Thank you, really appreciate it! Glad to hear Colota is working well with Dawarich for you so far. Feedback and criticism are always welcome. Most of it has led to real improvements in the app. I think a casual forum thread is probably just not the best setting for deep technical discussions, where context shifts quickly, everyone has a different background and nuance gets lost.

Thanks for the kind words! Vehicle/trip categories (car, bike, train, walk) + per-vehicle tracking is a great idea and fits well with the profile concept. Personally, I also want to skip other (activity) tracking apps which is the reason I also would love to have these features. Added the feature requests to the backlog. Thanks for taking your time trying out the app and giving feedback!

I never shifted anything. I was talking about encrypted backups on a server. These can be encrypted locally before being synced to a server.

You entered a thread explicitly about E2E encryption started by ShortN0te and introduced "single-party encryption" or which later turned out to mean encrypted backups.

Nope, you literally just made that up. I didn’t say that and I don’t even know what that means.
"I would prefer single-party encryption vs. integration, personally. Could make it optional."

You wrote 'I would prefer single-party encryption vs. integration, personally' in this exact thread. That's not something I made up.

…but it is.

I'd genuinely like to understand how.

My suggestion was that it could be…

This app has a specific purpose. It could have a encrypted backup feature but it won't change it's fundamental purpose which is viewing the location history.

You already have local backups that could be encrypted and then synced to a general storage server.

The exported files are not designed as backups (even though they are being used as ones by existing users). They're meant to be workable in other tools like QGIS, Strava or Komoot. Encrypting them would break that entirely.

I said literally nothing about your implementation. You’re imagining things. Please read more attentively

Fair point. I misinterpreted that. No need to get personal.

New day, new answer!

You started this conversation in a thread about E2E encryption and I responded in that context. Halfway through you shifted to encrypted local backups which you first called 'single-party encryption' and that's a completely different thing. If that had been your original point we could have skipped this entire exchange. It's a good idea which I already mentioned in the answer you replied to but you seem to have missed.

To clarify two things: I never said it was impossible. I said it wasn't realistic in the context of the selfhosted backends we were discussing. Those are different statements. And yes, lots of apps do encrypted backups because they are backup apps. Colota isn't. The existing export is for tools like QGIS or selfhosted backends and encrypting that data would break that use case entirely.

Encrypted import/export for backup is a separate feature that doesn't exist yet, so there's nothing here that's badly implemented. It simply isn't implemented at all.

By default this applications allows when adding a server, that the communication is not encrypted between the app and the server. This should be configured by default to enforce TLS encryption.

That's not true. For public endpoints, HTTPS is enforced. You can't use HTTP. For private IPs, yes HTTP is allowed. So "by default... not encrypted" is not correct and misleading.

So, where’s your VPS? In EU?

It's a VPS hosted by netcup in germany (https://maps.mxd.codes/)

Which refers to a Home Assistant template that doesn’t exist on the app?

Yes, you are right. I have to update the docs there. I removed the HA template because it basically just added the tid which I think is quite easy to add manually.

FusedLocationProvider (GMS version) is generally better for most users. It combines GPS, WiFi, cell tower and sensor data for faster GPS fixes and better battery efficiency. The FOSS version uses raw LocationManager with GPS as primary and network as fallback. It works but GPS fixes can be slower, especially indoors. But if avoiding (sandboxed) Play Services is a priority, the FOSS version works fine too.

No I understood the server is self-hosted…?

Colota is client-only. There is no Colota server software. When you add a server endpoint in the settings, you're pointing it at your own existing server (Dawarich, Home Assistant, Traccar or any HTTP endpoint). Colota doesn't provide or require any server component. It just sends data where you tell it to.

I see that but this should be an automatic backup process. Plus there’s no way I can see to IMPORT that data somewhere else. When I use an app like Fitotrack, it automatically makes a backup file periodically and then is automatically backed up to my server with Nextcloud or Syncthing. I don’t need a dedicated server for it.

Colota actually has automatic file export (Settings > Export Data > Auto-Export) that periodically exports to a directory on your device. From there Syncthing/Nextcloud can pick it up. Import is not yet available but is planned. There is no dedicated server needed and also not offered to setup. However you can create a webhook on your own server for the app if you want to. See e.g. https://colota.app/docs/integrations/custom-backend.

How can it do that when it didn’t ask me for an SSID? And what’s the point of the geofence if it doesn’t even use it anyway? I am cornfuse.

WiFi pause doesn't use a specific SSID. It detects any unmetered network (WiFi/Ethernet) while you're inside a geofence zone. The geofence defines where the pause should happen, the WiFi connection confirms you're settled there and is used to detect when you leave it. Without the geofence, any WiFi connection would pause tracking everywhere.

How is motion recognized without GPS?

Motion detection uses the device's hardware motion sensor (if available). It's a low-power sensor that fires when physical movement is detected.

If the target server is compromised or taken by LEA the data is gone.

That's true for any client that sends data to a server including your browser, email client or any other app. Colota doesn't operate a server. If you're concerned about server compromise, that's a server-side hardening question (disk encryption, access controls, etc.) that's outside the scope of a client app.

Laying the responsibility into the hands of the user is not ok for such an data aggregating service. Such highly critical, private and intime data should be protected and secure by default.

Colota is not a data aggregating service. It's a local-first app. By default, no data leaves your device. You choose if and where to send it. That's the opposite of aggregation. It's the user being in full control, which is exactly what self-hosted software is for.

Not even transport encryption is enforced in the project. At first glance, http is allowed on local connections?!? Generate a self signed SSL cert on start and pin it in the app. Easy.

It is. HTTPS is enforced for all public endpoints. HTTP is only allowed for private/RFC1918 addresses. Forcing TLS on 192.168.x.x would require every self-hoster to set up certificates for their LAN, which is a real barrier for the target audience. Colota already supports self-signed certificates if you install the CA on your device.

It is no excuse that other services do not follow these state of the art protection measures.

I didn't say that as an excuse. I explained why a client app that supports multiple independent backends can't enforce payload encryption. Each backend would need to implement the same decryption. That's a technical reality, not a lack of care about security.

Also again, a server is optional. It works offline and you can just export files with the data from the app.

Probably phrased that wrong. There is no backup server. Users can create and add one if they like.

Colota offers out of the box file export (csv,geojson, gpx and kml) and supports hive_partitioning via variables in the endpoint (https://colota.app/docs/configuration/server-settings#url-variables).

Colota already uses WiFi for home detection (WiFi pause in geofence zones) and Android Auto/car mode for vehicle profiles.

How can it tell when you leave the geofence if the GPS is off?

GPS is only turned off by being connected to a WiFi or being motionless (or both) while being in a geozone. When wifi disconnects or/and motion is recognized the GPS starts again.

Bluetooth detection is the one thing that doesn't exist. It could be a useful addition. I will note that. Thank you for the feedback!

I also agree with you both that location data is definitely personal data that should be protected. However, Colota stores data only on your own device and it's never sent anywhere unless you configure a server and that server is out of Colota's reach. End-To-End-Encryption doesn't apply here since Colota is just one endpoint sending to the user's own server. There's no third party to encrypt against.

Colota is also meant to be an app which supports several "Google Timeline" alternatives like Dawarich, Reitti, Geopulse, etc. All these backends would have to support the same decryption which Colota offers, which is not realistic. You can also specify that data is only sent via an active VPN connection or just use it offline and use the built in file export as e.g. geojson.

Also Colota is a free and open source project. You can review the full source code to verify how your data is handled.

All location data is stored locally on device in a (unecrypted) SQLite DB. Auth headers (Bearer tokens, Basic auth) are stored using Android's EncryptedSharedPreferences. HTTPS is enforced for all public endpoints. HTTP is only allowed for private/local network addresses (192.168.x.x, etc.) for self-hosted setups. For a app where the user controls both endpoints, I think that's a reasonable tradeoff (https://colota.app/privacy-policy/). Probably makes sense to also mention that in a separate page in the docs for easier overview. Thank you for the question.