> The first thing I would do is look outside to collect information on who in outside thereby infringing their privacy.
Looking at someone doesn't infringe on their privacy. Taking a picture of that someone and storing it in a permanent fashion, might. To prevent abuse/DOS you only need to do the first (which does not constitute "surveillance" or loss of privacy), not the second.
> Recording people's IPs is definitely surveillance.
It's not surveillance if you are not tracking anything else other than IPs (i.e. no other behavioural data associated to it).
Either way, you still have not provided an example where surveillance is required to prevent abuse: I can simply store hashes of "bad IPs" (or ASNs) to blacklist... no need to store any information that could lead to an actual person (like an actual IP address).
Looking at someone doesn't infringe on their privacy. Taking a picture of that someone and storing it in a permanent fashion, might. To prevent abuse/DOS you only need to do the first (which does not constitute "surveillance" or loss of privacy), not the second.
> Recording people's IPs is definitely surveillance.
It's not surveillance if you are not tracking anything else other than IPs (i.e. no other behavioural data associated to it).
Either way, you still have not provided an example where surveillance is required to prevent abuse: I can simply store hashes of "bad IPs" (or ASNs) to blacklist... no need to store any information that could lead to an actual person (like an actual IP address).