Re: I-D Action: draft-pauly-httpbis-geoip-hint-01.txt from Stephen Farrell on 2024-10-28 (ietf-http-wg@w3.org from October to December 2024)

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Mon, 28 Oct 2024 17:23:29 +0000
To: Dustin Mitchell <djmitche@google.com>, Ted Hardie <ted.ietf@gmail.com>
Cc: David Schinazi <dschinazi.ietf@gmail.com>, Ben Schwartz <bemasc@meta.com>, Watson Ladd <watsonbladd@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <9eb4f48b-775d-4f90-a9d8-fb3207248a92@cs.tcd.ie>

Hiya,

On 28/10/2024 16:56, Dustin Mitchell wrote:
> 
> This also provides an opportunity to incrementally improve the situation
> for tracking of users' location by making it an active signal that is under
> the control of the client (rather than the client's ISP).

Is the above actually accurate though? ISTM that detailed location
data is mostly sent by clients in payloads, so adding an HTTP header
seems like it has no effect on such application layer leakage other
than to add a new way in which location details can be exposed.

Defining the problem to be addressed to be only a tiny part of the
abuses of location data seems to me a wrong starting point in a
different sense to the one Ted described already.

Cheers,
S.

Received on Monday, 28 October 2024 17:23:38 UTC