Loss of IP Metadata

[miketaylr]

Originally filed at https://github.com/spanicker/ip-blindness/issues/22 by @jbradl11:

IP addresses serve a variety of use cases beyond anti-fraud. IP can be used for analytics, measurement, regional preferences, tracking paid subscribers, and many more. As Chrome seeks to mask IP addresses, we are working to ensure that valid use cases are preserved while also improving privacy on the web.

How does blocking IP challenge your different use cases? What other ways could actors achieve these use cases without IP addresses used for fingerprinting? What potential replacement signals could we extract from an IP address and pass as a new, standalone (and possibly attested?) signal?

[wdmartin]

I work in the systems department of an academic library. Like many libraries we rely on IP-based authentication to allow end users access to databases full of scholarly resources that we have licensed on their behalf.

Just to give a brief overview, the way it works is:

• We license a database from a vendor (for example, JSTOR)
• We send a list of the IP addresses used on our campus to JSTOR
• JSTOR checks the IP addresses of incoming traffic against their list, granting access to recognized IPs
• To provide for off-campus access, we run a proxy server (EZ Proxy) which relays traffic for our users through an on-campus IP so they get access

This is a very common arrangement in the library world, both at academic institutions and at public libraries. At my library, we have licenses that work this way from a couple hundred distinct vendors, ranging in size from large companies like Elsevier down to tiny single-journal shops like the Journal of Economic Insight, which has no dedicated IT staff.

Moving away from an IP-based authentication system would be a major undertaking. I look into my future and I see a whole lot of work trying to get many vendors of hugely varying IT expertise to implement a SAML endpoint, or similar. It's going to be difficult. I worry that smaller vendors who lack IT staff may not be able to adapt. Also, smaller libraries with few or no dedicated IT staff will likely face serious challenges in migrating to some other authentication regime.

But I don't see any good way to avoid that. I am broadly in support of the goals of the project. I value user privacy. But without that IP address, proxy-based authentication schemes just plain don't work.

[wdmartin]

Followup: after thinking it through further, this is less worrisome than I first thought. As long as the user has a consistent IP address for the duration of a browsing session, that wouldn't cause EZ Proxy to stop working. It doesn't care about the end user's IP. It's just the vendors that care about that, and they would be seeing EZ Proxy's IP, not the end user's IP. So that would still work.

The on-campus IP-based authentication would still break, but the end user would just wind up going through EZ Proxy as if they were off campus. That's a little less convenient, but not the end of the world.

So I guess this doesn't break nearly as much as I thought it did.

[AtebMT]

Regarding library access to resources using IP address resolution, we are also in the a similar situation where the IP address is used to verify access to certain resources from UK public libraries. From a supplier of resources point of view, without a stable IP address to verify against, this will provide a blocker for a lot of smaller libraries that do not have the technical resources to setup authentication systems like SAML.