location tracking

10 Articles

Broadcasting GPS On The Local Network To Help Geoclue Find You

May 8, 2026 by 5 Comments

Rather than having users go through the inconvenience of having to punch in their current location, an increasing number of applications and websites use location services that can pin-point the current location of a user to within a certain number of meters or kilometers.

Unfortunately, [Evert Pot] found that with the demise of the Mozilla Location Service (MLS) in 2024, accuracy of the Linux Geoclue service had dropped to a resolution of about 25 km. Since a LAN tends to not move around a lot, this seemed like the perfect time to help Geoclue out with a local GPS server.

All that Geoclue looks for on the LAN is an mDNS service identifying as _nmea-0183._tcp that responds with the GPS coordinates as network packets containing an ASCII payload encoded using the NMEA 0183 standard. With this knowledge [Evert] was then able to quickly put together a Python-based server that simply blasts the static GPS coordinates of the LAN in question.

With the service running, Gnome Maps and Firefox with Google Maps both displayed the right location down to the house, as can be seen in the screenshots. With the same LAN service and a Mac system there was no such luck with Apple Maps unless Location Services was turned off, though presumably Apple uses its own equivalent to MLS.

A screenshot of the drone monitoring application, showing spoofed drones and their coordinates

Can’t Disable DJI Drone ID? Spoof It With An ESP!

March 4, 2024 by 20 Comments

We have been alerted to a fun tool, a DJI DroneID spoofer software for ESP8266/ESP32 and some other popular MCUs. Last year, we’ve told you about DJI DroneID — a technology DJI added to their drones, which broadcasts data including the drone operator’s GPS position, which, in turn, appears to have resulted in Ukrainian casualties in the Ukraine war. The announcement tweet states that DJI has added mechanisms from downgrading firmware. Hence, the spoofer.

There’s no other hardware needed, well other than an ESP8266 or ESP32 devboard, anyway. After the break you can find a video tutorial from [Joshua Bardwell] that shows you how to upload the code using Arduino IDE, and even going through coordinate tweaks. If you ever reminisced about the concept of throwies and were wondering what kind of useful, well, there’s your answer: clone the Git repo, compile it, program some interesting coordinates in, and witness the imaginary drones fly.

All in all, we get a lovely addition to our shenanigan toolkits. Surely, someone could use a neural network to distinguish real drones from fake ones, but it’s nothing that can’t be solved with a bit of code. Looking for a less daring hack? Well, you can always add some automation to your DJI drone by poking at the RGB LED signals.

Continue reading “Can’t Disable DJI Drone ID? Spoof It With An ESP!”

Screenshot of the SDR software in action, with decoded data in a terminal, and a map that shows the location received from the decoded data

Loudmouth DJI Drones Tell Everyone Where You Are

March 26, 2023 by 42 Comments

Back when commercial quadcopters started appearing in the news on the regular, public safety was a talking point. How, for example, do we keep them away from airports? Well, large drone companies didn’t want the negative PR, so some voluntarily added geofencing and tracking mechanisms to their own drones.

When it comes to DJI, one such mechanism is DroneID: a beacon on the drone itself, sending out a trove of data, including its operator’s GPS location. DJI also, of course, sells the Aeroscope device that receives and decodes DroneID data, declared to be for government use. As it often is with privacy-compromising technology, turns out it’s been a bigger compromise than we expected.

Questions started popping up last year, as off-the-shelf quadcopters (including those made by DJI) started to play a part in the Russo-Ukrainian War. It didn’t take long for Ukrainian forces to notice that launching a DJI drone led to its operators being swiftly attacked, and intel was that Russia got some Aeroscopes from Syria. DJI’s response was that their products were not meant to be used this way, and shortly thereafter cut sales to both Russia and Ukraine.

But security researchers have recently discovered the situation was actually worse than we expected. Back in 2022, DJI claimed that the DroneID data was encrypted, but [Kevin Finisterre]’s research proved that to be a lie — with the company finally admitting to it after Verge pushed them on the question. It wouldn’t even be hard to implement a worse-than-nothing encryption that holds up mathematically. However, it seems, DroneID doesn’t even try: here’s a GitHub repository with a DroneID decoder you can use if you have an SDR dongle.

Sadly, the days of companies like DJI standing up against the anti-copter talking points seem to be over, Now they’re setting an example on how devices can subvert their owners’ privacy without reservation. Looks like it’s up to hackers on the frontlines to learn how to excise DroneID, just like we’ve done with the un-nuanced RF power limitations, or the DJI battery DRM, or transplanting firmware between hardware-identical DJI flight controller models.

Continue reading “Loudmouth DJI Drones Tell Everyone Where You Are”

Tracking Your Run Over The Long Haul

October 9, 2020 by 5 Comments

The rise of smartphone and smartwatch fitness tracking has been an absolute boon for anyone interested in tracking their runs. However, it all falls short when you need a custom feature and start getting into serious long distance running, as most smartphone batteries simply won’t last. While there are devices out there for the ultra-running enthusiast, [Ivor Hewitt] decided he wasn’t willing to pay a monthly subscription for the pricy trackers or deal with the hassle of the generic cheap versions, and decided to roll his own.

The key pieces of this project are the A9G GPS module and the RDA8955 GRS/GPRS module. They’re both incredibly small and power efficient, perfect for a project that needs to be worn on your person with a long battery life. As an added bonus, the RDA8955 also includes a SoC that’s user-programmable. After battling the lackluster documentation and tooling, [Ivor] managed to get some software running on his new system. A power bug on the A9G GPS module was potentially show stopping, but thanks to some help by folks in the community, it was diagnosed and solved.

Further additions included adding a proper charging circuit (TP4056) and a beefy 2600 mAh battery scavenged from a Sony smartphone, giving the compact system around 38 hours of active battery life. An OLED screen was added to show upcoming aid stations and overall system status, driven by a custom display library. A snazzy translucent case makes the whole device slim and easy to carry. Now at the end of a long race or training session, [Ivor] has a wealth of tracked points that has already been uploaded to his own tracking website and a fully charged phone.

Next time you’re looking for a small compact GPS tracker or cellular logger take a look at this project’s code on GitHub or the A9G and RDA8955 modules.

Thanks [Ivor] for sending this one in!

Geofence Warrant Sends Bicyclist’s Privacy Over The Handlebars

March 25, 2020 by 98 Comments

About a year ago, Zachary McCoy took a bike ride around his neighborhood in Gainesville, Florida. It may have been forgettable to him, but not to history. Because McCoy used an app to track his mileage, the route was forever etched in the Google-verse and attached to his name.

On the day of this ill-fated bike ride, McCoy passed a certain neighbor’s house three times. While this normally wouldn’t raise alarm, the neighbor happened to be the victim of a burglary that day, and had thousands of dollars worth of jewelry stolen. The Gainesville police had zero leads after a four-day investigation, so they went to the county to get a geofence warrant. Thanks to all the location data McCoy had willingly generated, he became the prime suspect.

Continue reading “Geofence Warrant Sends Bicyclist’s Privacy Over The Handlebars”

The Heat Of The Moments – Location Visualization In Python

December 5, 2019 by 7 Comments

Have you ever taken a look at all the information that Google has collected about you over all these years? That is, of course, assuming you have a Google account, but that’s quite a given if you own an Android device and have privacy concerns overruled by convenience. And considering that GPS is a pretty standard smartphone feature nowadays, you shouldn’t be surprised that your entire location history is very likely part of the collected data as well. So unless you opted out from an everchanging settings labyrinth in the past, it’s too late now, that data exists — period. Well, we might as well use it for our own benefit then and visualize what we’ve got there.

Location data naturally screams for maps as visualization method, and [luka1199] thought what would be better than an interactive Geo Heatmap written in Python, showing all the hotspots of your life. Built around the Folium library, the script reads the JSON dump of your location history that you can request from Google’s Takeout service, and overlays the resulting heatmap on the OpenStreetMap world map, ready for you to explore in your browser. Being Python, that’s pretty much all there is, which makes [Luka]’s script also a good starting point to play around with Folium and map visualization yourself.

While simply just looking at the map and remembering the places your life has taken you to can be fun on its own, you might also realize some time optimization potential in alternative route plannings, or use it to turn your last road trip route into an art piece. Just, whatever you do, be careful that you don’t accidentally leak the location of some secret military facilities.

[via r/dataisbeautiful]

Track Wi-Fi Devices In Your Home

December 25, 2016 by 31 Comments

How do you audit your home Wi-Fi network? Perhaps you log into your router and have a look at the connected devices. Sometimes you’ll find an unexpected guest, but a bit of detective work will usually lead you to the younger nephew’s game console or that forgotten ESP8266 on your bench.

Wouldn’t it be useful if your router could tell you where all the devices connected to it are? If you are [Zack Scholl], you can do all this and more, for his FIND-LF system logs Wi-Fi probe requests from all Wi-Fi devices within its range even if they are not connected, and triangulates their position from their relative signal strengths across several sniffing receivers. These receivers are a network of Raspberry Pis with their own FIND-LF server, and any probe requests they pick up are forwarded to [Zack]’s FIND server (another of his projects) which does the work of collating the locations of devices.

It’s an impressive piece of work, though with a Raspberry Pi at each receiver it could get a little pricey. [Zack] has done other work in this field aside from the two projects mentioned here, his other work includes an implementation of the [Harry Potter] Marauder’s Map.

This is by no means the only indoor location system we’ve seen over the years. One that uses ESP8266 modules for example, or this commercial product that is similar to the project shown here.