mirrorbits icon indicating copy to clipboard operation
mirrorbits copied to clipboard
verified publisher icon etix

Restrict access to geolocation data in mirrorlist pages?

Open stormi opened this issue 4 years ago • 1 comments

Hi,

GeoLite2's EULA is... convoluted (https://www.maxmind.com/en/geolite2/eula). Among the restrictions I think I understand from my reading, we're not allowed to make the data available to other people. However, through the mirrorlist and fromip parameters one can use mirrorbits to harvest parts of the data.

Would it be possible to add options to restrict access to such data?

Ideas:

  • require a secret parameter, admin-defined, when the fromip parameter is given to a mirrorlist page.
  • OR allow to never display details about the IP address location (city) in the mirrorlist page - can be done by altering the template ourselves I suppose, but maybe that's worth an option.
  • OR a combination of both: if fromip is set, still display the mirrorlist page, but hide location details unless a secret is given

stormi avatar Jan 25 '21 11:01 stormi

Good point. Option 1 seems preferable to me. I don't see a use case where the fromip parameter would be useful for a normal user. It is most likely used by developers and perhaps administrators for diagnosis of problems with the mirror selection algorithm.

ott avatar Sep 17 '22 22:09 ott