We present a 3-week user study in which we tracked the locations of 27 subjects and asked them to rate when, where, and with whom they would have been comfortable sharing their locations. The results of analysis conducted on over 7,500 h of data suggest that the user population represented by our subjects has rich location-privacy preferences, with a number of critical dimensions, including time of day, day of week, and location. We describe a methodology for quantifying the effects, in terms of accuracy and amount of information shared, of privacy-setting types with differing levels of complexity (e.g., setting types that allow users to specify location- and/or time-based rules). Using the detailed preferences we collected, we identify the best possible policy (or collection of rules granting access to one’s location) for each subject and privacy-setting type. We measure the accuracy with which the resulting policies are able to capture our subjects’ preferences under a variety of assumptions about the sensitivity of the information and user-burden tolerance. One practical implication of our results is that today’s location-sharing applications may have failed to gain much traction due to their limited privacy settings, as they appear to be ineffective at capturing the preferences revealed by our study.