Jump to content


+Premium Members
  • Posts

  • Joined

  • Last visited

Posts posted by thomfre

  1. 4 minutes ago, Frau Potter said:

    ...but sometimes making it appear as if the messages are coming from an active user. We do not believe they were actually sent by that user.

    Are you saying that we can't trust the integrity of the message center? Can anyone send messages as other users?

  2. 10 minutes ago, DragonsWest said:

    I found out about this this morning. The bottom line is "What is Groundspeak/Geocaching" doing about it?

    It turns out that they are actually doing a lot.


    I have just heard that some of the fake-loggers have received emails telling them to stop.


    Thank you, Groundspeak!

    • Love 1
  3. 7 minutes ago, HHL said:

    It's not this tool that should be banned. It's the copying and sharing of code lists that should be banned asap.



    Which is why I used the word "temporarily". That would solve the issue right here and now, and give Groundspeak time to figure out a real solution.

    • Upvote 2
  4. 4 minutes ago, rufnredy said:

    In light of recent TB issues, would it be possible add "Lock" to the actions that can be performed by the API??


    this would allow the use of API calls to speed up the lock process.


    Thanks for considering


    Or even better, just temporarily block discovering via the API for all applications. That will probably stop all of the mass discovering right now, as people use tools like logthemall to submit the fake logs...

    • Upvote 2
  5. 6 minutes ago, igator210 said:

    There are reports of unactivated codes being activated to. Looks like someone is just using a random number generator to see if codes are valid.

    So I have to make sure I activate all my unactivated trackables now?

  6. 2 minutes ago, ZackJones said:

    Add me to the list of people getting a rash of discoveries over the weekend. Many have referred back to the Facebook page. I've reported it on Facebook but so far no one from Facebook has contacted me about it.

    That won't happen. Most likely, Facebook will do nothing about this.


    Is Groundspeak aware of this?



    Are they taking any action?

    By the looks of it, no.

  7. 4 minutes ago, HHL said:

    The API partner Project-GC does own this FB page:


    They publish TB and coin codes that never meant being public (at least the TBs that are in my hands shouldn't be discovered in the internet)

    I would like the HQ to ask its API partner stopping this inappropriate behaviour by  removing that FB page.

    Thanks for considering.



    This is wrong.


    Project-GC has nothing to do with that page, in fact, Project-GC just implemented changes to prevent people from being able to log those lists through Project-GC.

    Edit: https://www.facebook.com/ProjectGC/posts/2854779711246266?comment_id=2855094981214739&reply_comment_id=2856020204455550



    • Upvote 1
    • Love 1
  8. 3 minutes ago, cerberus1 said:


    Wow, kinda nonchalant response when there's hundreds of codes there... 

    There's a cacher here, owning hundreds of trackables.  Are they supposed to "temp lock" and delete them all because there's a hacker with the codes ?

    This is how HQ responds to everything now. They mostly use canned answers for all incoming email. I wrote a rather long email, and got the exact same response - word for word.


    Let's just hope they actually do something about it.

  9. On 1/1/2020 at 7:42 AM, sealawyer98 said:

    I had a coin that was never released or shown to anyone that was recently logged.  I messaged the individuals who "discovered" the coin.  I found out it was posted in a batch of numbers here:  https://www.facebook.com/GeocacheTBSpoiler  You might find your number has been compromised on this facebook page. 

    So where do they get the codes? Has there been a data breach on geocaching.com? Are they randomly guessing, and just hoping that they will hit? Or have someone figured out the algorithm that generates the codes?

  10. 17 hours ago, Keystone said:


    Lawmakers believe otherwise.  The ability to opt out of data selling/data sharing with third parties is a cornerstone of many privacy laws, current or proposed, including CCPA.

    The ability to opt out of data selling is what CCPA is about. Most API partners I know about doesn't pay anything for the data. The law is meant to protect consumers from tracking and targeted ads, not from partner applications. So CCPA doesn't actually cover official partners (maybe it covers Project-GC, but not the rest).


    GDPR allows sharing too, as long as proper written agreements are in place - and that is the case for official partners. So I'm starting to think this entire change is rushed, just to err on the safe side, instead of actually doing what the law require.

    When it comes to tracking, cookies and selling data, that should have been handled a long time ago. GDPR has been in effect for a while now. I'm surprised that Groundspeak has been allowed to ignore this for so long without getting fined.

    • Upvote 3
  11. 4 minutes ago, on4bam said:


    Wrong, the API can't delete data from my GSAK database which is on my HD.


    I'm not wrong. The agreement has this as a requirement. Partners failing to follow the requirement does not affect me being right in this statement.


    4.8 You must have all permissions required by applicable law to obtain or use any Personal Data.  You agree to the terms of the Data Processing Addendum included at Exhibit E. At the direction of Geocaching HQ, You will remove or delete any Personal Data in an expedient manner


  12. 15 minutes ago, thebruce0 said:

    But it doesn't affect HQ since they are not authorized and they can't really do anything to stop it.  It would be interesting to see how far someone would take GDPR if they feel HQ should be legally required to actively prohibit unauthorized developers from taking such data. I can't say how it'd be possible apart from removing the website entirely since that's really the nature and function of the internet (which I think was why gdpr gained such notoriety when announced).


    I disagree. Other companies have dealt with problems like these by sending cease and desist letters. As long as Groundspeak doesn't do anything, I see no reason why people can't hold them liable. But I am not a lawyer either. There are ways for Groundspeak to block c:geo (without blocking legitimate traffic), they would find a way around it probably, so it would be a game of cat and mouse. But I still believe they should do something.


    13 minutes ago, Rock Chalk said:

    As interesting as some of this discussion is, much of it is unrelated to features in this release. General discussions about privacy issues should be directed to other appropriate threads or forums.

    This release is related to CCPA, yes? One of the requirements are:


    (2) Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.

    So in relation to this change, I am asking: are you prosecuting c:geo for infringing on the rights of your users?

  13. 1 minute ago, 2Abendsegler said:

    You don't have to be interested in the script or the scripts. It was just an example from my practice to explain you the situation.
    And I had and have no intention of saying, that c:geo is not scraping data, in violation with the ToU. If you had read my articles carefully, you would not have missed that either.

    What I meant is that there's a difference. Gclh is not scraping the site like c:geo is.

  14. 6 minutes ago, 2Abendsegler said:

    Certainly not, because c:geo and GClh only processes data that the logged in user can also view via his browser. That is nothing forbidden.

    Maybe, the blocked official partner apps processes with more data?


    Yes, but in 2010 and the following years there are no API.
    And as I started with GClh development in 2016, I actually had no desire to throw everything away.

    I don't care about gclh or other scripts. C:geo is scraping data, in violation with the ToU. Nothing you say will change that.

    • Upvote 2
  • Create New...