It would be easier for clients to pick a good policy if this spec said what the implications of each possible length are. https://en.wikipedia.org/wiki/Geohash#Digits_and_precision_in_km appears to provide a mapping from geohash length to precision-in-km at the equator, but the east/west precision will improve as the latitude moves closer to a pole. Should the spec encourage clients to send shorter geohashes for larger latitudes?
The security considerations of https://tfpauly.github.io/privacy-proxy/draft-pauly-httpbis-geohash-hint.html#name-security-considerations say that "clients MUST have a default policy around when to allow use of the Geohash Client Hint, as well as a default length of Geohash. Shorter, truncated Geohashes provide less specific locality."
It would be easier for clients to pick a good policy if this spec said what the implications of each possible length are. https://en.wikipedia.org/wiki/Geohash#Digits_and_precision_in_km appears to provide a mapping from geohash length to precision-in-km at the equator, but the east/west precision will improve as the latitude moves closer to a pole. Should the spec encourage clients to send shorter geohashes for larger latitudes?