4 comments

[ 4.6 ms ] story [ 18.8 ms ] thread
> If IP addresses were considered PII, then no routers database or Whois registries could legally exist, which would mean to a larger extent Internet routing could not exist as we know it.

I think this statement is misinformed. There are countries that have rules around protecting PII. WHOIS implementations have changed as a result, but I think these laws have carve outs that allow routers to function. The laws are more nuanced than this.

Examples:

ICANN adopted tiered access for gTLD registration information: https://www.icann.org/resources/pages/gtld-registration-data...

EU courts believe that IP addresses, even dynamic IP addresses, can indirectly identify a person: http://curia.europa.eu/juris/document/document.jsf?text=&doc...

GDPR, however has a carve out that I think permits use by internet routers. One legal justification is:

> Processing is necessary to satisfy a contract to which the data subject is a party.

If my ISP doesn't announce my IP address, then they can't connect me to the internet, which I pay them to do.

Thanks for the links.

> If my ISP doesn't announce my IP address, then they can't connect me to the internet, which I pay them to do.

Indeed, it's more nuanced and that's the message that we try to give here. As long that you do not use IP geolocation to identify an individual by itself, it seems to be a legitimate use.

I've seen "what's my IP address" websites that ask to get your location from your browser, that's a good trick to get fine grained IP geolocation (until the IP address is reassigned).
That's what is referred to as "HTML5 Geolocation API" in the article. The problem of this method is that it is really intrusive since it requires an explicit permission along with a device that includes a GPS chip.