How to Build a Proximity-Based Auth System that Defeats Fake GPS using WebRTC RTT

The Problem: GPS is easy to spoof We've all been there. You build a location-based system (for attendance, ticketing, or security), and within days, users find a "Fake GPS" app to bypass your geofencing. As a software engineer, I wanted a way to prove physical presence without relying on unstable satellite signals or easily spoofable coordinates. The Solution: Network Topology & Latency (RTT) Instead of asking "Where is this user?", I started asking "How close is this user to my gateway?". By using WebRTC DataChannels, we can measure the Round-Trip Time (RTT) between a client and a local server. Since radio waves travel at a constant speed, a sub-5ms latency is a physical guarantee of proximity that no VPN or GPS spoofer can fake. How it works (The Evolus Approach): The Handshake: The client opens a Web-only interface (no app needed). The Measurement: We establish a P2P connection via WebRTC. The Fingerprint: We analyze the local network topology (Gateway fingerprints and BSSID nei