Many IoT applications require users to share their devices’ location, and enhanced privacy-protection means sharing location anonymously, unlinkably and without relying on any administrators. But under such protection, it is difficult to trust shared location data, which may be from unregistered devices or from the same one’s multiple logins or from the cloned device ID, even be generated by an attacker without any devices! Such untrusted location sharing cheats system, misleads users, even attacks system. To the best of our knowledge, such problems have not been solved in a decentralized system. To solve them in one scheme, we put forward the first decentralized accumulator for device registration and construct the first practical decentralized anonymous authentication for device login. When logging in, the device provides a special knowledge proof, which integrates zero-knowledge (for privacy) with knowledge-leakage (for identifying abnormal behaviors) designing for blockchain (for decentralization). Therefore, in our system, only registered IoT devices can upload location data and their logins are anonymous and unlinkable, while login exceeding ${K}$ times in a system period or cloning ID to login concurrently can be identified and tracked without any trusted centers. In addition, we provide the security proofs and the application examples of the proposed scheme. And the efficiency analysis and experimental data show that the performance of our scheme can meet the needs of real-world location sharing on IoT.