[nahikoa]

Wait a minute, now that I've registered for Maxmind there is a Do Not Sell My Personal Information Requests page with the text:

The following IP addresses are associated with valid 'Do Not Sell My Personal Information' requests as required by applicable privacy regulations, and have been removed from (or will be removed from the next releases of) the GeoIP2 and GeoLite2 databases. None of the IP addresses listed or contained within a listed network may be used for advertising or marketing purposes.

If I had sent Maxmind a request for data removal, the last thing I would expect is that my IP address would be shared with any internet user who bothered to create a Maxmind account. Even if this page were removed, it might not be difficult to obtain the opted-out addresses by doing a diff between GeoIP2 free releases. Perhaps a search for narrow slivers of addresses removed that were previously in California?

Law of unintended consequences for CCPA? Bad implementation for CCPA compliance? What interesting things could be done with a list of publicly available list of opted-out IP addresses?

[crazygringo]

There's no other way for it to work. It's like putting yourself on a "do not call" list -- it only works if the list is visible so callers can obey it.

Yes a list exists now of privacy-minded individuals' IP addresses, but I can't imagine what you would do with that, and trying to identify them from it would in itself be illegal probably?

[nahikoa]

There's a few huge differences here from the DNC list.

* Implementation: Access to the DNC list is provided by various carriers for paying customers, with lookups available on a per-number basis. A binary { true, false } response is sent. EDIT: Thank you PaybackTony for the correction. The entire DNC list is also available as a CSV for $$$$.

* Expectations of privacy: Does Maxmind send out a response to those fulfilled complaints stating that their IP address will be made available to anyone on the Internet who registers for an account?

* Hiding in the crowd: How many numbers are in the DNC registry? How many will request a Maxmind opt-out?

Regarding trying to identify them from it would in itself be illegal probably?: maybe. But with all these IP addresses sitting available to anyone on the Internet who bothers to make an account, it doesn't really matter.

[PaybackTony]

This actually isn't true. I build telecommunications software and although individual carriers may offer a binary true or false response to a DNC request, the actual DNC list is a csv of all the numbers in a given region / area code that are on the list. You must pay for access to the list, per area code or you can pay a larger fee for all area codes. From experience, this is why many telemarketers don't obey the DNC list. They want to, but they also don't want to pay the greater than $15k it costs to access all area codes' DNC list. You're also not allowed to resell access to the list in any way, so any service offering a scrub against the national DNC is violating those terms. Most services that say they do that still require you to give them your DNC access info (SAN).

The pay to access part I think is what separates it from the IP Address list here.

[Eikon]

> * Expectations of privacy: Does Maxmind send out a response to those fulfilled complaint stating that their IP address will be made available to anyone on the Internet who registers for an account?

This can’t be otherwise, someone interested by this data would just have to diff databases to check for missing ip adresses.

[nahikoa]

Sure, but do you expect all consumers filing CCPA complaints to understand this? Even the more astute consumers filing complaints probably don't understand that Maxmind provides both flat files and API as a service for IP lookups. They should set expectations here.

Maxmind could be completely transparent here to consumers, for those who don't understand the consequences of requesting a removal using the current implementation:

Thank you for your CCPA request which we have fulfilled. Your IP address has been removed from our databases.

Furthermore, your IP address has been placed on https://www.maxmind.com/en/accounts/do-not-sell-requests for the next month. During this time period, your IP address will be displayed on this page. Of course, no other personal information you provided us will not be included. Please note that no specific privileges are required to access this page, other than an email address to create an account. We have no realistic countermeasures against this, or potentially hostile actors who may regularly archive this page content.

We value your privacy!

Maxmind Ltd

[m463]

> Yes a list exists now of privacy-minded individuals' IP addresses, but I can't imagine what you would do with that.

"We are having a sale on Firewalls and RFID blocker wallets!"

[bullen]

Yes, in this case "security" by obfuscation is the only way to go.

I have a tip for people that don't like to be called by sales people. Buy two simcards, the first should be as anonymous as possible (cashcard or equivalent) then later buy a real subscription one, if you are lucky the subscription one will overwrite the cashcard number in all official indexes and you can use the first in your mobile and the second (that gets all the spam) in a mobile router for internet only.

Works for me and it's a life saver!