[arch-d] Re: [EXTERNAL] Re: IP Address Geolocation Considered Harmful

Divyank Katira <divyank@irl.works> Fri, 27 March 2026 05:49 UTC

Return-Path: <divyank@irl.works>
X-Original-To: architecture-discuss@mail2.ietf.org
Delivered-To: architecture-discuss@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id BAF0FD23C587 for <architecture-discuss@mail2.ietf.org>; Thu, 26 Mar 2026 22:49:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1774590589; bh=3dvgjW1kFktf4OshobOXD56cWTNooAbFwFEJx+nlNjE=; h=Date:To:From:Subject:In-Reply-To:References; b=ppGOU4KavqvV9zxS3eIQMisp6kG4yUkHU1dYiScHJJkIjUY0kcN4wKGddL2B4Tljn H+GBF/qb+165WOtQ3RJ5mJpVB56unqrBYN3FlNz/VYca8YFRDs66J3EehrF6TskbmJ 4O/teD/v9NvMv3Lm0eBvzNu8u5OyXal+468teRS0=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.796
X-Spam-Level:
X-Spam-Status: No, score=-2.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=irl.works
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s6bi1CSDU34O for <architecture-discuss@mail2.ietf.org>; Thu, 26 Mar 2026 22:49:48 -0700 (PDT)
Received: from mail-4398.protonmail.ch (mail-4398.protonmail.ch [185.70.43.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id AC51DD23C57C for <architecture-discuss@ietf.org>; Thu, 26 Mar 2026 22:49:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=irl.works; s=protonmail3; t=1774590587; x=1774849787; bh=3dvgjW1kFktf4OshobOXD56cWTNooAbFwFEJx+nlNjE=; h=Date:To:From:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=DtIQh0KCHQuEHDIPQvGo0eL3Gyb3Uc1TOzn+6+Lt7DzXuF9Oblulm4rtS7E7851kJ FaW6B6HLjaIU9W/1HUVoYnn62E/rFsqWyiydFoPgk0Yp3lgI4Zfo9WbZwZOtNutkOh MzzfmUQpgbOSPj60QmI17c+ZATyyTQSHzg3QWZVPlWgk5CQ3K6snIJQRCpISDqXJad gVcHVztQ4HTHdd+CGxZB5357tnc3ecC7Ku/+x4MCgEvhtVEwAnNjmv5c7Z+xy1jjeH GgDp1iR3U47cPV1BEZRznNJx/TyRSSwTZm2IN0rWvFMq4gpIHi5OltiWKEtG4wz1a7 TV3el9MmM6UCA==
Date: Fri, 27 Mar 2026 05:49:43 +0000
To: Eric Rescorla <ekr@rtfm.com>, "architecture-discuss@ietf.org" <architecture-discuss@ietf.org>
From: Divyank Katira <divyank@irl.works>
Message-ID: <2cCAJ5ymh__qWpN8TxuPi09GOsznUM6oSdFJh3-91HkWTh2If7rxuIfzU4klwooNHVxu0TN8bh53JI-MRs6KiAN5WM-4Z3tX0H6KVPDwgsg=@irl.works>
In-Reply-To: <CABcZeBM0y-w+DrPQ71yTAF9t2jP1ghqG6PxaMM2vDZrqtN4yHQ@mail.gmail.com>
References: <GV1PR08MB7346096846736A913BE0904ED349A@GV1PR08MB7346.eurprd08.prod.outlook.com> <87h5q325cj.wl-morrowc@ops-netman.net> <CACgrgBZQjF7QnaT4j+8JMQLbFbAjVqcOt2sk2ma-TnABpytAHQ@mail.gmail.com> <CABcZeBM0y-w+DrPQ71yTAF9t2jP1ghqG6PxaMM2vDZrqtN4yHQ@mail.gmail.com>
Feedback-ID: 126877182:user:proton
X-Pm-Message-ID: 952ca3fdeca62f1ae1edc287de77dfd515d17a12
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="b1=_72Kd6BW5Bc6wpklBweWJIedT49IOiqB27RGm2MLXY"
Message-ID-Hash: OYN22GSMDR3VUKDD6YLPZID6Q5K6UQZS
X-Message-ID-Hash: OYN22GSMDR3VUKDD6YLPZID6Q5K6UQZS
X-MailFrom: divyank@irl.works
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-architecture-discuss.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [arch-d] Re: [EXTERNAL] Re: IP Address Geolocation Considered Harmful
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/yxmkHkDKKcHTjRY3wGsJZavzzOA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Owner: <mailto:architecture-discuss-owner@ietf.org>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Subscribe: <mailto:architecture-discuss-join@ietf.org>
List-Unsubscribe: <mailto:architecture-discuss-leave@ietf.org>

On Wednesday, March 25th, 2026 at 11:43 PM, Eric Rescorla <ekr@rtfm.com> wrote:

> With that said, I don't think it's particularly helpful for the IETF
> to tell people that in the current environment they shouldn't try to
> extract information from the IP address, as that's not going to have
> any meaningful impact. Instead we should focus on what technical
> measures would improve user privacy by decreasing the usefulness of
> the IP address for surveillance and tracking. Although obviously much
> of our ongoing work (VPNS, MASQUE, O-HTTP, etc.) tries to attack this
> from various angles, this is obviously a hard problem to address at
> scale while also maintaining network efficiency. This approach is
> consistent with our historical practice of favoring technical
> solutions to privacy and security (primarily strong encryption) over
> policy ones (restricting monitoring).

+1, this could be a reasonable way for IETF participants to intervene.

Ongoing work on MASQUE unfortunately does not move the needle on IP geolocation prevention.

Despite being marketed as IP privacy solutions, current MASQUE deployments like iCloud Private Relay [0] and Chrome’s (proposed) Advanced IP Protection [1] retain IP location when routing through relays.

This is currently done by maintaining numerous egress IPs [2] but there is also a proposal to relay this information through an HTTP client hint [3].

[0] https://www.apple.com/icloud/docs/iCloud_Private_Relay_Overview_Dec2021.pdf
[1] https://github.com/GoogleChrome/ip-protection?tab=readme-ov-file#ip-geolocation
[2] https://mask-api.icloud.com/egress-ip-ranges.csv[3] https://datatracker.ietf.org/doc/draft-pauly-httpbis-geoip-hint/

>