[ipv6hackers] Dynamic prefixes & privacy (was: IPv6 prefix changing)

Markus Reschke madires at theca-tabellaria.de
Tue Mar 13 16:27:15 CET 2012 

On Tue, 13 Mar 2012, Alex List wrote:

Hi!

If I mis-understood you please tell me.

> I think you are both reasoning too much from the perspective of an
> eyeball isp. If you manage your network of course you can track your
> user. But let's think about third-party internet marketing companies.
> Wouldn't it be much easier to them to correlate data if residential
> customers were forced to have the same IP all the time?

Yes and no :-) ISPs got the RADIUS logs. If users got fixed IP addresses 
it's very easy to track them for third parties. If users got dynamic IPv6 
subnets it's not much harder to track them by their IP address. The 
third party just needs to do some mapping of networks, ISPs and locations. 
Might be even a service of another company. There is a lot of geolocation 
data in the Internet freely available. Add the automatic interface address 
and you can identify the user. You're even able to see if the user 
switches the ISP or moves to another area (if it's away far enough - 
access-router-wise). For dynamic IPv4 addresses it's not that simple. The 
marketing company needs to add some of the common webbrowser-based 
methods.

Another problem with dynamic addresses is that a user might keep the 
same address for a longer period of time. Some ISPs enforce a reset of the 
Internet connection every x hours and assign a different IP address. Helps 
a little with privacy. AS3320 does that every 24 hours for example.

Best recommendation for IPv6 to mitigate IP-based tracking, as described 
above, is to use dynamic subnets and IPv6 privacy extensions. Or the DSL 
router could perform some kind of address randomizing (for the interface part).
Otherwise it wouldn't matter much for user tracking if IPv6 subnets are 
fixed or dynamic.

> I find that browsers today are still quite dumb in terms of privacy
> [1], but I hope that more and more people will care about it [2][3]. A

In the case of dynamic IPv6 subnets any privacy features would only 
mitigate browser-based tracking, but IPv6 provides enough entropy to track 
users without considering any super cookies, browser and plugin details 
or whatever.

> long term static IP addresses would make the use of proxies a must.
> Maybe the problem of such discussions is that we tend to think that
> one option would exclude the other. I'd rather have multi-prefix
> networks with more intelligent applications that understand what to do
> when connected to various networks simultaneously. This seems to be an
> extremely hard task though.

You're right! There's no simple black-or-white situation. But we 
should consider the average user Joe with his DSL connection most. He 
doesn't know of IPv6 privacy extensions. So maybe the DSL router should do 
the job.

Regards
  Markus
-- 
/ Markus Reschke \ / madires at theca-tabellaria.de \ / FidoNet 2:244/1661 \
\                / \                             / \                    /

More information about the Ipv6hackers mailing list