Comments (6)
I don't think it should be out of scope. I can work on a PR.
from draft-ip-address-privacy.
I realize these are only two examples, but digging into them may be helpful.
For the first concern about platforms redirecting to hosted content, can you provide more details about why IP addresses are helpful in mitigating this threat? If I understand correctly, at a minimum, the service provider (Youtube) only see the client's IP address and possibly a referrer. In a world with IP address privacy, the service won't see the client's true IP address and the browser may truncate the referrer. Are there specific mitigations you already have in place for this situation that you can describe?
For the second example, while these platforms should provide some oversight/protection within their walls, they cannot and should not be responsible for potential harm that occurs on other sites. In general, protecting a child is their guardian/parent's responsibility, and this is the case regardless of which site they're on.
Based on these two examples, I'm not sure there is a one-size-fits-all answer for this problem.
from draft-ip-address-privacy.
For the YouTube redirect, YouTube will see a redirect from the discussion platform. Without a proxy, YouTube could better estimate the number of distinct users, geographic distribution, and other useful demographics. This isn't really about specific mitigations, it is more about the investigation that supports understanding a threat and designing specific mitigations. In the extreme, abuse fighting is reduced to waiting for a disaster and then cleaning up the mess. This is not a good outcome for public safety. There is no single counterabuse signal more important than IP address.
The above assumes high-traffic volumes. I think the second example is representative of the low-traffic case.
For the second example, parents have a responsibility for being responsible parents. Governments have a responsibility for making responsible parenting possible. When the environment for parenting includes features that are particularly dangerous, and that are harming children, at a certain point a legitimate government is compelled to mitigate the danger, lest they lose the confidence of the people. Such government interventions can avoided if the systems in question self regulate. The radio and the printing press are examples of revolutionary technologies that contributed to tremendous disruption and later became safer through regulation and through industry norms.
These threat models represent significant public safety risks and harms. Achieving safety is not so simple as IP address transparency, as we have that today, and things are still getting worse. That is driving the industry towards systems that are less available for anonymous, unverified users, a bad outcome for privacy. To preserve anonymous service access we need to recognize and mitigate features that threaten privacy or safety.
from draft-ip-address-privacy.
@jbradleychen is this out of scope? If not, perhaps you could prepare a PR with suggested text that addresses this point?
from draft-ip-address-privacy.
Related discussion here:
https://twitter.com/i/status/1430628745799421954?cn=ZmxleGlibGVfcmVjcw%3D%3D&refsrc=email
from draft-ip-address-privacy.
I don't think it should be out of scope. I can work on a PR.
@jbradleychen have you had a chance to work on a PR?
from draft-ip-address-privacy.
Related Issues (18)
- Counterabuse: avoiding benefits to bad actors. HOT 9
- Counterabuse: law enforcement support. HOT 9
- Define cross-site versus same-site privacy risks HOT 9
- Define categories of anti-abuse patterns HOT 6
- Add rough geolocation as use case for IP HOT 2
- A mechanism for first-party re-identification HOT 1
- Does a reputation system solve a problem? HOT 2
- Add some more use cases of IP addresses from PAT
- Add Signal for GeoIP replacement
- Email protocol improvements?
- Geo signals
- Signal provenance and trust HOT 1
- Move information about laws/regulations into separate document? HOT 3
- Temporary Addresses HOT 4
- Potential new technologies HOT 1
- Augmenting replacement signals with reporting mechanisms HOT 1
- Potential tweak to structure of document
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from draft-ip-address-privacy.