[ipv6hackers] Dynamic prefixes & privacy (was: IPv6 prefix changing)

[Markus Reschke]

On Mon, 12 Mar 2012, Owen DeLong wrote:

Hi!

> The fixed identifier for [2] is present regardless of the nature of the prefix
> assigned to the end user. The upstream connection address is likely at least
> persistent if not static over long enough intervals to be a traceable
> identifier that the end user cannot influence.

In the common design all DSL customers in an area are connected to a 
single regional access router. For simple routing that access router has
fixed subnets for the customers (IP addresses are assigned dynamically out 
of those subnets). That way you can learn which subnets belong to which 
geographic area. If, in case of IPv6, a subnet is assigned to the 
customer, and if you take the MAC-based automatic interface addresses into 
account, you'll get a very nice solution to track users just by 
the "not so dynamic" IP address. Fortunately the office for data privacy 
knows about privacy extensions. They're not completely clueless :-)

> Rotating the customer prefix can only create an illusion of increased privacy
> while not providing any actual increase in privacy. Allowing the user to choose
> to provide such an illusion or not is, I suppose, a form of self-determination,
> but, I'm not sure I understand the value.

Yep! The big problem is misunderstanding. Even in this mailing list one 
can read weird comments regarding the current thread about the German data 
privacy law. Politicians don't understand technology, people too but 
they trust media, most media is absolutely clueless and IT experts talk 
IT-glibberish others don't understand. We say that x is a security 
nightmare, officials try to enforce some kind of mitigation and the user 
thinks everything's fine. Nice, isn't it?

Regards
  Markus
-- 
/ Markus Reschke \ / madires at theca-tabellaria.de \ / FidoNet 2:244/1661 \
\                / \                             / \                    /