> > If the endpoint (e.g. web server) is physically located in Germany and > you're helping a client misrepresent that it's located in Estonia in > order to evade a legal requirement that it be located in Estonia then > you've made yourself a party to criminal fraud. >
While I agree with the overall sentiment of your message, I am curious ; have there been any instances where an internet provider has been found liable (criminally or civilly) for willfully misrepresenting IP geolocation information? On Wed, Apr 21, 2021 at 3:23 PM William Herrin <b...@herrin.us> wrote: > On Wed, Apr 21, 2021 at 11:58 AM nanoguser100 via NANOG <nanog@nanog.org> > wrote: > > I wanted to get the communities' opinion on this. > > > > Increasingly I have run into 'niche needs' where a client has a few > users in a country we don't have a POP, say Estonia. This is 'mainly' for > localization but also in some cases for compliance (some sites REQUIRE an > Estonian IP). With that being said is it common practice to 'fake' > Geolocations? In this case the user legitimately lives in Estonia, they > just happen to be using our cloud service in Germany. > > If the endpoint (e.g. web server) is physically located in Germany and > you're helping a client misrepresent that it's located in Estonia in > order to evade a legal requirement that it be located in Estonia then > you've made yourself a party to criminal fraud. Do I really need to > explain how bad an idea that is? > > If the service is a VPN relay for addresses which are actually being > used in Estonia then what's the problem? You're just a transit for > those IPs. Report the location where the endpoints are, not the > transits. > > Regards, > Bill Herrin > > > -- > William Herrin > b...@herrin.us > https://bill.herrin.us/ >