Feature Request: Encrypted Points Data

[hopeseekr]

The Situation

People's location data is valuable and should be private.

Dawarich stores data in a completely unencrypted format, such as:

United Arab Emirates	2024-12-01 19:20:12.370586	2024-12-01 20:03:28.582531	1	
{"type": "Feature", "geometry": {"type": "Point", "coordinates": [55.174643658152675, 25.0966512]}, 
"properties": {"name": "API Tower", "type": "house", 
"state": "Dubai", "extent": [55.1743786, 25.0970047, 55.1749555, 25.0964011], "osm_id": 532793720, "street": "Al Fosool Street", 
"country": "United Arab Emirates", "osm_key": "building", 
"district": "Al Thanyah 1", 
"locality": "Dubai Media City 2", 
"osm_type": "W", "osm_value": "apartments", 
"countrycode": "AE"}}	\N

The New Situation / Era

Since the complete destruction of Google Timeline for Desktop in early December 2024, there is massive demand for an alternative. After sampling -every- alternative I could find, Dawarich is the most well-polished and ready for mass adoption.

The problem is that the data is completely unencrypted, meaning that people cannot share the same server unless there is a huge degree of trust in the site operator. It also exposes the site operator to direct legal liability in teh case of law enforcement.

The Solution (1): Ruby Encryption

Encrypt point data via Ruby. Hopefully it isn't a total resource killer. I'm hoping it only adds 10% latency to the existing app. If it kills it, perhaps a refactor is needed?

Eventually, need to encrypt all sensitive data, like trips, visits, places, etc.

The cypher should be the user's password. If it's a weak password, no problem, it's their data and their security concerns. Don't worry about it.

The Solution (2): PostgreSQL column-level encryption

I don't think this can be per-user, but if at all possible, set it in a way that the site admin cannot reasonably -know- what the password is (make them hunt for it). Then the onus will be on them to be ethical, but it's still a good compromise.

The Fallback (3): Separate hosts per instance

This is what I'm doing now. Have the owner pay for the site and maintain their own data. Warn them that the data is wholly unencrypted and that it opens them up for exposure.

The major pain point is that the user has to have a high level of technical sophistication that we, developers, don't even consider. For instance, both SSH and WinSCP have to be installed and setup, and this is a huge burden for 99% of the people.

I have created an automated installer, but this still doesn't help people who can't setup SSH... These are most of the people affected by Google Timeline disappearing, too :-/

Can be commissioned work in 2025.

My corporation, PHP Experts, Inc., is willing to donate to any crowdsourcing fundraiser you setup to help fund this endeavor. I personally don't know Ruby, or otherwise, I'd volunteer coding, too.

[Freika]

This is a good idea, and I'm thinking about it every now and then, and I'm sure at some point it will be implemented, but I can't provide any estimates

[hopeseekr]

Well, you closed the ticket, so it's probably going to be forgotten.

Your project is the only solution for thousands of people now. You have an increased ethical obligation to implement encryption so that this can become a SaaS without compromising user's location history data.

Believe me. Unscrupulous people would create the SaaS without worrying about it. And the sociopathic would create the SaaS on purpose just to mine the data, as Google did.