- From: Rafal Pietrak <cookie.rp@ztk-rp.eu>
- Date: Tue, 6 Sep 2022 21:16:08 +0200
- To: ietf-http-wg@w3.org
Dear experts. Political concerns raised below made me risk being ridiculed, but those points are valid, yet IMHO in quite the opposite way. As people stretch their "freedom" and push laws letting them pretend be of a different sex then they actually are (and I'm not judging, just taking that same freedom); I'd say that I (as an internet user) should have the right to select (tell server) any geolocation I'd like no matter where I'm actually accessing the network from. It should be illegal and actually penalised to ignore user-Agent declared geolocation in favor of some IP databases/location-provider. User agent should be allowed to FORCE geolocation much like (or stronger) it is allowed to declare "accepted language". I'm quite shocked with the hole discussion taking place on this topic. With best regards. Rafał W dniu 06.09.2022 o 11:34, Poul-Henning Kamp pisze: > -------- > Mark Nottingham writes: > >> At IETF 114, we saw some interest in adding hints about the client's >> location to requests in certain circumstances, with the condition that >> it be done in a way that doesn't compromise privacy. > > There are two different scopes to this topic: > > * "Jurisdictional" - is the client subject to this or that law, jurisdiction or regulation. > > * "Informational" - pretty much everything else. > > There are all sorts of unholy regulation bubbling under the surface > with respect to the first one, because politicians, justifiably, > have become really keen on being able to tell genuine citizens apart > from (foreign-controlled) bots and sock-puppets, and in parallel, > protecting children from content which violate "community standards". > > The main argument for exchanging such information at our level in the > stack is that it will reduce the need for actual, and much more > privacy-leaking, user authentication. > > Despite that, it is still a minefield, political, cryptographically > and technically, which I think we should stay very clear from. > > Mark writes "certain circumstances" and "doesn't compromise privacy", > but to increase chances of success, I think we need to be much more > clear about our intentions. > > I propose that we make it 100% clear up front, even before adopting > this or any other proposal, that any information provided via the > mechanism we (might) come up with, does not, and can not, carry any > legal weight or message, because it SHALL be 100% up to the users > whims and discretion, and that it SHALL be opt-out by default. > -- Rafał Pietrak
Received on Tuesday, 6 September 2022 19:16:33 UTC