[HN Gopher] Show HN: End-to-end encrypted location sharing servi... ___________________________________________________________________ Show HN: End-to-end encrypted location sharing service like Google Latitude Author : apayan Score : 72 points Date : 2020-12-08 16:57 UTC (6 hours ago) (HTM) web link (www.zood.xyz) (TXT) w3m dump (www.zood.xyz) | novok wrote: | I'm unable to try out the android app, since I'm on iOS, but one | idea that would be cool is to set the accuracy of the shared | location. Some people just want to share what neighborhood, city, | or even what country / state they're in, or only share accurate | location to a specific set of people. | | Also another way to avoid using google / apple location services | is offering a geoIP mode, which would mesh well with the optional | rough location options. | | It's too bad you can't force location services to only use built | in GPS vs pinging their internet servers. | | Apple also has an issue where they silently stop location | tracking apps in the background, you might have to make a nag | notification like arc app does do to keep it active. | https://www.bigpaua.com/arcapp/ | apayan wrote: | > _I 'm unable to try out the android app, since I'm on iOS_ | | I don't have a formal list set up for this, but if you would | like to be notified of when the iOS app is ready just send me | an email [arash at zood dot xyz], and I'll send you a reply | when it's ready. | | > _one idea that would be cool is to set the accuracy of the | shared location_ | | Great idea. I hadn't considered that. Using geoIP mode would | also be worth investigating. I've often found geoIP to be quite | inaccurate when on cellular networks (e.g. reporting that I'm | in San Jose when I'm actually in Los Angeles). Any thoughts | about that? | | > It's too bad you can't force location services to only use | built in GPS vs pinging their internet servers. | | My understanding is that on Android if you only use the | platform location services instead of the Google Play Fused | Location Provider, it will only access satellite positioning | (GPS, GLONASS, etc.). It will also use up your battery faster, | but I think that's tangential. So, at least on Android, I can | code a path to only use location services. | | > Apple also has an issue where they silently stop location | tracking apps in the background, you might have to make a nag | notification | | That has been a real pain in my side on iOS and Android. So | many deceptive apps have abused the location system for so many | years, that Apple (especially) and Google are making legitimate | use cases of background location very inconvenient. I can't say | I blame them either. | bradbeattie wrote: | > Any thoughts about [GPS accuracy]? | | Unless I'm missing something, couldn't you just fetch the GPS | location and truncate the precision to 1/2/3 decimal points? | There are subtler ways of doing this that mitigate | | A: Oscillation of a user on the border between X,Y and X,Y+1 | | B: Distortion of precision area near the poles | | but I'm sure you get the gist. | novok wrote: | It would probably be a power user option wrt to geoIP. Maybe | add a tag to the location to denote that this isn't very | accurate / a geoIP location. You could even detect if your on | wifi or not to say if it's a cellular geoIP, so it's extra | inaccurate or similar. | | You could even go full original whatsapp and add a status | string thing :P | gizumo wrote: | Looks like it has potential. As a somewhat hopeless security- | minded user, I appreciate the genuine privacy interest from | developers. Gotta try it out more before deciding whether it | stays on my phone or not. | mike-cardwell wrote: | I had an idea for a location sharing app, years ago. Never built | it. It would share privately using encryption, as this one does, | but _also_ , people could easily see a log of who looked up their | location and precisely when. | | The benefit of this would be that you could ask your family | members to install it on their phone, for emergencies. And if you | have a teenage kid who is concerned about you "stalking" them or | "invading their privacy", you will be able to say, "you will be | able to see in the app whenever I look up where you are, so you | will know that I'm not checking up on you constantly" | | It would also be a deterrant against you abusing your powers. You | wouldn't want to look up where they are unless absolutely | necessary, as you wouldn't want to create that log entry on their | phone, as you'd have to explain it. | | Free idea, for anyone who wants it. | dessant wrote: | This is a wonderful service and it's laudable that your heart is | in the right place! Please introduce a paid version early on, | people are lenient about the early rough edges when you have such | an admirable mission statement. Also don't be afraid to release | the paid version under AGPL, your users will be happy to pay you | for the convenience of an app store installation and hosted | infrastructure. | apayan wrote: | Hi everyone. I wanted to start a company that builds privacy | preserving/enhancing products+services. The first product was | this location sharing service (scratching my own itch), and my | friend said I should just put it out there to see if anybody is | actually even interested in it. The code is AGPL [1], the crypto | is based on libsodium and the mobile apps are all native. | | I'd like to find a way to charge for this service so I can spend | more time on it, and building other privacy preserving services, | but I'm not sure of some things: * Is this a | service you would use? * Would you pay for it? * | Would you or your company sponsor it? | | Happy to answer any questions you may have. Any feedback is | appreciated. | | P.S. I'm sure you may be wondering "where is the iOS app?". It's | coming. Real soon. Now'ish. Later. It's currently undergoing a UI | overhaul, and because all of the people I share with are Android | users, it hasn't been as high of a priority. | | [1] https://github.com/zood | dangerboysteve wrote: | How is this any better than using Signal and sharing location. | apayan wrote: | Signal allows you to explicitly open the app, get your | current location, and send that snapshot of your location to | someone immediately. That's definitely fine for some use | cases. | | Zood Location lets you share your location with other people | without having to do anything on your part (besides accepting | the initial friendship). Then your friend can simply open | Zood Location on their phone and they'll be able to see where | you are and you won't have to do anything. It's very useful | for families trying to coordinate dinner plans after work, | determining how soon your partner might be back home to help | with the kids and other seemingly trivial things that usually | require multiple disruptive calls and text messages. | CobrastanJorji wrote: | Maybe I'm missing something, but where's the product part? The | app looks free. There's no discussion of paying. Where's the | part where you make money? Is there idea that I install and | start using it now, and then once enough people sign up, you | yank the free version and begin to charge? | apayan wrote: | It's a fair question. I want this to be sustainable, and you | want the services you rely on to be sustainable. | | In truth, I'm trying to determine a pricing model right now | via this Show HN. I don't intend to "yank the free version" | from anyone. Maybe I'll be able to find a freemium model, | maybe I'll be able to acquire sponsorships, maybe there will | be a way to simply charge for it... I don't know. But folks | that start using it now will be grandfathered in, so you | don't have to worry if you don't want to pay. | | I don't (and won't) have any investors that I need to | satisfy. So there's no VC breathing down my neck, pressuring | me to squeeze users. | | I hope that's a satisfactory answer to your question and that | it allays your fears. :-) | huhtenberg wrote: | Excellent stuff. I especially like that this focuses on solving | an actual, very specific problem rather than being some | amorphous platform. | | That said and if I read you correctly, the backend must be some | sort of a dumb relay that just routes blobs of data between | clients based on how they are grouped. Correct? | | If so, then nothing restricts you from relaying _any_ type of | data, which is a _fantastic_ foundation to have. | | Do you have any details on how two clients would establish | trust, exchange keys, if there's a replay protection, etc.? It | would make for a good read. | | PS. One thing I'd change is the name. It's just... not nice, | unpleasant. It also doesn't help that it means an "itch" (zud) | in some languages, the kind you get from not taking a shower | for a month. | apayan wrote: | Hi huntenberg. Thanks for the thoughtful reply. :-) | | > _That said and if I read you correctly, the backend must be | some sort of a dumb relay that just routes blobs of data | between clients based on how they are grouped. Correct?_ | | You're correct. It is just a dumb relay. That's the reason | why it's so difficult (impossible?) to come up with a | freemium monetization strategy. The server can't see the | contents of your communications, so it can't restrict | functionality. | | > _If so, then nothing restricts you from relaying any type | of data, which is a fantastic foundation to have._ | | I suppose so. What did you have in mind? | | > _Do you have any details on how two clients would establish | trust, exchange keys, if there 's a replay protection, etc.? | It would make for a good read._ | | I don't have anything written up about this (other than the | code in the repositories), but if there's interest, I could | compose a blog post about it. For the time being, users can | verify the privacy of the communication with another friend | by comparing the safety number of the friendship (tap the | friend's avatar on the map, in the info panel that pops up | click the triple dots at the top right, then select 'View | safety number'). If you're safety numbers match, you know | your share with that friend is secure. I got the idea from | Signal messenger. | | > _PS. One thing I 'd change is the name._ | | Yeah, I'm still reconsidering the name. I've already changed | the company name once, but I may have to change it again. | It's just hard to come up with an easy to remember+spell name | that also has an available domain. | 0x53 wrote: | My wife and I currently use Google maps to share locations with | each other. I really hate doing this because I really dislike | Google having access to my location. So yes I would use it. I | would probably pay $15-20 once or a $1-2 a month for something | like this | thewojo wrote: | No JS on the website (so far)...nice. | | Interesting. Been thinking about something like this. You | mentioned other privacy preserving services; which products do | you think are most in need of privacy preserving alternatives? | apayan wrote: | For Zood Location, I'd like to add a 'Find my phone' feature. | It's already mostly done in the Android client (I don't think | it's possible on iOS). I just need to implement a landing | page on the web that folks can use to log in and make their | phone start ringing. | | Re: other services. | | I'd like to implement something akin to Google Photos but | where all your images are encrypted before going up to the | cloud for storage. All the fun face recognition features and | indexing would have to happen on your phone, but phones are | plenty powerful enough these days to do that while you're | sleeping and your phone is plugged in and charging. | | I'd like to implement a simplified personal assistant like | Google Now, that doesn't depend on sending your personal data | into the cloud. Again, phones are so powerful and they | already know so much about you based on local context, that I | think there's a big opportunity for making a "good enough" | assistant that doesn't compromise your privacy. | | More mundane, but I think still very useful, is being able to | store your contacts in the cloud, but making sure they're | encrypted with a local key you control, so the storage | provider (e.g. Zood) can't see your contact list. | | An actually trusthworthy VPN provider. Mozilla entered this | space a couple months ago, and I think it's great that there | is at least one trusthworthy VPN brand now. It's a very | confusing market for people to navigate, but I'd like to earn | the trust of people so a Zood VPN product would become a | viable service. | | Along the theme of helping people extricate themselves from | the advertising and surveillance economy, a service that | helps people remove themselves from these junk snail mail | lists. You can do it on your own right now, but it can be | overwhelming. | | I have lots of other little ideas, but they aren't quite | ready for discussing. :-) | novok wrote: | There is also https://www.mylio.com which E2E encrypts | photos on the cloud, is iOS, Android, Windows and macOS and | is very performant. There is also photostructure, but they | don't seem to be planning to make mobile clients any time | soon :| | | One thing I've actually not seen is E2E contacts & | calendars. Everything seems to be based on CalDAV & CardDAV | which I think forces you to sync them with a server in | plaintext. Email is mostly a lost cause, the closest you | could approach it is something like protonmail AFAIK. | | Also as far as 'good' VPN providers, I think PIA & Mulvad | have fairly good reps. Mulvad even lets you pay in mailed | in cash. | mceachen wrote: | > There is also photostructure.com, but they don't seem | to be planning to make mobile clients any time soon :| | | Sorry about that. I certainly get the appeal of "one app | to rule then all," but as an indy solo dev, I have to | focus on building features that give my users the best | bang from my limited time. | | File sync is surprisingly hard to do cross-platform--most | apps have pretty abysmal app store ratings, including the | built-in ones from NAS manufacturers. | | I personally use Resilio Sync as a one-trick-pony that | just copies my smartphone photos to my NAS. There are | several other apps to that do this, as well: | https://photostructure.com/faq/how-do-i-safely-store- | files/#... | | PhotoStructure's sync process then automatically finds | and imports new files into my library. | | A homepage bookmark icon on my phone that links to my | personal PhotoStructure library works well. | wh33zle wrote: | Re Google Photos: | | Checkout "Stingle Photos" [1], very similar stack to what | you described. | | [1]: https://stingle.org/ | vorpalhex wrote: | > Is this a service you would use? | | Yes! I already use a non-privacy centric service like this, and | would very much like to swap it out. | | > Would you pay for it? | | Yes. I'd be willing to pay $30/year for quicker updates. Maybe | have a freemium model of an update per 30 mins or 60 minutes, a | middle tier of 5 minute accuracy (good enough for most users) | and then a premium tier of ~30s accuracy. Maybe play around | with the amount of people in a group too - it makes sense to | charge more if you're sharing with a small family versus a | single friend. | | As always with subscriptions, please make them have clear | pricing, an option to pay annually (even if there's no savings) | and allow auto-renew to be opt-in instead of by default. | | On the monetization front, you likely can leverage the same | infrastructure for an Enterprise version of the app. What many | companies want is a rough geofence app that can let them know | when someone is abroad for work and give them location specific | information - "Oh hey, you're near the Ohio office. The alarm | code is XYZ, and your badge has been given temporary access for | the next 3 days." | | Especially if you can assure employees that they're only giving | rough location information to their employer ("Mary is in | Nevada" and not "Mary is at So-and-so brothel in Las Vegas") | then it feels like an acceptable tradeoff of information and | benefit. | JoshTriplett wrote: | I would _absolutely_ use this, particularly with map | integration and messaging /Signal integration. I'd also love to | use this to trigger events (e.g. turning off lights when | everyone leaves, turning them on when anyone gets home). | | Regarding payment: I would get value from this, but primarily | in conjunction with a higher-level service built atop it | (providing features such as those mentioned above), and I'd | want to pay for the higher-level service with this integrated, | rather than paying for the building block. (That'd mean either | you're providing the higher-level service and getting paid | directly, or providing the building block and getting paid by | the higher-level service rather than by the end user.) | apayan wrote: | Thanks for the feedback JoshTriplett. :) | | Could you describe in more detail what you have in mind | regarding "map integration and messaging/Signal integration"? | | I totally get what you mean about triggerring events based on | location (turning off lights, etc.). | JoshTriplett wrote: | The most common thing I'd want to do with location | information is display it on a map. For instance, I'd love | to use this to help coordinate meeting up with someone, so | that we could each see each other on a map. I'd also like | the client-encrypted private historical record for a | variety of purposes; everything from "what path did we walk | on that romantic evening?" to the mundane "where did we | park?" or "where did I leave my phone?". All of those need | map integration, and that map integration needs to not | compromise the privacy properties of the location service. | _That_ would be well worth paying for. | | The issue is that I wouldn't want to use a _separate_ | mapping application for that. I don 't want to use Google | Maps for directions/navigation/restaurants/etc, and a | separate app for location sharing. I also don't want Google | Maps to have my location information/history. I'd pay for | an all-encompassing map service with this feature, and | privacy would motivate me to happily pay for that even | though Google Maps is "free". | | But I can't honestly say I'd pay for _just_ the location | feature if I still have to use a different (and non- | privacy-preserving) mapping service for everything else. If | I can have a single "Maps" application on my device, and | that application preserves privacy, I'd _love_ to pay for | that; if that app also has location sharing, that 's even | better. | | Messaging or Signal integration would be for the same kind | of "meet up" purpose: send someone a link that gives them | time-bounded access to a subset of location information | (most commonly live information about current location). | apayan wrote: | I see. Thanks for the follow up. | | Yeah, I'd happily pay for a privacy preserving mapping | app as well. While building this, I felt the need for | such a service, and as I pondered it, I felt overwhelmed | by the effort to bring such a thing to market. It would | also need a significant amount of notoriety to get people | to contribute by updating business and city information. | The other challenge is that Google Maps is just SO GOOD! | I realize it's not great for privacy reasons, but it's | simply so easy to use and useful. That's a high threshold | of quality and functionality for a new entrant in the | mapping space to achieve. That's not even taking into | consideration that this new entrant would be charging for | something that Google gives away for free, and has had | years to perfect. We can see an example of this struggle | with Apple Maps. | | > _send someone a link that gives them time-bounded | access to a subset of location information (most commonly | live information about current location)._ | | You might be happy to know that that functionality is | already present in the app. :-) Simply click the floating | action button at the bottom right of the main screen of | the app, and a timed sharing dialog will appear. Toggle | the switch to turn it on, and your location will be | broadcasted to a drop box that can only be accessed by | the key encoded in a URL that you can copy or share to | any app (Signal or otherwise). You can adjust the | expiration time of the link based as well. It's | particularly useful if you're running late to a meeting | and you're stuck in traffic, and you want to let the | person you're meeting know where you are in real time. | lambda_obrien wrote: | I would pay/donate up to $20 once, or $1 a month or something, | if you created a (very easy) containerized deployment I could | deploy on my home server and limit to only the phones I choose | to allow access, that way only my wife and I (and later my son) | can hook into this and share locations with each other. I | already have our phones setup to VPN home when off the home | WiFi, so this would be great for privacy. | | I would pay that much for the cloud offering if you had a | contractual/legal obligation NEVER to sell my data EVER, or to | sell the service to any company without wiping ALL of my data | first. | growse wrote: | It's a little bit of configuring, but it sounds like | OwnTracks can do exactly that. You can deploy the recorder | container wherever you like and then post / share locations | to it from iOS/Android apps, as well as see the last location | posted by others on the same instance. Enabling / disabling | sharing on the app is a single button press. | | (I help maintain the OT Android app) | apayan wrote: | Thanks for the feedback lambda_obrien. | | Zood Location only sends your location to users that you have | explicitly added, and your location data is end-to-end | encrypted before leaving your phone meaning that the data can | only be decrypted by the person your sharing it with (i.e. | your wife or your son. | | As for your personal data, Zood doesn't get any of it because | of the end-to-end encryption. All the server [1] does is | accept blobs of effectively random bytes (encrypted) from | users to deliver to other users. | | Even if I wanted to sell user data, there wouldn't be | anything to sell. Everything is encrypted before it leaves | your phone. It's just like Signal in that regard. | | [1] https://github.com/zood/oscar | fitblipper wrote: | I would like more information on what information exactly | zood receives and stores. | | Does zood know who is sharing with whom? Is the data usage | to username logged? | | Is the amount of data sent to zood increase as a function | of 1. How many people you are sharing your location with 2. | If you are traveling quickly 3. If you are on battery saver | or not? | apayan wrote: | Hey fitblipper. Good questions. :) | | > _I would like more information on what information | exactly zood receives and stores._ | | When you sign up, the Zood Location server receives | | * the username you picked | | * (optionally, if you provided it) your email address | | The server also stores a backup of various pieces of data | for you, but this data is encrypted on your phone before | being backed up to the server. It's exactly like how a | password manager backs up your passwords to the cloud so | you can access them from any machine. THIS DATA IS ALL | ENCRYPTED ON YOUR PHONE with a key DERIVED FROM YOUR | PASSWORD before the blobs are sent to the server. | | The encrypted data includes: | | * your symmetric key | | * your asymmetric key | | * your password salt | | * the algorithm used for your password derived key | (currently, argon2id) | | * your friends list and their public keys (for TOFU | reasons) | | Again, all that data is encrypted in the app on your | phone before it ever leaves your device. This is no | different than using a password manager. | | > _Does zood know who is sharing with whom?_ | | The most information that the server can ever see is that | some user sent some communication to a particular user. | The contents of the message are unknown. Location sharing | actually happens through "drop boxes" to make it more | difficult for the server to see when and how often users | send communications. When a friendship is established, | the friends agree upon drop box addresses to use for each | other, and they simply place encrypted data in the drop | box for the other user to check whenever it wants. | | In theory, I could perform metadata analysis to try to | statistically determine friendships, but I still wouldn't | know anybody's location. The server code is available, | and not terribly complicated so it's easy to verify that | no analysis is happening there [1]. | | > _Is the data usage to username logged?_ | | For debugging purposes, I can have the server log to | stdout when a user makes a REST call to drop an encrypted | blob on the server, or when a REST call is made to send | an encrypted blob to another user, but that's off in | production. It was there to help me build the thing. | | In general, thwarting metadata analysis by the person | running the service is tough. I look to what the Signal | messenger folks are doing in this space to improve | things. | | > _Is the amount of data sent to zood increase as a | function of 1. How many people you are sharing your | location with_ | | If you have more friends, your phone will send more | encrypted blobs to different drop boxes on the server. | The reason is that though you only physically exist in | one point of space at a time, because communication with | each friend is end-to-end encrypted, your phone will | encrypt the location info payload for each friend with | their own public key. So if you have 5 friends, every | time your location changes, your phone will encrypt the | payload 5 different times and place it in five different | drop boxes on the server. | | > _2. If you are traveling quickly_ | | That's based on your phone's operating system and | version. Google and Apple are always tweaking how often | location updates are reported to apps. But if a location | update comes in, Zood will encrypt it and upload it. | | > _3. If you are on battery saver or not?_ | | I don't really use battery saver, but I think location | services is disabled when your phone is in that state, so | Zood wouldn't get any location updates at all. I could be | wrong about that. | | [1] https://github.com/zood/oscar | rasengan wrote: | This is a hell of an idea and very important. I have a question | though - by enabling location sharing on device, is the | location not being leaked to Apple and Google regardless? | | Either way, awesome idea and love to see what you're doing. | apayan wrote: | Thanks for the supportive words rasengan. :) | | My current understanding is that location data is not leaked | to Google or Apple by just enabling location services (I'm | always happy to be proven wrong :-) ). | | In the case of Google/Android, they make it very easy to | unknowingly opt-in to sharing your data with them, but it's | not too hard to double check that and disable+delete the data | it if was on [1]. | | I know there has been much news about Google providing police | with a list of devices near the time and location of a crime, | and I believe that data is coming from the Location History | feature of Google accounts. But that's something that can be | turned off. | | Apple more explicitly requests the data via app permissions | on your iPhone, so it basically comes down to what Apple apps | to which you've given location permission [3]. | | [1] https://support.google.com/accounts/answer/3467281 [2] | https://support.google.com/accounts/answer/3118687 [3] | https://support.apple.com/en-us/HT203033 | StavrosK wrote: | It is, to get back coordinates you have to use Google's | location API, which tells Google where you are. That's why | the actual app doesn't matter to me (a privacy advocate) | because no matter how private your app is, Google will | always have my location. | | Nowadays I just keep the GPS off unless I need to use Maps, | hopefully that does something. | dzelzs wrote: | I would pay for something like that, if i could integrate it with | my Matrix homeserver. One of the features that is lacking, and | for exactly the reason (atleast AFAIK) that private location | sharing doesn't exist. | apayan wrote: | > _if i could integrate it with my Matrix homeserver_ | | Could you describe in more detail what kind of integration | you're considering? Would you just want to be able to see your | friend's location published in a channel as they move? | jackpea wrote: | Would love to see an RSS feed for the blog | apayan wrote: | So would I. :-) | | It's on my TODO list. | thoughtfunction wrote: | I'm glad that other people are thinking of making 'the privacy | company', it's something that has been itching at the back of | mind to do too, along with research into what is currently | around: | | * https://thoughtfunction.com/2020/05/my-e2ee-apps/ | | * https://thoughtfunction.com/2020/05/e2ee-note-taking-app-res... | | * https://thoughtfunction.com/2019/10/why-mylio/ | tobib wrote: | Love the idea, it's exactly what we need. I go on long walks and | I'd like my partner to know where I am so she knows when I'll be | home or to surprise me along the route. | | So far we've always shared via Whatsapp which recently stopped | working for some reason. But I also don't want to use Google maps | or Whatsapp for privacy reasons. If you could find a way to make | 100% sure Google won't "intercept" the location and store it | anyway, that would be great. | | I'd use it probably 3-4 times a week. I'd be happy to pay for it | but please don't do the standard 10 bucks a month thing, I won't | even bother then. How about a model based on usage? 10c/hour or | something for the one sharing? (Being shared with could be free). | If I had to commit to a subscription, I'd probably not sign up if | it's more than 2 bucks a month. | digisocialnet wrote: | Interesting idea! The users locations are completely private to | the service? | apayan wrote: | Correct. The servers never see anybody's location. | dividuum wrote: | But the embedded google map (especially when zoomed in or | slowly panning across multiple map tiles) provides an | approximate location to google regardless. Maybe that's | irrelevant, but something to consider. Avoiding this might be | tricky without hosting your own tiles and adding explicit | obfuscation when requesting tiles. | apayan wrote: | You hit the problem right on the head. The only way to | really solve it is to host my own tile server (expensive) | and add some sort of 3rd party proxy service between the | app and the Zood tile server (so Zood could not surveil | your tile loads). | | I'd like to host my own tile server in the future, but it | depends on revenue, which is just not there right now. | | Also, and this is just my opinion, I don't think Google is | trying to surveil people via tile loading patterns. I'm not | saying it's impossible, but there are far easier ways to | surveil users than examining tile loading patterns. So for | the time being, I'm ok using the Google Maps SDK. | | Privacy, like trust, is not binary, but a spectrum. My hope | is that Zood Location can start increasing the amount of | privacy people enjoy in their digital lives, and over time, | the app can be improved to increase that level of privacy. | myself248 wrote: | Very tangentially related, a distributed tile service | could be interesting. I'd love to just download a virtual | appliance, point it at some disk space, and tell it how | much bandwidth to use. Maaaaybe tell it what region to | focus on, if I want to use my own local tile server for | my own local projects because it won't ratelimit me | because I'm me. | | But if I could just do that, and with no further admin | overhead, contribute to some sort of tile-cloud, I'd find | that a lot more meaningful than seeding my favorite | distro's torrents, you know? | novok wrote: | I don't know if openstreetmaps provides a free tile | server, but I could see that as an option for the more | privacy minded. Or to preload a basic map so your not | querying a tile server, and to go even further, preload a | more detailed map like older offline GPS apps. | | In the iOS app you can also add an option to use apple | maps instead too. | myself248 wrote: | You're not supposed to use OSM's free servers in | production, and the options for running your own are | assembly-required to such a degree that I can't even | assess how far beyond my own skills they lie. | some_furry wrote: | I took a quick look at the source code. It's providing end-to-end | encryption with libsodium, using crypto_box [1], | crypto_secretbox[2], and crypto_pwhash for password-based key | derivation [3]. | | The public key model appears to be TOFU [4]. It's doing a | distinct crypto_box per notification [5]. It doesn't use an | authenticated key exchange or offer key rotation or forward | secrecy, but that's probably fine for this use case. Not too long | ago, I wrote a guide to end-to-end encryption [6], and I would | classify the "end-to-end encryption" here as meeting the minimum | definition (data is encrypted between devices, rather than in a | client-server architecture where the server has access to | plaintext), even if it's not suitable for more sensitive threat | models. | | One thing I didn't see was message padding of location data prior | to encryption, to prevent side-channel attacks via ciphertext | length. [7] I don't know if I missed this, or if it was omitted. | | [1] | https://github.com/zood/george/blob/52ddae2b5f65d324e1785c2d... | | [2] | https://github.com/zood/george/blob/52ddae2b5f65d324e1785c2d... | | [3] | https://github.com/zood/george/blob/52ddae2b5f65d324e1785c2d... | | [4] | https://github.com/zood/george/blob/52ddae2b5f65d324e1785c2d... | | [5] | https://github.com/zood/george/blob/52ddae2b5f65d324e1785c2d... | | [6] https://soatok.blog/2020/11/14/going-bark-a-furrys-guide- | to-... | | [7] https://ioactive.com/ssl-traffic-analysis-on-google-maps/ | apayan wrote: | I love the comment! Thank you some_furry. You're a quick code | reader. | | You're correct that it doesn't offer key rotation or forward | secrecy. That's something I definitely want to add (assuming | anybody actually finds this service useful). | | > _One thing I didn 't see was message padding of location data | prior to encryption, to prevent side-channel attacks via | ciphertext length. [7] I don't know if I missed this, or if it | was omitted._ | | You didn't miss it. It's not there. It's something I should | add. | some_furry wrote: | If you're interested in using the X3DH handshake that Signal | specified, I ported a slight variant of it (which uses | libsodium) in TypeScript not too long ago: | | https://github.com/soatok/rawr-x3dh | | There's no low-level crypto code here, just high-level | protocol stitching. This is still something you'd want to | hire experts to review if you built it in Java, of course. | proactivesvcs wrote: | According to Exodus Privacy[1] the app uses Microsoft and Huawei | telemetry/analytics. Are the reports correct? | | I saw the web site has a laudable privacy policy. Do you have a | published privacy policy for the app? | | [1]https://reports.exodus- | privacy.eu.org/en/reports/hr.ersteban... | apayan wrote: | That's not my app. Zood Location has zero analytics or telemtry | [1]. The app id in the link you provided is some banking app | with an id of 'hr.erstebank.george'. | | Zood Location's app id is 'xyz.zood.george'. The only thing | they have in common is the word 'george' in their app | identifier string. | | Zood Location also has a privacy policy. [2] | | [1] https://github.com/zood/george | | [2] https://www.zood.xyz/privacy/mobile-apps | 1996 wrote: | For people who do not care so much about the privacy, you should | consider a "simpler" mode. | | This would also let you work around the network effect: simply | send a text (for people without dataplans but infinite text) or | an email with the GPS coordinates + a link to the google map (or | OSM, or bing maps..) in one click. Not much data required. | | Even better: add a "tracking" mode to automatically send the | coordinates every minute, as an email reply (to create a thread) | which could be useful when you are going to roam the bars and | don't want (or won't be sober enough) to update your friends of | where to meet. | | I would also like GPG encoding: again, to work around the network | effect, GPG encode the email before sending it. Useful for | emailing myself or hacker friends. | | I would seriously pay for that, especially with the option to run | the AGPL backend on my own server (the client should have a field | to optionally select another server) ___________________________________________________________________ (page generated 2020-12-08 23:01 UTC)