|
|
|
|
|
|
by dfworks
250 days ago
|
|
|
It’s perhaps a bit better now, but back when trip-sharing features were first added to third-party mapping and delivery platforms, there was a real tendency to overshare. Many early implementations generated public URLs with sequential or low-entropy IDs that could be guessed or brute-forced. Anyone who knew the pattern could enumerate live or historical “shared trips,” exposing routes, addresses, and other metadata that were never meant to be public. I documented a few examples of this a while ago, which demonstrate how easily these systems could leak journey data. https://dfworks.xyz/blog/online_stalking_citymapper/
https://dfworks.xyz/blog/pizza_order/ |
|
|