Everything PyPI has should be public

Posted May 25, 2023 13:33 UTC (Thu) by farnz (subscriber, #17727)
In reply to: Everything PyPI has should be public by atnot
Parent article: PyPI was subpoenaed

It was intentional, although IPv6 privacy extensions can't go far enough, because it'd be ideal to rotate not just the lower 64 bits of my identifier, but instead the whole thing, so that knowing that you had a connection from 2001:db8:1:2:3:4:5:6 doesn't tell you anything about who I am, not even roughly where on the planet I am.

This is, of course, impractical, because if you don't know where I am, how do you route back to me via the most efficient route? That said, if you care that much about privacy, you'd be using something like Tor to obfuscate your location completely.