For those of us in the geospatial world, the ability to derive a precise location from a non-GNSS source is always a fascinating technical feat. Over the last year, Starlink users—particularly in the maritime and “off-grid” communities—discovered that SpaceX’s hardware was doing exactly that. By querying the local gRPC (Remote Procedure Call) API of a Starlink dish, users could pull a highly accurate location derived from the satellite constellation’s own orbital geometry.
It was, in effect, a “Pseudo-GPS.” It was resilient to the jamming and spoofing that currently plagues GNSS in the Black Sea and the Middle East.
However, as of April 2026, SpaceX has announced it is pulling the plug. Effective May 20, 2026, the local gRPC location service will be disabled. While this has frustrated the hobbyist community, the move highlights a critical tension between user utility and modern cybersecurity.
The Problem with Local Trust
The core issue appears to be one of local network architecture. In its original implementation, if a user enabled “Share Location” in the Starlink debug settings, the dish would broadcast its coordinates to any device on the local area network (LAN) without requiring authentication.
In a world of “Zero Trust” architecture, this is a significant vulnerability. Any compromised IoT device on the same Wi-Fi network—from a smart fridge to a cheap security camera—could silently poll the dish for its exact physical coordinates. Furthermore, mobile apps that usually require OS-level permissions to access a phone’s GPS could bypass those restrictions entirely by simply “asking” the Starlink dish over the Wi-Fi.
Geopolitics and Kinetic Risk
Beyond the digital privacy concerns, there is a very real physical safety dimension. Starlink has become critical infrastructure in modern conflict zones.
In these environments, location data is a weapon. By leaving a local, unauthenticated API active, SpaceX was inadvertently creating a “homing beacon” for anyone who could gain even a foothold on a local network. If a terminal’s coordinates can be scraped via a simple script, that terminal (and the people using it) becomes a target for kinetic strikes. By moving this data behind an authenticated, cloud-based wall, SpaceX is essentially “hardening” the terminal against being used as a targeting coordinate source.
The Impact on the “Resilient PNT” Community
The removal is a blow to those looking for Resilient Positioning, Navigation, and Timing (PNT). Many maritime users relied on the Starlink location as a “sanity check” against their primary GPS. Because Starlink operates in Low Earth Orbit (LEO) with high-gain directional antennas and complex encryption, it is significantly harder to spoof than traditional MEO-based GNSS signals.
While the “pseudo-GPS” wasn’t a formal service, it was a proof-of-concept for how LEO constellations can serve as a backup to our aging GPS infrastructure.
Where do we go from here?
SpaceX isn’t removing location data entirely; they are shifting it to their Telemetry API. The catch? This is largely an enterprise-facing feature, likely requiring higher-tier subscriptions and proper authentication tokens.
This move signals the end of the “Wild West” era of Starlink data. As the platform matures from a disruptive startup service into a piece of global critical infrastructure, the “fun” features that allow for easy tinkering are being traded for the “boring” but necessary features of security and liability management.
For the geospatial professional, it’s a reminder that even the most innovative positioning sources are ultimately beholden to the security requirements of the platforms they run on.