What are the privacy implications of adding back geolocation information, particularly when an IP proxy has removed the ability to infer it? (This initial issue won't have nearly every question or consideration, but could be a starting point.)
Honestly, it's been 18 years since an RFC was published on location privacy requirements (rfc 3693); our privacy expectations and legal compliance regimes have since increased.
Do we want to add sensitive information to HTTP headers without any description of limits on how that information can be used, or any enforceable policy statements from the requester about their compliance?
What are the risks of inferring more precise geolocation by observing/linking multiple geo hint locations over time? See rfc 6772, for example.
What are the privacy implications of adding back geolocation information, particularly when an IP proxy has removed the ability to infer it? (This initial issue won't have nearly every question or consideration, but could be a starting point.)
Honestly, it's been 18 years since an RFC was published on location privacy requirements (rfc 3693); our privacy expectations and legal compliance regimes have since increased.
Do we want to add sensitive information to HTTP headers without any description of limits on how that information can be used, or any enforceable policy statements from the requester about their compliance?
What are the risks of inferring more precise geolocation by observing/linking multiple geo hint locations over time? See rfc 6772, for example.