There's a few huge differences here from the DNC list.

* Implementation: Access to the DNC list is provided by various carriers for paying customers, with lookups available on a per-number basis. A binary { true, false } response is sent. EDIT: Thank you PaybackTony for the correction. The entire DNC list is also available as a CSV for $$$$.

* Expectations of privacy: Does Maxmind send out a response to those fulfilled complaints stating that their IP address will be made available to anyone on the Internet who registers for an account?

* Hiding in the crowd: How many numbers are in the DNC registry? How many will request a Maxmind opt-out?

Regarding trying to identify them from it would in itself be illegal probably?: maybe. But with all these IP addresses sitting available to anyone on the Internet who bothers to make an account, it doesn't really matter.

This actually isn't true. I build telecommunications software and although individual carriers may offer a binary true or false response to a DNC request, the actual DNC list is a csv of all the numbers in a given region / area code that are on the list. You must pay for access to the list, per area code or you can pay a larger fee for all area codes. From experience, this is why many telemarketers don't obey the DNC list. They want to, but they also don't want to pay the greater than $15k it costs to access all area codes' DNC list. You're also not allowed to resell access to the list in any way, so any service offering a scrub against the national DNC is violating those terms. Most services that say they do that still require you to give them your DNC access info (SAN).

The pay to access part I think is what separates it from the IP Address list here.

> * Expectations of privacy: Does Maxmind send out a response to those fulfilled complaint stating that their IP address will be made available to anyone on the Internet who registers for an account?

This can’t be otherwise, someone interested by this data would just have to diff databases to check for missing ip adresses.

Sure, but do you expect all consumers filing CCPA complaints to understand this? Even the more astute consumers filing complaints probably don't understand that Maxmind provides both flat files and API as a service for IP lookups. They should set expectations here.

Maxmind could be completely transparent here to consumers, for those who don't understand the consequences of requesting a removal using the current implementation:

Thank you for your CCPA request which we have fulfilled. Your IP address has been removed from our databases.

Furthermore, your IP address has been placed on https://www.maxmind.com/en/accounts/do-not-sell-requests for the next month. During this time period, your IP address will be displayed on this page. Of course, no other personal information you provided us will not be included. Please note that no specific privileges are required to access this page, other than an email address to create an account. We have no realistic countermeasures against this, or potentially hostile actors who may regularly archive this page content.

We value your privacy!

Maxmind Ltd

> Yes a list exists now of privacy-minded individuals' IP addresses, but I can't imagine what you would do with that.

"We are having a sale on Firewalls and RFID blocker wallets!"