On Wed, Apr 21, 2021 at 11:58 AM nanoguser100 via NANOG <nanog@nanog.org> wrote: > I wanted to get the communities' opinion on this. > > Increasingly I have run into 'niche needs' where a client has a few users in > a country we don't have a POP, say Estonia. This is 'mainly' for > localization but also in some cases for compliance (some sites REQUIRE an > Estonian IP). With that being said is it common practice to 'fake' > Geolocations? In this case the user legitimately lives in Estonia, they just > happen to be using our cloud service in Germany.
If the endpoint (e.g. web server) is physically located in Germany and you're helping a client misrepresent that it's located in Estonia in order to evade a legal requirement that it be located in Estonia then you've made yourself a party to criminal fraud. Do I really need to explain how bad an idea that is? If the service is a VPN relay for addresses which are actually being used in Estonia then what's the problem? You're just a transit for those IPs. Report the location where the endpoints are, not the transits. Regards, Bill Herrin -- William Herrin b...@herrin.us https://bill.herrin.us/