Task #4400

audit OpenStreetMap location sharing

Added by hans about 3 years ago. Updated almost 3 years ago.

Status:In ProgressStart date:01/14/2015
Priority:NormalDue date:
Assignee:hans% Done:


Target version:-


OpenStreetMap provides solid HTTPS support, a locally parsable shortlink format, as well as being free software. Also, it does not have a business model related to selling user data, so they have less incentive to track users. These all are a good starting place. So I looked into privacy issues related to sharing location, here are two bug reports I filed:

Related issues

Related to Panic - Task #3839: Quarter 2 (NOV-JAN) New 11/01/2014 01/15/2015
Related to Panic - Feature #4440: privacy-preserving maps API New 01/23/2015


#1 Updated by hans almost 3 years ago

Here is an example of the shortest shortlink:

The osm.org domain name is on a server with HTTPS setup, but the osm.org name is not yet included in the HTTPS certificate [1]

You can get pretty short using a domain name supported by HTTPS:

#2 Updated by n8fr8 almost 3 years ago

Are you going to be assessing dev library projects like https://github.com/osmdroid/osmdroid as part of this?

#3 Updated by hans almost 3 years ago

osmdroid does sound interesting. But I'm already feeling like I spent too much time on this whole question already. My goal was to figure out a full stack for handling location in panic messages, everything from sending to receiving to viewing. Right now, I'm thinking the stack on the receiving side is Osmand, since it is the only map app that I can find that can download whole regions rather than tiles, since downloading tiles leaks what area you are interested in to a pretty fine accuracy. It is also one of the few that works well fully offline, and the only actively developed free software map app I could find.

Back to the question of osmdroid, I think a better approach would be to make a direct API to get tiles from Osmand. That would then happen entirely on the device, and would leak no data to the network. I don't think that API exists though.

Also available in: Atom PDF