Location-based services are becoming extremely popular due to the widespread use of smartphones and other mobile and portable devices. These services mainly rely on the sincerity of users, who can spoof the location they report to them. For applications with higher security requirements, the user should be unable to report a location different than the real one. Proof of Location protocols provide a solution to secure localization by validating the device's location with the help of nearby nodes. We propose QuietPlace, a novel protocol that is based on ultrasound and provides strong identities, proving the location of the owner of a device, without exposing though their identity. QuietPlace provides unforgeable proof that is able to resist to various attacks while respecting the users' privacy. It can work regardless of certificate authority and location-based service and is able to support trust schemas that evaluate the participants' behavior. We implement and validate the protocol for Android devices, showing that ultrasound-based profiles offer a better performance in terms of maximum receiving distance than audible profiles, and discuss its strengths and weaknesses, making suggestions about future work.