Re: Submitting Fake Geolocation for blocks to Data Brokers and RIRs

[William Herrin <bill () herrin us>]

On Wed, Apr 21, 2021 at 11:58 AM nanoguser100 via NANOG <nanog () nanog org> wrote:
> I wanted to get the communities' opinion on this.
>
> Increasingly I have run into 'niche needs' where a client has a few users in a country we don't have a POP, say 
> Estonia.  This is 'mainly' for localization but also in some cases for compliance (some sites REQUIRE an Estonian 
> IP).  With that being said is it common practice to 'fake' Geolocations?  In this case the user legitimately lives in 
> Estonia, they just happen to be using our cloud service in Germany.

If the endpoint (e.g. web server) is physically located in Germany and
you're helping a client misrepresent that it's located in Estonia in
order to evade a legal requirement that it be located in Estonia then
you've made yourself a party to criminal fraud. Do I really need to
explain how bad an idea that is?

If the service is a VPN relay for addresses which are actually being
used in Estonia then what's the problem? You're just a transit for
those IPs. Report the location where the endpoints are, not the
transits.

Regards,
Bill Herrin


-- 
William Herrin
bill () herrin us
https://bill.herrin.us/