I suspect there was a drop-in maps widget the developers used so they wouldn’t
have to implement any logic to translate scrolling and zooming to a bounded
rectangle of latitude and longitude.
Submitting a Report
To submit a report, I had to give my first and last name, my email address
and my “Passport”. Nothing was explained about what this “passport” field represented:
a passport number? A country from which I have a passport? It seems like a
very unusual, and highly personal piece of information to collect.
Luckily the lack of validations accepted "eh" and I was able to submit
a test report
POST http://www.iseaapp.com/api/user/save HTTP/1.1
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT
Content-Type: text/html; charset=UTF-8
The submission did include the latitude and longitude of the area
in which I clicked, along with a text encoded “screenshot”. The screenshot
is encoded in a format I’m not familiar with and haven’t yet decoded.
The first few lines of it look like this:
Screenshot Encoding (replaced escaped "\r\n" with real newlines)
If anyone recognizes this encoding (its not base64) please let me know and
I’ll see about decoding the whole string.
Update: It is base64 after-all, but the JSON encoding did some escaping. I deleted
\r\n characters and turned \/ into literal / and was then able
to base64 decode the string into a png file. HT: @joe_h_punk
Finally, the mailinator account I used to sign up received an email
Thank you for helping us test out this application. We will not be able to give individual details to you due to the high volume of responses but we will be informing our users of the effects their efforts have had after the testing period is over. Your efforts will help transform ours.
I SEA Team
It’s interesting that they are calling it a test. I didn’t read all the
news coverage, but I’m not aware of any indicating it was anything other
than a real app.
None of the technical discovery really points to a motivation and I don’t
care to speculate on that front.
From the app level, all the infrastructure they would need to actually
work is there: the API could point different users to different images, and
it does appear to accept all the data you might expect for a given report.
It just seems its not actually hooked up to anything, and in fact, would
likely be prohibitively expensive to do so.