Open AramZS opened 4 years ago
bslassey
commented
4 years ago Good point. Policy-wise we could allow for identifying location down to a political entity (trying for a word that covers both US states and countries) of at least some minimum number of people (500,000 people would cover all US states).
irl
commented
4 years ago IP addresses are a poor authentication method, and GeoIP databases are a poor authorization method. Mobile roaming typically performs home routing so that a person in CA and subject to CA laws, would actually be accidentally circumventing compliance systems if using a SIM card from Europe, for example. If we're looking at a metric for privacy, the population of an area and the number of Internet users in that area might be correlated differently for the US vs other countries.
Services want geolocation for different reasons, regulatory compliance and localisation I guess would be the main reasons. Allowing for services to select finer-grained or coarser-grained geolocation that allows them to achieve their goal while not allowing reduction of the anonymity set beyond that which is required would benefit user privacy.
Under GDPR or CCPA, it is possible to remove yourself from GeoIP databases, so if you were using a GeoIP database for compliance then this can be circumvented by removing your IP from the database. This could have interesting consequences for compliance.
There is also a deanonymisation vector that can be used if you can influence (or more slowly, only observe) the database. You could cause a user's IP to be reported differently as the database updates, to narrow down to a subnet. The best mitigation for this would be to only update infrequently, but at the cost of accuracy.
RussStringham
commented
4 years ago There are many reasons why a site would want finer resolution than country. Small businesses only want their ads served to people that are close enough to their business to be potential customers. Stores with multiple locations want to direct the person to the nearest store. A site should be able to declare that they are only using the IP address for Geo-location and specify the precision they are using. They could specify one of:
npdoty
commented
2 years ago I agree we need to provide some form of general non-exact Geolocation to sites in order to allow this proposal, but country-level is insufficient to handle privacy compliance properly, we have to be able to resolve at least down to the US State level right now, as we have different compliance regimes rising in a number of states, with one known in CA, but more likely to come.
Are there any cases where compliance with one jurisdiction's privacy laws requires violating the privacy laws of another jurisdiction?
It seems like state-level geolocation by IP address is only necessary for compliance in the sense that a service provider may not want to provide that functionality (for user opt-out or notice, say) to visitors from outside that state, but not that it would be non-compliant if it did.
npdoty
commented
1 year ago @spanicker can you block these spam commenters from this repo? Thanks.
I agree we need to provide some form of general non-exact Geolocation to sites in order to allow this proposal, but country-level is insufficient to handle privacy compliance properly, we have to be able to resolve at least down to the US State level right now, as we have different compliance regimes rising in a number of states, with one known in CA, but more likely to come.