Feature request: integrate geoip lookup for third party systems

[StefanKBa]

Of course, this can also be done after the run with additional scripts. It would be useful to have the geoip lookup results (which country the 3rd paryt system is in) as part of the report. (As for some reason, web site owners are quite impressed by the report.)

[rriemann]

Dear @StefanKBa ,

thank you for your proposal. In my experience, the results of geoip lookups can be unreliable for a data compliance evaluation. Consider:

1. services that store data in Country X but have in each country a caching server (CDN)
2. services that operate from one country, but have their legal headquarter in another country
3. services that employ loadbalancing with different IP resolutions based on user location or just random distribution

Hence, the determination of the country for a given web service by its IP address depends on the purpose and is not always clear cut. The WEC attempts to produce evidence reports free of judgement yet.

So while the geoip address could be clearly marked as only a geoip measurement at the time of the collection that may not be reproducable, the question is also how the WEC could integrate the necessary database. To my knowledge, the databases are proprietary and cannot be shipped alongside the freesoftware WEC.

Happy to discuss!

[StefanKBa]

I believe your argument makes perfect sense. :-)

[rriemann]

This is not a high priority, but if someone can propose code to optionally add geo information using a common on-premise geoip database, I would help integrating it to the WEC. The documentation and default template must clearly explain the technical nature of this measurement and the limitations for using them in legal analysis.