Slashdot Mirror

← Back to Stories (view on slashdot.org)

Are There Still Privacy Concerns With IPv6?

Posted by Cliff on from the have-the-problems-been-fixed-yet dept.

Zanguinar asks: "Whatever happened with the privacy issues in IPv6? I recall there being a small uprising by privacy advocates and even this article on Slashdot. However, I don't recall ever hearing more about it. What has the response from IETF and IANA been? Did they do something about it, or just dismiss it as unimportant? I cannot find anything recent (i.e. in the past six months) regarding this. With the news that some companies may soon begin using IPv6, I'm a bit concerned..."

4 of 92 comments (clear)

  1. ipv6 is more private than ipv4 by Anonymous Coward · · Score: 5

    Your concerns are fully addessed by this slashdot article. --Doug Moen

  2. Oh, please... by Millennium · · Score: 5

    The privacy concerns with IPv6 are really no greater than with IPv4. Yes, even with the IP address possibly tied to a MAC address (which, I might add, it does not have to be). Think about it...

    1) Your MAC address is already embedded in every single packet going out of your Ethernet card, no matter what protocol you're using. It's the way Ethernet works.

    2) MAC addresses are handed out to companies or individuals in huge chunks. The body that does this has no way of tracking right down to the user, only to the card manufacturer. If you're really concerned, pay for your NIC with cash and don't register it with the manufacturer.

    3) MAC addresses are configurable with most card/stack combinations. So chances are you can change your MAC at will.

    4) The IPv6 address is not necessarily tied to the MAC address. There are other ways to do it.

    5) If even these aren't enough for you, please remember that services like Anonymizer still exist.

    6) One feature of IPv6 is security. In order for transmissions to be secure, they have to be verifiable for obvious reasons. In other words, if you want to have truly secure communication, you have to give up some measure of privacy, just enough so that you can be verified as the intended recipient. Conversely, you can have private communications if you want them, but in doing so you lose all semblances of security because there's no way to verify who's on the other end. It's a tradeoff; take your pick.

    7) It's an outright fallacy to think your Internet communications are currently truly anonymous. Even under IPv4, you leave a trail of "mouse droppings" wherever you go, and these can be traced straight back to you if the hops in the chain are willing to cooperate (you can foil this by using things like Anonymizer, who won't cooperate, but this will be no different in IPv6).

    So yes, you might say there are potential privacy concerns with IPv6. However, they're no greater than those already in the IPv4 system we've been using for many years, and they're just as easy to circumvent if you truly need the extra measure.
    ----------

  3. Not really. by Inoshiro · · Score: 5

    Users can arbitrarily change the MAC addresses on all modern cards without too much trouble. They might be able to figure out what mfr your NIC card is if you've not changed it, but I don't think we'll be seeing black helicopters descending on your house.

    Besides, a simple ARP request will get a person's MAC if they're on the same subnet (or there is a machine configured to forward packets between two subnets, beyond that). I think this is more an issue of people not having a clearer understanding of what's in their computer, and how it can be (mis)used. Hey, if I know your IP address and have a time, I'm just a subpena away from getting all the information your ISP has on you. Is that a big privacy concern? Not really.
    --

    --
    --
    Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
  4. The MAC address isn't the whole problem. by b1t+r0t · · Score: 4
    Sure, the MAC address is isually a part of your fixed IPv6 block, and it's particularly annoying because MicroShaft likes to use it as a unique identifer which shows up in lots of documents that you create. The default way of creating a IPv6 address includes this, even if you're using a DHCP-like protocol for the high bits (prefix) of the address. (IPv6 customer blocks are planned to be assigned as the first 64-80 bits, with the low bits being assigned by the local machine).

    But even then, the ISPs may go to fixed IPv6 blocks for customers, so changing your Ethernet MAC address won't be enough. They can simply track your entire LAN full of computers through your prefix address.

    Now, there's nothing that says you HAVE to use your MAC address for the low 48 bits, it just has to be unique, and that's (supposed to be) a unique identifier. (Though I have heard tales of runs of Ethernet cards with identical MAC addresses in their PROMs.) But even if you go changing that around, you may still have the same prefix assigned by your ISP every time your connect, and you can be tracked with that.

    So the ISPs still need to provide a DHCP-like protocol to allow you to have a (somewhat) random prefix. But they don't have much incentive to do so, because 80-96 bits is so large, they won't run out of IPs. Right now DHCP and PPP automatic address assignment is so important because IPv4 address space is tight, and if you have a 10-to-1 modem pool, you only need an IP block large enough for your modem pool and your maximum expected number of customers who disconnect their computers when they aren't using them.

    And again, even if they do, your computer could still be using the same MAC address with every prefix. So the MAC address isn't the whole problem, but it seems to be the bigger problem, because it will normally be assigned by the user's machine.

    --

    --
    "Open source is good." - Steve Jobs
    "Open source is evil." - Microsoft