Hi there,
recently there has been a post here about Colota and thought you might be interested in a short summary about Colota.
I am tracking my position since several years now mainly with Owntracks (and now Colota) and a simple postgres DB/table.
I am a fan of the indieweb and eat what you cook and with already some million location points collected I recognized some pattern in existing GPS trackers I wasn’t happy about:
- Battery consumption
- Duplicate points while staying in the same location for a long time
So I decided to build my own GPS tracker and called it Custom Location Tracker.
Improved battery consumption should come from disabling GPS entirely in so called “geofences” which are basically circles you draw on a map in the app. With GPS disabled in these you also won’t get duplicate points while staying at e.g. home or work.
The app is still quite new (actively developed since early 2026) but has already quite a lot of features which basically all came from user feedback. E.g.:
- Automatic Tracking profiles which apply different tracking settings while e.g. being connected to Android Auto, moving slower than 6km/h or while the phone is currently charging.
- The app works fully offline (map will not be visible then) but you can predownload map tiles from a tile server I selfhost or use your own tile server.
- You can define how locations are synced to your backend. E.g. only for a specific Wi-Fi SSID every 15min, once a day or with every location update.
Overall the app’s focus should move to be a mobile location history app. So basically Google Timeline in a mobile app which also supports selfhosted backends (as backup).
The app is fully open-source AGPL-3.0, has no ads, analytics or telemetry and only sends data to your own server (if you want to).
You can download two versions.
- Google Play store which uses Fused Location Provider and therefore uses Google APIs. Also works with the sandboxed version by GrapheneOS and microG.
- FOSS version which uses Android’s native GPS provider with a network location fallback. Available on IzzyOnDroid and hopefully someday on F-droid.
Both can be also downloaded directly from the repo.
It’s not that I don’t want. I can’t implement it because I don’t offer a server. You would have to address this to the backend developers (Dawarich, GeoPulse or even yourself) who actually store the data.
I am understanding your point, but apparently you are not understanding mine which is the actual use case of the app and it’s workflows and therefore make it look like it would miss basic security patterns. The whole “location history” ecosystem stores plaintext coordinates.
You don’t have to. You just have the app encrypt the data before it’s backed up and exported.
I understand the usecase but you’re acting like you don’t understand the purpose of encryption, for some reason suggesting that it’s supposed to prevent hacking, when that is not at all what it does.
I already explained several times why that’s not realistic for the selfhosted backends.
You could have just written at the beginning that you think it would be a good idea to implement (optional) encrypted backups Independent of the selfhosted backends. Then I would have answered, great idea!
But you continued to reply on a thread about end to end encryption where I specifically mentioned the selfhosted backends.
Have a good day!
You haven’t. You’ve only explained why you don’t want to do it, which is fair, but you keep presenting as if it’s not possible, which is not accurate. Lots of apps can and do create encrypted backups.
New day, new answer!
You started this conversation in a thread about E2E encryption and I responded in that context. Halfway through you shifted to encrypted local backups which you first called ‘single-party encryption’ and that’s a completely different thing. If that had been your original point we could have skipped this entire exchange. It’s a good idea which I already mentioned in the answer you replied to but you seem to have missed.
To clarify two things: I never said it was impossible. I said it wasn’t realistic in the context of the selfhosted backends we were discussing. Those are different statements. And yes, lots of apps do encrypted backups because they are backup apps. Colota isn’t. The existing export is for tools like QGIS or selfhosted backends and encrypting that data would break that use case entirely.
Encrypted import/export for backup is a separate feature that doesn’t exist yet, so there’s nothing here that’s badly implemented. It simply isn’t implemented at all.
I never shifted anything. I was talking about encrypted backups on a server. These can be encrypted locally before being synced to a server.
Nope, you literally just made that up. I didn’t say that and I don’t even know what that means.
…but it is.
My suggestion was that it could be…
You already have local backups that could be encrypted and then synced to a general storage server.
I said literally nothing about your implementation. You’re imagining things. Please read more attentively.
You entered a thread explicitly about E2E encryption started by ShortN0te and introduced “single-party encryption” or which later turned out to mean encrypted backups.
You wrote ‘I would prefer single-party encryption vs. integration, personally’ in this exact thread. That’s not something I made up.
I’d genuinely like to understand how.
This app has a specific purpose. It could have a encrypted backup feature but it won’t change it’s fundamental purpose which is viewing the location history.
The exported files are not designed as backups (even though they are being used as ones by existing users). They’re meant to be workable in other tools like QGIS, Strava or Komoot. Encrypting them would break that entirely.
Fair point. I misinterpreted that. No need to get personal.