Slashdot Mirror
Are There Still Privacy Concerns With IPv6?
Zanguinar asks: "Whatever happened with the privacy issues in IPv6? I recall there being a small uprising by privacy advocates and even this article on Slashdot. However, I don't recall ever hearing more about it. What has the response from IETF and IANA been? Did they do something about it, or just dismiss it as unimportant? I cannot find anything recent (i.e. in the past six months) regarding this. With the news that some companies may soon begin using IPv6, I'm a bit concerned..."
Your concerns are fully addessed by this slashdot article. --Doug Moen
The privacy concerns with IPv6 are really no greater than with IPv4. Yes, even with the IP address possibly tied to a MAC address (which, I might add, it does not have to be). Think about it...
1) Your MAC address is already embedded in every single packet going out of your Ethernet card, no matter what protocol you're using. It's the way Ethernet works.
2) MAC addresses are handed out to companies or individuals in huge chunks. The body that does this has no way of tracking right down to the user, only to the card manufacturer. If you're really concerned, pay for your NIC with cash and don't register it with the manufacturer.
3) MAC addresses are configurable with most card/stack combinations. So chances are you can change your MAC at will.
4) The IPv6 address is not necessarily tied to the MAC address. There are other ways to do it.
5) If even these aren't enough for you, please remember that services like Anonymizer still exist.
6) One feature of IPv6 is security. In order for transmissions to be secure, they have to be verifiable for obvious reasons. In other words, if you want to have truly secure communication, you have to give up some measure of privacy, just enough so that you can be verified as the intended recipient. Conversely, you can have private communications if you want them, but in doing so you lose all semblances of security because there's no way to verify who's on the other end. It's a tradeoff; take your pick.
7) It's an outright fallacy to think your Internet communications are currently truly anonymous. Even under IPv4, you leave a trail of "mouse droppings" wherever you go, and these can be traced straight back to you if the hops in the chain are willing to cooperate (you can foil this by using things like Anonymizer, who won't cooperate, but this will be no different in IPv6).
So yes, you might say there are potential privacy concerns with IPv6. However, they're no greater than those already in the IPv4 system we've been using for many years, and they're just as easy to circumvent if you truly need the extra measure.
----------
As the IETF pointed out, this is a optional implementation, but not a requirement of the standard.
--
Why pay for drugs when you can get Linux for free ?
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
Statement on IPv6 Privacy Concerns
--
Why pay for drugs when you can get Linux for free ?
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
I've never heard of 'mac translation', but there's no performance loss when using a mac address other then the one in your cards rom. At initialisation time, the driver basicly loads the mac out of the rom (from the networkcard) and gives it to the little controler-chippy thing on the network card. It can just as easily give it another mac, the procedure is exactly the same. Try:
ifconfig iface ip netmask netmask hw ether mac-addr
This is for linux, I'm not sure freebsd's ifconfig supports setting the mac, it doesn't appear to know the hw param.
What you might be thinking of is a not-so-subtle hack to pretend to have multiple nic's on a single network, where you put the nic in promisc mode, and then do the filtering of incoming packets in software. This is quite a bit slower than doing it in the hardware on the nic, but has the nice sideeffect that you can have as many mac's (and thus give them each an ip, and thus have them appear to be different interfaces) as you want.
I think you're confusing it with multicast, which appears to do some promiscoid stuff... However, If you could give some evidence of your claim... (source linenumbers would be nice).
It was no biggie in the first place; simplys stating that, as an option, a network could choose to use the last 48 bits of their address space by simply using the mac address of the respective computer. Darn good idea, ensures unique space, makes management easier.
Not at all necessary, or required.
That's basically exactly the logic they used. And you can also change your mac easily.
They didn't want your mac to change just because your network card blew up.
Kudos to them.
Land Of The Free.
As I found out when I put another NIC into my Sparcstation 4 (currently doing its job as a firewall/NAT box). I was quite surprised to discover that both NIC in the SPARC -- built-in and the card -- had the same MAC address. I started worrying and hit Google.
It turned out that on SPARCs (at least older ones) the NIC do not have their own MAC address -- they get theirs from the motherboard! So if a machine has two (or more) NICs, they all have the same MAC, which is really a motherboard MAC.
I think the Sun argument was that multiple NICs are likely to find themselves on different (physical) networks, so having the same MAC address for all of them was OK, and it probably saved five cents somewhere.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
I wouldn't worry too much about your MAC address being exposed. There are much better ways to track what people are doing, and to combine the information that is gathered about you.
You can store a unique personal number in somebody's cookie, and use that to track what they are doing. This is especially powerful in combination with big banner ad servers: the ad server reads your cookie, and combines this information with the URL the banner ad was on. This information can even be augmented with data (like your home address) that you fill in on web forms, assuming that the site owner is willing to sell that kind of data. And why wouldn't they?
The banner ad doesn't even have to be visible for this purpose, it can be a 1x1 pixel transparent gif.
Static IP won't be the norm, it's a pain in the ass to manage.
Probably less of a pain, certainly it would be the end of whole ISP's being blacklisted because of a single jerk or spammer.
Check the Internet Draft "Privacy Extensions for Stateless Address Autoconfiguration in IPv6" draft-ietf-ipngwg-addrconf-privacy-03.txt
>Whether you like it or not, everything you do is being monitored anyway. It's just how America works.
I'm not in america, and have no intention to be. luckily, this is not how most of the world works. please don't go stuffing this monitoring down the world's throat just because some american companies may want to. the net doesn't end outside the US.
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
actually, I do give a shit. I don't want a net ruled by companies based on american laws practically written by those same companies. IPv6 will be adopted worldwide, so this is a worldwide issue. discounting certain problems with IPv6 because 'that's how america works' is shortsighted. Or do you want it built in the protocol to inform a government database when you view subversive information, cos that's how <insert favourite tyrannical country> works?
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
>If you aren't willing for it to be YOU saying it in public, then you quite possibly shouldn't be saying it.
unless ofcourse you can get killed for saying what's on your mind. This may not be the case in the US, but anonymity can be really important for political dissidents. If the US is justified in requiring everyone to identify themselves at all times, than so are other governments.
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
Sad to say, neither does monitoring of what you do online. If you think people in your country (whatever it may be) aren't monitoring you.... Well, all I can ask is, "What is the speed of light in the little universe you are in?"
We are all in danger of losing our privacy.
www.eFax.com are spammers
However, most cable modems don't pass your NIC's MAC to the network, rather they pass their ID. It is almost certainly possible for the cable company to track your MAC address, however I've had no luck tracking the MACs of the jackasses who probe my system.
www.eFax.com are spammers
Users can arbitrarily change the MAC addresses on all modern cards without too much trouble. They might be able to figure out what mfr your NIC card is if you've not changed it, but I don't think we'll be seeing black helicopters descending on your house.
Besides, a simple ARP request will get a person's MAC if they're on the same subnet (or there is a machine configured to forward packets between two subnets, beyond that). I think this is more an issue of people not having a clearer understanding of what's in their computer, and how it can be (mis)used. Hey, if I know your IP address and have a time, I'm just a subpena away from getting all the information your ISP has on you. Is that a big privacy concern? Not really.
--
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
There's not really a whole lot you can do about that (Maybe use an anonymizing proxy to hide the originating address.)
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
This is a federally regulated government form. This form must be submitted, in writing, completely filled out, before your newly born child turns one (1) year old.
As technology has become increasingly pervasive in our lives, it is now necessary to apply for a IPv6 address as well as a social security number. Your newly born child's IPv6 address will never be used to track or collect data, nor should it be used for identification purposes. The IPv6 address is there only to guarantee access to the Internet at large.
Please note that an e-mail address in the form of first.middle.lastname.cityname.statename.zipcodena me@usps.com will also be issued with your social security card. (Please note that the address is @usps.com, @usps.org. The US Government is not happy with the .org designation, as it tends to be used less often as the .com designation.)
Thank you for your continued tax payments.
Welcome to the New World Order.
My reality check bounced.
That was the point. :-)
:-)
I was hoping to get a +1 Funny, but..
-- Talonius
My reality check bounced.
Privacy is in the eye of the beholder.
Got Rhinos?
Got Rhinos?
- Buy nothing from any vendor that forces your to use the MAC address option.
- Buy nothing from any vendor that turns the option on by default.
- Buy 4 NICs and switch them once a week, confusing the HELL out those bastards tracking you.
- Fight any proposal to change that option to a requirement.
- Scan the net a bit and use an open proxy server to surf through (obfuscation attack?)
And of course my favorite; wear a latex suit and wrap your head in aluminum. This totally disgueses your actions on the Internet and makes you totally anonymous.PS priacy starts at home, is your phone number listed?
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
I suppose I should just read the old article. ;)
I'm not wrong, I simply said "many people don't use ethernet to connect to the net." And that stands as truth. The majority of casual net users world wide connect through conventional modems.
Ethernet won't last long, anyway. I'd say about another 5-10 years and it'll be almost extinct. IPv6 will still exist, however, and that's where the problem lies; in using mac addresses to form IP addresses.
Anyway, my point is that using hardware as part of a universal protocol is a stupid idea.
You'll find this assumption nowhere in Adam Smith; the perfect competition model basically comes in with Samuelson, or with Debreu and the Lausanne School at a pinch.
Adam Smith was an actual person, who had a very specific view of political economy. He wasn't a minor pagan deity to be invoked in support of any random argument you might care to support with a vaguely free-market flavour.
-- the most controversial site on the Web
actually, you're wrong. More and more people are accessing the internet through ethernet every day.. most of these people come through broadband connections (cable/dsl) and have to use a NIC. I'm sure IPv6 is a while off for the public, but it's never too soon to start worrying.
But even then, the ISPs may go to fixed IPv6 blocks for customers, so changing your Ethernet MAC address won't be enough. They can simply track your entire LAN full of computers through your prefix address.
Now, there's nothing that says you HAVE to use your MAC address for the low 48 bits, it just has to be unique, and that's (supposed to be) a unique identifier. (Though I have heard tales of runs of Ethernet cards with identical MAC addresses in their PROMs.) But even if you go changing that around, you may still have the same prefix assigned by your ISP every time your connect, and you can be tracked with that.
So the ISPs still need to provide a DHCP-like protocol to allow you to have a (somewhat) random prefix. But they don't have much incentive to do so, because 80-96 bits is so large, they won't run out of IPs. Right now DHCP and PPP automatic address assignment is so important because IPv4 address space is tight, and if you have a 10-to-1 modem pool, you only need an IP block large enough for your modem pool and your maximum expected number of customers who disconnect their computers when they aren't using them.
And again, even if they do, your computer could still be using the same MAC address with every prefix. So the MAC address isn't the whole problem, but it seems to be the bigger problem, because it will normally be assigned by the user's machine.
--
"Open source is good." - Steve Jobs
"Open source is evil." - Microsoft
Don't flame, just wanted to make sure that Steve Jobs didn't proprietarize yet another piece of networking. BTW, what exactly does it stand for? (and I never took Networking yet; I learned all I know about TCP through experience. So don't be so arrogant as to criticize the professor of experience; he will smite you someday.)
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
The privacy concerns you are talking about is embeding mac addresses into your ipv6 address something thats entirely optional. there isnt any privacy concerns with ipv6.