Closed GraionDilach closed 4 years ago
Pinging @jrb0001 for review.
Address based authentication is broken by design and identifying players by the country of their address sounds very strange to me. I don't know about the CCPA but at least the GDPR doesn't apply to this particular maxmind database (it does however to the server implementation).
Ora authentication is similarly broken as addresss authentication but at least it doesn't have any privacy concerns. It's an option if player really want to identify each other (and know that it is completely broken) so I don't see any reason not to nuke the maxmind database feature.
I can see only one valid reason for showing the country of a player to another player: regional leaderboards. But that only makes sense if a) ora actually had a leaderboard functionality and b) the leaderboards have more than one player each. Also in such a case the country should be tied to the player profile and not the address and there has to be a process to change it if it is wrong. There are more than enough situations where the maxmind database is simply not accurate enough, especially for international ISPs and close to the border.
While upstream has very different views on the GeoIP feature and is evaluating the way to keep it within somehow - https://github.com/OpenRA/OpenRA/issues/17529 -, the issue is obvious, this dependency needs to be gone from the repository if we intend to comply with the CCPA.
The below points apply to us from the CCPA fact sheet (reference: https://oag.ca.gov/system/files/attachments/press_releases/CCPA%20Fact%20Sheet%20%2800000002%29.pdf)
As long as MaxMind is used in the infrastructure, the 50k devices clause applies.
The common claim against removing this feature is that the "competitive community has no other way to identify people besides IP". This is an invalid reasoning:
The first bullet point thankfully doesn't even apply to this project, since there is no competitive community which has been formed upon a direct consumer. The second bullet point however can be still applicable if we're past 50k players due to IP proofing.
It is indeed true that authentication has serious and known security flaws but even player ingame profile takeovers pose less of a threat than actual legal cases and the wisest choice is to ignore the playerbase in the case.