External Publication
Visit Post

Which live location sharing service is recommended?

Privacy Guides Community [Unofficial] June 24, 2026
Source
Sorry, let me amend my comments on Paralino, reading a bit more: * Don’t love the server-side storage of the identity key (though it’s encrypted via Argon2(password). Users often pick weak passwords! This is obviously designed to allow users to change devices without transferring keys locally between phones (or recover if they lose their phone) but it introduces a real weakness. * I think there’s no post-compromise security for identity keys? They don’t seem to rotate. That seems to make the first bullet worse. * It does not seem to hide group/user identities, so the server can see the social graph–just not message contents (i.e. location). So I think the problems here are: 1. Metadata (the social graph) leaks to the server. It’s fair to say that Grid and Where’s metadata hiding is sort of best effort–timing and IP addresses still can enable an adversary to figure out who is sharing with whom–but Paralino doesn’t have it at all. 2. The user identity is tied to a static key derived from the password. If an adversary compromises the server and brute forces the identity key derivation, future location sharing is (I think) vulnerable, and I think this is true even if the user changes their password due to this. Honestly, nobody is likely to be brute forcing your location sharing, so I think the above is just me being a nerd, but worth keeping in mind.

Discussion in the ATmosphere

Loading comments...