[ipv6hackers] Dynamic prefixes & privacy (was: IPv6 prefix changing)

Markus Reschke madires at theca-tabellaria.de
Fri Mar 16 12:48:42 CET 2012

On Fri, 16 Mar 2012, Alex List wrote:

Hi Alex!

>> Not exactly, but yes. IPv6 privacy extensions alone would be sufficient to
>> make IP based tracking a lot harder and too inaccurate for the marketing
>> company.

> Due to the /64 bits left I don't agree, but from the discussion so far

For dynamic prefixes:
The 64 bits of the interface address is "randomized" by privacy extensions 
and the other 64 bits tell us your ISP and your area. That's not much 
data. The marketing company needs additional sources to be able to track 

For fixed IPv6 prefixes:
You would get a nice whois entry in the RIPE database :-) I haven't 
checked it yet for IPv6, but there's some lower limit you don't need to 
add the assignment. Any specific number known?

> I understand that:
> - there is indeed no point in using dynamic prefixes for privacy if
> they were deterministic
> - random prefix assignments scary many people

Maybe, but it's technically not feasable to randomize prefixes for a whole 
ISP network. It would kill the IGP. You could do it for a small user base. 
Each user would cause a dynamic route. At some point the amount of 
dynamic routes is too large to handle and the routing will brake down.

> But wait, aren't ULA prefixes random? If CGNs were here to stay[1],
> why couldn't they provide a "network layer privacy" [2] service? If
> they claim to be so good at NATPT44, NPTv6 should be a piece of cake.

Just half of them :-) But CGN wouldn't help. Since the access routers 
would perform CGN we have the same prefixes. So we know your ISP and area 

/ Markus Reschke \ / madires at theca-tabellaria.de \ / FidoNet 2:244/1661 \
\                / \                             / \                    /

More information about the Ipv6hackers mailing list