IP obfuscation popularity undermines privacy compliance strategies

Not only has compliance become more precarious as privacy laws recognize internet protocol addresses as personal data, but the growing use of IP obfuscation tools is also undermining privacy compliance strategies and making opt-out mechanisms and geoblocking nearly obsolete.

IP obfuscation entails concealing a user's IP address and associated geographic location. It can be done through three basic techniques: Proxy servers, Tor networks and virtual private networks.

The solution may be implementing user verification controls before serving geo-based privacy notices and consent mechanisms — similar to age verification controls used to comply with laws to protect children.

However, while user verification controls may support privacy compliance, they could also create a privacy paradox, shifting the noncompliance blame from website operators, online services providers or even artificial intelligence developers to users, while also undermining culpability of dangerous content and technology.

How IP obfuscation technologies work

Proxy servers are intermediaries between a device and the internet, which forward requests and receive responses on behalf of the user, effectively hiding their true IP. Tor is a free, open-source, decentralized network that routes internet traffic through a global network of volunteer-operated servers, making it extremely difficult to trace back to the actual user. VPNs create a secure, encrypted connection between a device and VPN server and reroute internet traffic through that server.