Appearance
flock.spot - Privacy-First Family Location Sharing
Target Launch: February 2025 Status: App functional, background location blocker being worked on
Tagline: "Your family. Your location. Nobody else."
Problem
Life360 dominates family location sharing (80M+ users) but sells precise location data — including children's locations — to data brokers. Lawsuits, breaches, and a business model built on monetizing family movements.
Parents face impossible choice: sacrifice privacy for peace of mind, or go without.
Solution
Family location app with end-to-end encryption using Nostr protocol (NIP-44, audited by Cure53). We literally cannot see where your family is — only family members hold the decryption keys.
No ads. No data selling. No central database to breach.
Target Users
- Privacy-conscious parents (30-50) with kids aged 8-18
- Families with elderly members needing monitoring
- Close friend groups wanting private sharing
- People who read privacy policies and care
Current State (from repo)
Working:
- ✅ Expo (React Native) mobile app
- ✅ Nostr protocol integration with nostr-tools
- ✅ NIP-44 end-to-end encryption
- ✅ User identity (personal Nostr keypair in SecureStore)
- ✅ Flock identity (shared group secret for encryption)
- ✅ Live location sharing on map (MapLibre)
- ✅ Family circles (create, join, invite)
- ✅ Password-protected invite codes (v2 format)
- ✅ DM invites with NIP-17 gift wrapping
- ✅ Tamagui UI framework with dark/light themes
- ✅ Self-hosted strfry relay with whitelist
- ✅ Subscription sync service (Apple/Google IAP)
- ✅ Landing page (landing/)
- ✅ Security fixes applied (Jan 2025)
- ✅ Foreground location sharing
The Blocker - Background Location:
- ❌ Background location when app force-quit (iOS)
- Current:
Location.startLocationUpdatesAsync()- stops if force-quit - Needed:
Location.startGeofencingAsync()- rolling geofence approach - Life360's approach: 500m+ geofence → exit triggers relaunch → new geofence
- Trade-off: Less accurate (100-500m) but survives force-quit
- Status: Paul actively working on this
Pending for launch:
- [ ] Background location solution (blocker)
- [ ] Security hardening (see below)
- [ ] App Store / Play Store submission
- [ ] Production relay deployment
Architecture
┌─────────────────────────────────────────────────────────────────┐
│ Mobile App (Expo/React Native) │
│ • User keypair (SecureStore) • Flock shared secret │
│ • NIP-44 encryption before sending • MapLibre rendering │
└─────────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────┐
│ Caddy (reverse proxy) │
│ relay.flock.spot → strfry:7777 api.flock.spot → sync:3000 │
└─────────────────────────────────────────────────────────────────┘
│ │
▼ ▼
┌─────────────┐ ┌─────────────┐
│ strfry │ │ sync │──► SQLite
│ (relay) │◄── whitelist.lua ──│ (service) │
└─────────────┘ └─────────────┘Cryptographic Model (Two-Key):
- User Identity: Personal Nostr keypair, signs all events
- Flock Identity: Shared group secret for NIP-44 encryption
Relays see encrypted blobs, not locations. Even relay operators can't see family locations.
Tech Stack
| Layer | Technology |
|---|---|
| Mobile | Expo (React Native) |
| UI | Tamagui ("warm minimalism") |
| Maps | MapLibre React Native |
| Protocol | Nostr (decentralized) |
| Encryption | NIP-44 (ChaCha20 + HMAC-SHA256, Cure53 audited) |
| Relay | strfry (self-hosted) + Caddy |
| Sync Service | Node.js + SQLite |
| Payments | Stripe (US external), App Store/Play Store (RoW) |
Infrastructure cost: ~€10/month for 5,000+ families
Revenue Model
€4.99/month or €49/year per family (unlimited members)
No free tier with ads. Business model is subscriptions, not data.
US customers: External checkout (0% Apple commission post-April 2025 ruling) Rest of world: App Store / Play Store
Business Projections
| Milestone | Target |
|---|---|
| Month 3 | 1,000 paying families |
| Month 6 | 5,000 paying families |
| Month 12 | 20,000 paying families |
| Year 1 ARR | ~€1M |
Competitive Positioning
| Life360 | flock.spot | |
|---|---|---|
| End-to-end encrypted | ❌ | ✅ |
| Can see your location | ✅ They can | ❌ Only family |
| Sells data | ✅ To data brokers | ❌ Never |
| Central database | ✅ Breach target | ❌ Decentralized |
| Price | €8-25/mo | €4.99/mo |
Security Status
Completed (Jan 2025):
- ✅ Password-protected invite codes (NIP-44)
- ✅ DM invites with NIP-17 gift wrapping
- ✅ Memory leak fix in DM polling
- ✅ Race condition fix in relay reconnect
- ✅ Storage health tracking
Pending (from SECURITY_TODO.md):
- [ ] Rate limiting on /register (High)
- [ ] Auth token for /update-pubkeys (High)
- [ ] Apple JWS full verification (Medium)
- [ ] Google Pub/Sub verification (Medium)
- [ ] Request body size limit (Medium)
MVP Features
| Feature | Status |
|---|---|
| Live location | ✅ Working |
| Private circles | ✅ Working |
| Place alerts | ❌ Not started |
| Location history | ❌ Not started |
| SOS button | ❌ Not started |
Key Risks
| Risk | Mitigation |
|---|---|
| Background location (iOS) | Rolling geofence approach (in progress) |
| App store rejection | Privacy-first positioning helps, not gaming system |
| Life360 response | First mover on privacy, different market segment |
| Trust building | Open about encryption, Nostr is open protocol |
Blockers
- CRITICAL: Background location when phone locked/force-quit
- iOS: Only geofencing survives force-quit
- Solution: Rolling geofence (500m+) like Life360
- Paul actively working on this
Validation Scores
| Criterion | Score | Notes |
|---|---|---|
| Competition | 4/5 | Life360 dominant but privacy scandals create opening |
| Willingness to Pay | 4/5 | Parents pay for kids' safety, €4.99 < Life360 |
| Feasibility | 3/5 | App 80% done, background location is hard |
| Privacy Angle | 5/5 | Privacy IS the entire product |
| Personal Interest | ?/5 | TBD |
| Total | 16+/25 | Solid, but feasibility risk from blocker |
Links
- Repo: /Users/paulspende/Documents/paul/repos/flock-spot
- App: /app (Expo React Native)
- Relay: /relay (strfry + sync service)
- Landing: /landing (static site)
Progress Log
- 2025-01-05: Brief updated with comprehensive repo review
- 2025-01-05: Background location identified as critical blocker
- 2025-01-05: Security fixes completed (invite encryption, relay reconnect)
- 2025-01-05: App architecture well-developed, near production-ready