Ethics and privacy in IP intelligence

What an IP-intelligence service should and shouldn't do

What IPLogs concretely does

• No signup, no API key. The detection endpoint is fully unauthenticated. There is no way for IPLogs to attribute a check to a customer because the design avoids the data collection that would make that possible.
• Transient logs only. Request logs exist for abuse detection and rotate automatically. No persistent database of individual lookups, no tracking cookies, no advertising integrations, no third-party analytics. The full statement is in /privacy.
• Per-signal provenance in every response. The API returns a typed Signal[]array showing every feed and probe that matched, with weights and human-readable detail strings. There is no single opaque risk score that can't be audited.
• Published false-positive rate. /accuracy documents the ground-truth methodology and the measured error rates. Any vendor that won't share an error rate against a labelled corpus is asking you to trust a number you cannot audit.
• Apple Private Relay and Cloudflare WARP are separate categories. Both are mainstream privacy products used by ordinary consumers. Treating them as commercial VPN exits would punish real users; the API emits them as their own signal types so your policy can apply different rules.
• CC-BY 4.0 datasets at /tools. The aggregated VPN-provider, datacenter, and Tor-exit datasets are public under CC-BY 4.0. The intent is that other detection projects can use the same ground truth and audit the source data.

The legitimate privacy critique

Privacy-rights organisations like the Electronic Frontier Foundation, Access Now, and Article 19 have published serious critiques of IP-detection-as-compliance, particularly when laws require sites to verify a user's physical location even when the user is on a VPN. The critiques are correct in substance:

• IP detection is probabilistic, not authoritative. Using it as a legal determination is a category error.
• Blanket VPN blocks disproportionately harm privacy-conscious users, journalists, activists, people in censored regions, and ordinary travellers — none of whom are the population the rule was probably written for.
• IP intelligence in the hands of bad actors (state actors, stalkers, employers exceeding their authority) creates harm that the same data in a fraud-prevention context does not.

The honest answer is to use detection where it helps (fraud prevention, payment risk, signup abuse), refuse to use it where it harms (identity verification, blanket country bans, surveilling specific users), and choose tooling that exposes its work so both kinds of use are visible to the operator and to the user.

Practical rules for fraud teams

• Block writes, allow reads. Block high-risk actions (signup, payment, KYC, withdrawal, admin) on a confirmed VPN. Step up auth on weaker signals. Leave read traffic open. The full pattern is in /guides/block-vpn-traffic.
• Always provide a dispute path. Tell users a connection looked anonymized and give them a way to contact support. False positives are inevitable; the cost of one is much lower if the user can ask a human to look at it.
• Log decisions, not just inputs. Record which verdict produced which action so an auditor (or your future self) can reason about edge cases. If you only store the raw IPLogs response, you can re-derive what happened; if you only store “blocked,” you can't.
• Don't use IP detection as identity or age verification. It can't be either. A real identity-verification provider (document-based or credit-bureau-based) is a different product category. See the regulations overview for the framing.

FAQ