originally it was based around the built in Windows Communication Framework Authentication Servicewhich, whilst being a down right pain to get working initially, provided all the necessary security for my web application without me having to think about how it got the job done. Unfortunately though this wouldn’t work too well when I moved away from the .NET platform, namely to either Android or the iPhone, as they don’t have any libraries that support this. So as part of my complete client redesign I thought it best to not rely on anything that I couldn’t use on my other platforms and that meant building the Silverlight client as if it was a mobile phone.
In all seriousness I would’ve been completely lost if I hadn’t stumbled upon Tim Greenfield’s blog, specifically this postwhich outlined the core ideas for implementing a secure login system that uses RIA services. After doing some rough designs and mulling the idea in my head for a couple weeks I got a working implementation of it a couple weeks ago, allowing a user to login without having to rely on the built in Microsoft frameworks. Initially everything was looking good and I went ahead coding up the other parts of the application thinking that my bare bones implementation would suffice for the use cases I had in mind.
However after a while I began to think about how easy it would have been to a nefarious (or just plain curious) user to be able to wreck untold havok on my system. You see the login function needed 4 parameters: the user name, password, IP address and whether or not this session should be remembered next time the user visits the page. The IP address was for security as if someone manages to get your session ID they could theoretically use that to hijack your session and do all sorts of mean things with your account. In my implementation the IP address was passed up as part of the request which meant that anyone looking to perform a session hijack would simply have to pass up the valid IP for that session and I’d be none the wiser. Realising that it would be an issue I implemented server side IP detection which would make it quite a lot harder to get the magic combination session ID and IP address correct, making my service just that more secure.
This got me thinking about the authenticity of the data which I was going to be collecting from my users. I’m not putting any limitations on where people can post but I’m going to be flagging people as “out of area” when they’re posting or responding to something that’s not near their current location. However since I want to make the API open I have to make the co-ordinates part of the update request which will unfortunately open it up to the possibility of people faking their location. Not that there would be a whole lot to gain from doing so but if my feed reader has taught me anything recently its that the geo-social networking space is constantly grappling with this issue and there’s really no good solution for it.
There seems to be two schools of thought on the idea of data authenticity when it comes to the location space. The Foursquare approach is one of mostly indifference as whilst they have a cheater code to deal with people trying to get that elusive mayor title they seem to have no problem with those who check-in where their friends are or if you create a fake venuefor others to check in to. I’m not surprised at their reaction as both of those kinds of behaviour mean people are using their service and are finding new, inventive ways of using it which could potentially translate into new features for their service. The second is of strict “no fakery here” policy that Gowalla has taken with their 6 commandmentsof their API. Whilst they’re still opening themselves open to abuse the no tolerance policy on it suggests that they value data integrity much higher than Foursquare. Clamping down on fake check-ins would mean that their data is more reliable and thus more valuable than Foursquare’s but that comes down to what you’re using it for, or who you’re selling it to.
Personally I’m in favour of the Gowalla route but only because there’s little value in faking location data in my application. Sure there are potential scenarios where it might be useful but since I’m not placing any restrictions (only identifying out of area people) I can’t really see why anyone would want to do it. That might change when I put in the social game mechanics in and I actually get some users on the service but that’s a bridge I’ll cross when I come to it. Right now the most important thing is trying to get it out the damn door.
I’m hoping that will be soon as once I get the core in I get to buy a Macbook Pro to code on, yay!
I’d like to think of myself as knowing a bit about the geo space and how it can be used as a basis for new applications or how it can augment existing ones. I’ve been elbow deep in developing such an application for over 6 months now and I’ve spent the last couple months checking out every service that could possibly be considered a competitor to me (there’s not many, if you’re wondering). Because of this I’ve started to notice a couple trends with up and coming web applications and it seems that the social networking world is going ballistic for any service that incorporates the idea of “check ins” at any location around the world. After spending some time with these applications (even ones that are still in private beta) I can’t seem to get a hold of why they’re so popular. Then again I didn’t get Facebook for a long time either.
The basic idea that powers almost all of these applications is that you use your phone to determine your location. Based on that the application will then present you with a list of places which you can “check-in” to. If your friends on the application they’ll get a notification that you’ve checked in there, presumably to get them to comment on it or to help you arrange with getting people together. It’s a decent trade off between privacy and letting people know your location as you control when and where the application checks in and most of them allow you to share the updates with only your friends (or no one at all). The hook for most of the services seems to be the addition of some kind of game element to it, with many of them adding in achievements and points. For someone like me it falls into the “potentially useful” category, although my experience with them has led me to think that saying “potentially” was probably being kind.
The services themselves seem to be doing quite well, with Foursquare and Gowalla both managing to wrangle deals with companies to reward users of their applications. In fact it seems that check-in based services are the latest darling child for venture capitalists, which funding flowing thick and fast for any and all services that implement this idea. For the most part I’d attribute most of their success with their ability to hook into Facebook through Connect, as building a user base from scratch for a social networking based site is nigh impossible lest you tangle yourself up with Zuckerberg’s love child. It also helps improves user trust in the application, although that benefit is on shaky ground as of late.
Still though the value they provide seems to be rather limited. After hearing that a couple of my tech inclined friends had ventured onto Foursquare (and I got bored of reading about them every day on my RSS reader) I decided to download their iPhone app and give it ago. The integration between other social networking services was quite good and it instantly picked up a couple people I didn’t know where using Foursquare. Playing around with it I began checking in to various places, accumulating points and my first badge. Still I didn’t feel like I really got anything out of using the application, apart from some virtual points which don’t appear to be worth anything to anyone (although the same could be said of Xbox GamerScore and PSN Levels). This hasn’t stopped Foursquare from reaching over 1 million users in just over a year which is quite impressive when compared to the current giants (Twitter took twice as long to reach a similar milestone).
It’s no secret that I’ve shied away from calling Geon a social networking application, despite the obvious social implications it has. Primarily this is because I don’t want to be lumped in as yet another social app but more and more I find myself needing to incorporate such features into the application, as that’s what people are coming to expect. There’s also the point that many of the ideas make a lot of sense when translated properly into my application. Two recent suggestions were a kind of rework of the Twitter trending topics and the other being the ability to follow people and locations. The first wouldn’t exactly be considered a social networking feature but the latter is pretty much the bread and butter of many social networking services. Still I don’t think people will be looking for check-ins in up and coming social apps, even after Facebook introduces their Foursquare killing service.
It’s true though that although I might not get it that doesn’t matter when so many others do. For as long as I develop Geon I’ll be keeping an eye on these services to see how they evolve as their user base grows, mostly to see if there’s anything I should be doing that I’m not already. It’s going to be interesting to see how this all changes when Facebook finally unveils its location based service to the world and you never know, I might have the penny drop moment that so many people seem to be having about check-ins.
Until then however my Foursquare app will be little more than an interesting talking point to bring up amongst friends.