Interesting that the Austrians have fined the continuous use of Google Analytics as violating the European Privacy legislation - GDPR.
It should be an interesting case. Apparently the case will have a profound effect on US Cloud Services.
This has always been something I have always seen both sides on. On the one side, my IP is so I can get to where I want to be, so it should not be used against me. During these times how many of us have simply turned on a VPN and had Google hit us with a captcha just to do a simple search. Or had other sites not allow us entirely? This is uncalled for. On the other side, from a security standpoint, the IP address aides in incident response and finding who or what may have done a bad thing. So where is the line between a company monitoring an IP for security and one that monitors for their own internal benefit?
With the sites that block you for using a simple popular VPN to try to protect yourself don't seem to really care about YOUR security or safety, just theirs! While I do understand how monitoring and blocking certain IP address can seem to reduce a companies attack surface I just believe there has to be far better ways that do not reduce a person's security.
@JKWiniger I would agree with your point of view and perspective.
However, IP addresses can easily be spoofed, masqueraded, so additional measures are required to ensure you are who you state you and that you are actually authorised to have access to that system, web site, data source etc etc.
Perhaps we should introduce identity as a pillar, not just user, but application level too or even device, network level - are they authorised to access the particular system i.e. data, application, server, network etc.
VPNs are also going out of fashion, and being replaced with Secure Access Service Edge, which is based on application requests rather than IP addresses.
If organisations process or control private data, then they must have the appropriate controls in place to ensure a) you are authorised to access it, b) your identity can be proven beyond reasonable doubt - human level, but now we should add additional levels i.e. network, application - no matter where your data exists.
Because we have technology capabilities to fake humans, machines and systems - so we need additional measures to provide increased reassurance.
First, it seems I have let SASE slip by me a bit and now have it on my, more things to learn list. It gets to be a long list and I am realizing I need to reprioritize things on that list!
By current use of a VPN stems more from not wanting my ISP from monitoring where I go. Not long ago I had a conversation with a rep from AT&T and wanted to know why I was required to pay a fee and use their equipment when my equipment was better. I was told so they could better monitor me! Clearly the rep was not very tech savvy because when I mentioned that I run everything through a VPN he thought they could still fully monitor, but I digress.
We need to look more at what is at each end of the connection and forget about what’s in the middle. Should it matter if I connect with my cell phone and it connected through my WiFi opposed to the cell tower?
Kinda lot my train of thought in there. Bottom line, IP addresses and other items are used far less for security reason than they are for tracking and monetization, and that needs to stop.