If the endpoint (e.g. web server) is physically located in Germany and you're helping a client misrepresent that it's located in Estonia in order to evade a legal requirement that it be located in Estonia then you've made yourself a party to criminal fraud.
While I agree with the overall sentiment of your message, I am curious ; have there been any instances where an internet provider has been found liable (criminally or civilly) for willfully misrepresenting IP geolocation information? On Wed, Apr 21, 2021 at 3:23 PM William Herrin <bill@herrin.us> wrote:
On Wed, Apr 21, 2021 at 11:58 AM nanoguser100 via NANOG <nanog@nanog.org> wrote:
I wanted to get the communities' opinion on this.
Increasingly I have run into 'niche needs' where a client has a few users in a country we don't have a POP, say Estonia. This is 'mainly' for localization but also in some cases for compliance (some sites REQUIRE an Estonian IP). With that being said is it common practice to 'fake' Geolocations? In this case the user legitimately lives in Estonia, they just happen to be using our cloud service in Germany.
If the endpoint (e.g. web server) is physically located in Germany and you're helping a client misrepresent that it's located in Estonia in order to evade a legal requirement that it be located in Estonia then you've made yourself a party to criminal fraud. Do I really need to explain how bad an idea that is?
If the service is a VPN relay for addresses which are actually being used in Estonia then what's the problem? You're just a transit for those IPs. Report the location where the endpoints are, not the transits.
Regards, Bill Herrin
-- William Herrin bill@herrin.us https://bill.herrin.us/