Thanks Thanks:  0
Results 1 to 21 of 21

Thread: Viewing un-published caches

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Dakar4x4 Guest

    Default Viewing un-published caches

    Hi folks,

    I've found a loophole that allows geocache users to view the cache details and logs of an un-published cache, providing they have received a watchlist email for a TB that has been placed in it. I've dropped an email to groundspeak to advise them of this, but wondered if it was already known and other people had noticed it? I was already aware that it was possible to get the cache co-ordinates if a TB had been placed, but not until last night did I realise that it's also possible to view the cache page itself.

    I have to confess I did use the information to solve the cache, claim ftf and retrieve the TB from it last night, before the cache was published. I called the cache owner and explained what I did and how I did it and they were quite shocked at the ease at which it was done, and the fact this loophole allows a cacher to read the reviewers logs to.

    Jon.

  2. #2

    Join Date
    Jul 2007
    Location
    Church Warsop, Notts
    Posts
    518

    Default

    I've heard of this loophole: I think that it dates back many years. But I've never succeeded in finding it, even though I've often had trackables in an unpublished cache. How do you do it?

  3. #3
    Dakar4x4 Guest

    Default

    Are there moderators on here? If one could confirm it isn't against the rules or innappropiate to do so, then I'll happily post it. I personally think making it public knowledge would level the playing field somewhat and be good. I am also waiting to hear back from groundspeak as I've contacted them to ask if they knew about it and if they could fix it.

    Jon.

  4. #4
    sTeamTraen Guest

    Default

    There are various loopholes in the system. I've heard of "something which sounds like" this one, some time ago, but whether it's the same one would be almost impossible to say.

    I just tried to reproduce it but couldn't, at least not by doing the obvious (watch coin with one account, drop it into an unpublished cache from another, click on the links in the watchlist e-mail). The links in the generated e-mail don't have anything special about them like "&autologin_bwahahaha=1". It might be a more general problem where, say, one time in a hundred when you connect to an unpublished cache page, you get in anyway.

    From Groundspeak's point of view, FTF is "no big deal". It's not as if there's a huge cash prize for FTF (and yes, I did spell that "cache" the first time I typed it!). There was a known bug for years where you could look up an unpublished cache on the WAP site if you knew its GCxxxxx number. If someone went out and logged FTF on one of my caches before it was published, I'd probably congratulate them, but some placers might ask them to delete the log and re-log it when someone else had found it.

    The possible leak of the pre-review notes is slightly more concerning; I always write my reviewer notes as if the rest of the Internet is watching me but you might find the explanation of a devious puzzle in there.

    This certainly needs to be fixed, so if you have a reliable procedure to reproduce it then please contact me or one of the UK reviewers by PM and we can run it up the bugs chain.

  5. #5
    Dakar4x4 Guest

    Default

    Hi sTeamTraen,

    Yup, I have a quick and simple procedure now to view either just the un-published cache details, or indeed, the cache and all the reviewer logs. I have notified groundspeak already but have not heard back yet, I guess they don't come on-line until this evening, so I'm happy the 'problem' has been logged.

    I've used this technique to also view caches that have been 'un-published' following a problem and yes, the ability to view reviewers notes is a little concerning.

    My query is though, can and will this loophole be fixed? The Google Earth technique hasn't been and has been known about for ages. I also notice there is a map on the TB page now that actually allows you to zoom in and see the final cache location (assuming it's just a trad) and that's from the main geocaching.com page!

    Additional: Forgot to say, I did this primarily to get the Interception TB, but the FTF thing is I guess a side effect of it.

    Jon.

  6. #6
    Dakar4x4 Guest

    Default

    Quick update - I've had to promise to Groundspeak that I won't use this method to view un-published cache details again and not to share the details of this loophole with anyone else. They consider that to be an end to the matter. When I queried if they are actually going to fix the loophole, they have advised it is something they already knew about and will address at some point. Kind of a bizarre resolution if you ask me, but I guess in their minds this is just a gaming website. It's not banking, it's not personal information, so it's not a huge issue. On reflection I guess they are right and I was taking my Hobby a bit too seriously to think it was a big problem. Hey-Ho!
    Cheers & thanks to Graculas for their assistance,
    Jon

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •