—In many existing location-based services, a service provider becomes aware of the location of its customers and can, maybe inadvertently, leak this information to unauthorized entities. To avoid this information leak, the provider should be able to offer its services such that the provider does not learn any information about its customers’ location. We present an architecture that provides this property and show that the architecture is powerful enough to support existing locationbased services. Our architecture exploits Trusted Computing and Private Information Retrieval. With the help of Trusted Computing, we ensure that a location-based service operates as expected by a customer and that information about the customer’s location becomes inaccessible to a location-based service upon a compromise of the service. With the help of Private Information Retrieval, we avoid that a service provider learns a customer’s location by observing which of its location-specific informatio...