[ipv6hackers] Dynamic prefixes & privacy (was: IPv6 prefix changing)

Tue Mar 13 09:12:32 CET 2012

I think you are both reasoning too much from the perspective of an
eyeball isp. If you manage your network of course you can track your
user. But let's think about third-party internet marketing companies.
Wouldn't it be much easier to them to correlate data if residential
customers were forced to have the same IP all the time?

I find that browsers today are still quite dumb in terms of privacy
[1], but I hope that more and more people will care about it [2][3]. A
long term static IP addresses would make the use of proxies a must.
Maybe the problem of such discussions is that we tend to think that
one option would exclude the other. I'd rather have multi-prefix
networks with more intelligent applications that understand what to do
when connected to various networks simultaneously. This seems to be an
extremely hard task though.

Refs:
[1] http://collusion.toolness.org/
[2] https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
[3] http://donottrack.us/

2012/3/12 Owen DeLong <owend at he.net>:
>
> On Mar 12, 2012, at 8:09 AM, Markus Reschke wrote:
>
>> On Mon, 12 Mar 2012, Owen DeLong wrote:
>>
>> Hi!
>>
>>> The fixed identifier for [2] is present regardless of the nature of the prefix
>>> assigned to the end user. The upstream connection address is likely at least
>>> persistent if not static over long enough intervals to be a traceable
>>> identifier that the end user cannot influence.
>>
>> In the common design all DSL customers in an area are connected to a single regional access router. For simple routing that access router has
>> fixed subnets for the customers (IP addresses are assigned dynamically out of those subnets). That way you can learn which subnets belong to which geographic area. If, in case of IPv6, a subnet is assigned to the customer, and if you take the MAC-based automatic interface addresses into account, you'll get a very nice solution to track users just by the "not so dynamic" IP address. Fortunately the office for data privacy knows about privacy extensions. They're not completely clueless :-)
>>
>
> Yes, the addresses within that subnet for a geographic area are technically dynamic. However, reality is that they are actually persistent over long enough periods of time as to be effectively static for tracking purposes.
>
> Privacy extensions only modify the suffix. They do nothing to anonymize the prefix. and they don't meaningfully apply to the provider-facing address on the home gateway (the CPE router which connects to the provider's network).
>
>>> Rotating the customer prefix can only create an illusion of increased privacy
>>> while not providing any actual increase in privacy. Allowing the user to choose
>>> to provide such an illusion or not is, I suppose, a form of self-determination,
>>> but, I'm not sure I understand the value.
>>
>> Yep! The big problem is misunderstanding. Even in this mailing list one can read weird comments regarding the current thread about the German data privacy law. Politicians don't understand technology, people too but they trust media, most media is absolutely clueless and IT experts talk IT-glibberish others don't understand. We say that x is a security nightmare, officials try to enforce some kind of mitigation and the user thinks everything's fine. Nice, isn't it?
>>
>
> Not so much, no.
>
> Owen
>
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers