Can really spot someone who has never had to deal with OFAC with a comment like this. Even if I don't necessarily agree with the concept, or who is actually being blocked, my business is dead in the water if I'm a) sent to prison or b) fined out of existence.
Geographic IP information is one of our best tools to defend against those outcomes, and if anything it should be better.
On the other hand, GeoIP is arguably the reason you are in this situation in the first place, i.e., having to use it since it's there and everybody else is doing so as well.
Intentionally ambiguous regulations (in terms of how companies and individuals are expected to comply) backed by the existential threat of huge fines often lead to a race to the bottom in terms of false positives and collateral damage to non-sanctioned users.
If you were serious about limiting who uses your services you'd use an allowlist of ASNs. Even then, what about users using US-based residential proxies?
ASNs can obviously span multiple countries, and aren't a great way to gate this at all. While we block ASNs we KNOW are owned/operated by companies in limited countries, but I couldn't imagine a worse way to approach it at scale. Hate doing it, it's heavy-handed and wrong.
> Even if I don't necessarily agree with the concept, or who is actually being blocked, my business is dead in the water if I'm a) sent to prison or b) fined out of existence.
Is there some specific way we can get the laws like this to be gone? They're obviously useless (witness this very thread of people describing ways for anyone to get around them) and threatening people with destruction for not doing something asinine isn't the sort of thing any decent government should be doing.
Geographic IP information is one of our best tools to defend against those outcomes, and if anything it should be better.