Purge the GeoIP feature from the repository.

[GraionDilach]

While upstream has very different views on the GeoIP feature and is evaluating the way to keep it within somehow - https://github.com/OpenRA/OpenRA/issues/17529 -, the issue is obvious, this dependency needs to be gone from the repository if we intend to comply with the CCPA.

The below points apply to us from the CCPA fact sheet (reference: https://oag.ca.gov/system/files/attachments/press_releases/CCPA%20Fact%20Sheet%20%2800000002%29.pdf)

Businesses are subject to the CCPA if one or more of the following are true:

• Buys, receives, or sells the personal information of 50,000 or more consumers, households, or devices;

The CCPA grants new rights to California consumers

• The right to delete personal information held by businesses and by extension, a business’s service provider;
• The right to opt-out of sale of personal information. Consumers are able to direct a business that sells personal information to stop selling that information. Children under the age of 16 must provide opt in consent, with a parent or guardian consenting for children under 13.

As long as MaxMind is used in the infrastructure, the 50k devices clause applies.

The common claim against removing this feature is that the "competitive community has no other way to identify people besides IP". This is an invalid reasoning:

• Authentication and player profiles have been added for this very reason into the game. If the community has issues with identifying players, then they should prefer servers which are only allowed to play if the player has a valid profile set up. This is consistent with most gaming services today, which disallow online playing as guests.
  • Assuming OpenRA ever gets popular to reach the 50k players status, the CCPA imminently kicks in directly in which case the first Californian player can immediately demand for IP hiding and seek legal aid to enforcing so.
  • Dedicated server hosts shouldn't be enforced to set up MaxMind themselves, it sounds unfair to push any responsibility over to a server host, who's already paying the service from their own pockets in some form. This does allow the project to sidestep the CCPA claims itself, but only at the cost of making dedicated server hosts responsible which is not necessarily documented and the risks are not necessarily expected by a volunteer.

The first bullet point thankfully doesn't even apply to this project, since there is no competitive community which has been formed upon a direct consumer. The second bullet point however can be still applicable if we're past 50k players due to IP proofing.

It is indeed true that authentication has serious and known security flaws but even player ingame profile takeovers pose less of a threat than actual legal cases and the wisest choice is to ignore the playerbase in the case.

[GraionDilach]

Pinging @jrb0001 for review.

[jrb0001]

Address based authentication is broken by design and identifying players by the country of their address sounds very strange to me. I don't know about the CCPA but at least the GDPR doesn't apply to this particular maxmind database (it does however to the server implementation).

Ora authentication is similarly broken as addresss authentication but at least it doesn't have any privacy concerns. It's an option if player really want to identify each other (and know that it is completely broken) so I don't see any reason not to nuke the maxmind database feature.

I can see only one valid reason for showing the country of a player to another player: regional leaderboards. But that only makes sense if a) ora actually had a leaderboard functionality and b) the leaderboards have more than one player each. Also in such a case the country should be tied to the player profile and not the address and there has to be a process to change it if it is wrong. There are more than enough situations where the maxmind database is simply not accurate enough, especially for international ISPs and close to the border.