hey adrian, > Is it too late to ask for some privacy considerations to be added to > this document?
it is never too late to ask for privacy. as usual, the problem is how to provide it :) > My initial thought was that the authors would point me to 8805, but a > quick look there doesn’t show any mention of privacy. which is unfortunate. the authors have sworn under oath that they considered it. e.g. they told me that this is why postal codes are not in 8805 geofeed files. they described places such as those isles to the west of europe (on which i think you live) postal codes can locate an individual or extremely small group. > My concern here is that the end-user’s geographic locale is being > exposed to the service provider without the agreement of the end-user, > and without the end-user even knowing that it is happening. i think we all share the concern that an end-user's locale might be revealed. and i suspect at least you and i pretty much agree on the core issues. but ... tl;dr: that is an 8805 problem, water under someone else's bridge unnecessary and pedantic details: o in pretty much all cases i know, the user's locale is known by their service provider. the issue would seem to be the provider's revealing the user's locale to the public, which includes other providers. o my understanding is that 8805 was developed specifically to provide a mechanism for the user's provider to publish the user's locale to other providers, with the major goal being content customization. o whether we believe that content should be customized by locale, while an interesting discussion, is probably best held in another locale. o luckily, the folk who want to customize content by locale seem happy with fairly low resolution. o though clearly agencies such as law enforcement and my mother, would love one's precise locale at all times; i do not think they were the intended customer for 8805, and they are definitely not the intended customer for this draft. > I know that this information has great value for a number of aspects > of service provision (not least geographic licensing), and I am not > opposed to its availability. I do object, however, to the concept that > a user’s locale is generally available. A user should have the option > of not revealing their locale (in the knowledge that this may exclude > them from accessing some services). let's remember that even 8805 does not directly reveal the location of users. it reveals low resolution location of ip address spaces. but of course we know ip addresses can be attributed to users. > Now, I doubt that this document is the right place to fix these > privacy concerns. But it might be a good place to add a short > paragraph on the privacy issues raised by using geo feeds. to paraphrase the immortal words of vince perriello, send text :) but, as a first idea, how about something such as this in the Geofeed Files section? RFC8805 geofeed data may reveal the approximate location of an IP address, which might in turn reveal the approximate location of an individual user. Unfortunately, RFC8805 provides no privacy guidance on avoiding or ameliorating possible damage due to this exposure of the user. In publishing pointers to geofeed files as described in this document the operator should be aware of this exposure in geofeed data and be cautious. sad to say, i can not think of more useful guidance than caution. randy _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg