For a long time, I've wanted a way to do realtime family/friend location sharing with e2ee.

So I finally built one!

Some details:

- The protocol uses a Signal-style double-ratchet (though with some differences) for PFS/PCS (but no PQ, a la SPQR)

- For simplicity and privacy, there's no persistent user identifier--just sessions. If you lose your phone, you and your friends have to re-pair.

- Message sharing uses ephemeral "mailbox tokens" to make social network/metadata analysis difficult.

Technical details here: https://where.af0.net/technical. Github here: https://github.com/danmarg/where.

Thrilled to get feedback!