I have two-step authentication on facebook. I just tried to log in from my home PC but didn't write second step code.
I've got notification that somebody (me) was trying to login to my account and location was so precise (within 2 meters).
I wondered how facebook detects location so precisely only based on IP?
Today geolocation is in the core business of Marketing companies, there's a very developped market of customer data, so tons of mobile apps and services collect data such as usual IP addresses, personal information, interests, locations.
That information gets reselled to data brokers, aggregated, corrected. And then Facebook or others can buy that data, merge it, implement corrections and so and get tables for matching IPs and locations that are not public, it seems.
However they offer a high level API to perform market targeting which seems to use that data:
https://developers.facebook.com/docs/marketing-api/buying-api/targeting#location
In your case it was precise because they may have a good dataset based on your privacy settings experience, not only with facebook but with other geo-located apps. In my case their guess is wrong by hundreds of Km, because I was behind a corporate proxy.
Related
I want to monitor employees interactions inside companies. In the case the company is using Gmail, I was thinking about using https://developers.google.com/admin-sdk/email-audit/.
But i still have some questions regarding the "lawful" purpose and I'm wondering if Email Audit is the right API if my purpose is to monitor in real-time emails knowing there will be at least 10 000 emails/day to monitor.
If you check the Usage Limits and Quotas:
Limits and quotas protect the Google infrastructure from an automated process that uses the Email Audit API in an inappropriate way. Excessive requests from an API might result from a harmless typo, or may result from an inefficiently designed system that makes needless API calls. Regardless of the cause, blocking traffic from a specific source once it reaches a certain level is necessary for the overall health of the Google Apps system. It ensures that one developer's actions cannot negatively impact the larger community.
To answer you question, if your goals falls under this description - Google Apps Email Audit API Developer's Guide:
The Google Apps Email Audit API allows Google Apps administrators to audit a user's email, email drafts, and archived chats. In addition, a domain administrator can retrieve account login information and download a user's mailbox. This API can be used only for lawful purposes in accordance with your Customer Agreement.
Then the answer would be yes, it is the appropriate API to use. If you are thinking about the 10000 emails/day, you might want to check if it is reasonable to ask for quota increase.
Hope this helps!
I'm setting up a network in which individuals see profile information of one friend, switched with that of another friend; such as likes, political views, etc.. Similarly for twitter, would see tweets tweeted by people who they follow. This would be editing only web interfaces of the two services.
I would like to have a transparent proxy on the network cache and serve the mangled pages; is this possible or even the correct way to attempt this? Thank you.
Since both Facebook and Twitter use HTTPS for their default connections, the correct term for what you're proposing is a Man-in-the-Middle attack. To do this you would need to do the following:
1) Deliberately misconfigure your proxy server to intercept HTTPS traffic.
2) Intercept the SSL/TLS handshake to get the session keys for each encrypted session.
There are commercial products which do this and are usually sold to businesses or government departments which need to monitor the activities of their staff, or who just want to.
A similar proposal was made around five years or so ago in Australia as part of the proposed Internet censorship regime. I wrote a report on that a year or so later and you might find it useful (PDF). Pages 6 to 10 deal with the part you're interested in, the technical methods by which it could be done.
Needless to say, I recommend against deliberately intercepting and interfering with your network users' secure communications. There would, after all, be no practical difference between interfering with their social media accounts and interfering with their bank accounts.
I want to find out how many app users I have from a specific country. I know insights will show me how many users I have in each of my top twenty countries, but does anyone know how to find out your total number of app users from a country that is not in your application's top twenty?
Your options are basically:
Check the user's current IP with something like GeoIP
... I did some testing with GeoIP in the past, but the results didn't really convince me
Implement analytics code (I'm currently using Google Analytics)
If, and only IF this information is absolutely critical then you should look into the "user_location" and "user_hometown" permissions.
PS: Remember to update your Privacy Policy if you are going to do anything with the user's IP
We are building a system that seeks to calculate and score the value of information and users of information - based on the interaction between the two.
To do this, we need to track and measure these interactions. We are working on different ways - from connecting your social services and monitoring them (hard to scale and requires very patient users happy to connect services) to explicit tracking having a bookmarklet ala digg that user can trigger whenever she is on a piece of information (basically, content) that she wants included in her score.
What we'd really like is a tool that could do something like;
monitor all activity of a person across all networks (read, watch, comment, post, tweet, author, etc) and actively sit in the users browser and 'listen and report' back to HQ anytime a defined activity takes place.
Suggestions?
If you want to monitor the Social network activities for ex. Facebook, you need to take the authentication from the user like read/friends list etc. and fetch the updates from facebook with in specific interval of time and report same to HQ.
The same thing you need to report for other networking sites.
Each network sites may have different APIs you need collect and take the permission of the users (like signin).
Hope it helps.
How do you get the total number of users in a Google Apps Domain? I'm aware of the "Retrieve All Users in Domain" call using the Google Provisioning API, but I'd rather not execute such an intensive call just to count up all the users. Is there a simpler way to do this?
I found a solution that isn't as resource-heavy as retrieving all users: The Google Reporting API can be used to get the total number of accounts in a Google Apps domain.
The Google Apps Admin Settings API allows you to retrieve both the current and maximum number of users in the domain:
https://developers.google.com/google-apps/admin-settings/#retrieving_the_current_number_of_users_in_a_domain
this would be preferable to the reports API as it's both lower in traffic and it's closer to real time (reports are only updated every 24 hours so it won't take into account users recently added).
You could try "Retrieve All Nicknames in Domain" which could save some bandwidth as it hopefully really only retrieves the nicknames, although I think this won't get you the exact count because "Retrieve All Nicknames for a User" seems to imply that a user can have multiple nicknames.
If you've got some test domain, also assure that retrieving all users really is too much overhead and keep in mind that depending on what you want to do, you can perhaps build some kind of cache around it that only does a full request after the cache is older than X.