[tor-dev] Proposal: Check Maxmind GeoIP DB before distributing
irl at torproject.org
Sun Jul 1 14:54:11 UTC 2018
On 30/06/18 12:53, Jaskaran Singh wrote:
> 0. Motivation and Overview
> We're using Maxmind's (company registered in the US) GeoIP Database,
> which is not just antithetical to the philosophy that one should not
> totally rely on a service/software for all needs, but has some serious
> security repercussions too.
I would love to see a full list of all the places we currently use this
database and what security consequences could be.
Relevant tickets to this discussion that you may want to read have the
keyword "metrics-geoip" in trac.
Also, you may be interested in karsten's comment on #22203 where we talk
about downloading signed GeoIP files from the dirauths instead of
shipping them in the distribution.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the tor-dev