[ipv6hackers] IPv6 prefix changing
Owen DeLong
owend at he.net
Fri Mar 9 19:30:23 CET 2012
On Mar 8, 2012, at 7:17 AM, The Fungi wrote:
> On 2012-03-08 10:44:55 -0200 (-0200), Carlos Martinez-Cagnazzo wrote:
>> Ppl get tracked anyways, regardless of dynamic assignments.
>
> In fact, I worked for a marketing intelligence company 12+ years ago
> which did precisely that... using rackmount Linux servers running
> homemade HTTP URL sniffer software colocated at hundreds of partner
> ISPs worldwide. We captured RADIUS traffic to the ISP's
> authentication servers to identify each individual account so we
> could keep track of what IP address the user was assigned for that
> session.
>
> Sounds a bit big-brother on the surface, but the user IDs were put
> through a one-way hash immediately and then scrubbed from the drives
> as soon as the data was transferred, PII was automatically redacted
> from URLs before it was ever recorded, and the machines themselves
> were as thoroughly hardened as we could manage. An independent
> third-party did the account to mailing address correlation and then
> generalized it to census block areas before returning a mapping of
> that and the one-way hash of the account. In the end all we could
> say was that a unique user in some particular neighborhood had
> browsed to specific sites and in a defined order. That data was
> further combined and distilled down through statistical analysis,
> and then the original mappings were even discarded so that if law
> enforcement came asking for "help" there was nothing we could really
> provide them. We were careful and put a lot of effort into
> maintaining end user privacy, but I strongly suspect that many of
> our competitors did not.
>
> My point being, not only do dynamic IP addresses currently provide
> no protection whatsoever against being tracked, they never really
> did.
Of course the bigger question in all of this is the ethical problem with
all of those partner ISPs giving you access to those RADIUS transactions
and the user's flow data to begin with.
Owen
More information about the Ipv6hackers
mailing list