The PiLc philosophy

Everyone's worried about privacy online, and with good reason. Everything we do on the Internet is leaving a cybertrail that can be tracked, collected, collated, analysed, shared, sold and stolen by big advertising companies and government agencies. Some say we've reached a point where privacy has become an obsolete idea and we should just deal with it, because if we have nothing to hide we shouldn't be bothered with our personal data being exploited in so many ways.

Our defense of choice against this unregulated power that is used and abused every day against unsuspecting Internet users is to use strong end-to-end encryption techniques to ensure and guarantee our users that the data they are sharing is only seen by their chosen recipients and absolutely no one else, not even us.

We stronly believe that real-time location is a very sensitive information that should never be made available to anyone that is not extremely trusted, and that existing location sharing platforms simply don't provide the necessary privacy guarantees.


With PiLc, you can safely share your real-time location with your friends, and no one else.

One of our goals was to provide a simple and straightforward user interface that hides effectively all the complex operations needed to establish cryptographically secure communication channels. As a result, PiLc works just like any other sharing application and does all the critical key generations and exchanges in the background without bothering you with the technical stuff.

On the main PiLc screen, you have access to a general view of your friends locations. The PiLc app also uses your own mobile device GPS and compass (if available) to determine their distance and heading in real time.

A tap on a friend opens the map interface where you can visually locate and track them. A long press opens the friend dialog to manage your sharing preferences.

PiLc optionally uses a third party reverse geocoding service to provide a real street address instead of raw GPS coordinates to your friends. This of course could leak potentially sensitive data to the geocoding service provider (Google on Android) and that is why our default settings is to have it disabled.

Battery usage is often a problem for location tracking mobile applications, and PiLc does everything possible to consume as little power as possible, fetching location when other foreground apps ask for it and keeping the GPS on time to a strict minimum.

Technical details

PiLc uses end-to-end encryption to ensure that your location data is only made available to whom you publish it for. We accomplish this by storing decryption keys on users mobile devices and nowhere else, so even the PiLc servers never store decrypted data nor decryption keys.

When you first run the app and create a PiLc account, your device generates a pair of 256-bit ECC keys and sends the public key to our servers. The private key is stored on the mobile device, encrypted using AES and a 256-bit key derived from your password using the PBKDF2-HMAC-SHA256 algorithm.

Once you have registered, your device sends periodic location updates to the PiLc servers over HTTPS. For every location update, your device generates a new ephemeral random 128-bit AES key and uses it to encrypt your location data. The ephemeral key is then published to each of your friends with whom you want to share using the ECDH key agreement algorithm. In order to prevent MITM type attacks, every public key your device fetches from the PiLc servers is authenticated using 256-bit ECDSA.

The PiLc app and servers do not record any location history and only store your latest encrypted real time location. Password authentication on our servers is done with multiple iterations of salted Bcrypt.

Our app is available for the Android operating system at the moment, and we'll be working soon on ports to iOS and Windows Phone.