Where's All The Outrage About The IPv6 Privacy?

SyntheticTruth writes "It seems the specs for the IPv6 standard use the 48-bit NIC address as part of the unique IP address, which can be used to trace packets back to the user's computer. " The story is asking why people don't seem to care about something which is gonna certainly raise privacy concerns.

MAC Addresses - where they come from

[Dave+Fiddes]

MAC addresses are handed out by the IEEE. They will give you a block of 24 bits of address space for around US$1500.

Like IP addresses there is an area in the address space set aside for private use. It is possible, if not entirely sane, to reconfigure an entire LAN... Don't laugh, I've heard of people doing this! I can't remember the rules off hand though... ;)

Modifying MAC addresses is really simple not matter what age of NIC you have. Most NICs store their MAC address in a small lump of EEPROM on older cards this is just plain old PROM.

When a driver starts up it gets the ethernet address from the PROM and loads it into a set of station address registers in the NIC. There is no obligation for the driver to load the address it gets from EEPROM or even for there to be an EEPROM! This feature is regularly exploited by embedded systems with ethernet which store the MAC address in FLASH or some other multi-use NV storage to save money.

What I'm getting at is that it would be really, really easy(if Linux doen't do it already) to allow users to specify a new ethernet MAC address if they felt paranoid. Given the ratio of address space to LAN size you could even produce random MAC addresses at startup if you were paranoid enough.... Of course there are smarter mechanisms for doing this as other posters have pointed out.

If anyone has a burning desire to have a very small amount of official ethernet address space then drop me a line and I'll see what I can do (HW manufacturers only!)

So what?

[Overt+Coward]

A MAC address is no different in terms of privacy than an IP address. Either can be changed (though people with dynamic IP addresses change their IP address many times more often than they change MAC addresses, if ever). There is no central registry of MAC addresses.

All this does is tie a number that is meaningless to the rest of the world to your IP address. Your IP address already exposes you far more than your MAC address would. The only exception I can see off the top of my head are people who trust a proxy/firewall to protect their identities.

--

Re:So what?

[jonathanclark]

I thought I read that MAC addresses are centrally dispatched (by who?) in large blocks to card producers. So they only thing you could probably do is determine what company makes the ethernet card at the other end. There is no way the card companies could trace a particular card to you unless you bought it directly from them.

However, since you can't really modify MACs, it could be as evidence in court to show who you are. With IPs this is a little harder to do because of the dial-up banks and ISPs are not required by law to keep logs (right?) The use of proxies shouldn't be any different from v4 to v6 because the proxy is not going to reveal your MAC, only it's.

Re:So what?

[SoftwareJanitor]

However, since you can't really modify MACs

Not on devices that ROM it... However, for example, Sun SparcStations (of which I own 3), hold their MAC address in a NVRAM (battery backed CMOS static RAM), which is quite readily modifyable (at least the last 32 bits or so of it is).

I am sure that SparcStations aren't the only networking devices where the MAC address is so easily changed. Even in cases where it is ROMed, there are ways to reprogram EPROMs or burn replacement PROMs for most types of components if they are suitably socketed.

Possible reasons why people don't care

[toast0]

Modems don't have MAC(/ARP?) addresses anyhow

MAC addresses are easy to spoof (example, my cable modem service is tied to the MAC address for the pci nic in my win98 box, because thats what the set it up on, but my linux fw box doesn't have a pci slot, so i just made it think that its outside nic had the same MAC address as the pci nic, it works great.

They don't care because they don't know, this is probably the most likely one.

Why hasn't this been a big deal?

[pridkett]

The reason why this hasn't been that huge of a deal yet is because most people don't always view that as information as part of the address, or because most people didn't know.

I, for one, don't see how such information is going to help route packets that much. Other than allowing EVERY ETHERNIC ON EARTH TO BE ON THE SAME SUBNET. Do we really need this? There really isn't a purpose to that.

Secondly, people only get really angry when they see something in use. Like the P3 security thing people knew about beforehand but didn't get pissed about till afterwards. Same thing with the win98 big brother thing.

Of course we could all take the view of Scott McNealy and just realize we have no privacy. I can take your names or email addresses and go buy tons of information from experian for 10 cents a head. I'd probably be more worried about that.

Besides, just get multiple nics then. You could easily just do something with the one nic, go buy a new one and voila, your info has changed and you can deny you ever had the old one.

Read The RFCs

[jochen]

Using the network card MAC address as part of the IPv6 address is only one way of setting up the global IPv6 addresses (it's unmanaged autoconfiguration used by rtadvd). Alternatives are manual configuration or using DHCP with IPv6 extension.

-- Jochen

Oh, the horror!

[Mr.+Slippery]

Shock! Dismay! Embedded in my network address is...well, my network address. Duh.

I'm no more worried about my MAC address being in a network packet than my IPv4 address. Heck, I could change my MAC address easier than changing my IP - I sure can't change the IP of my PowerMac at the office, and changing my static IP at home would entail pleading to my ISP, but Ethernet cards are cheap.

The author needs a clue.

Privacy article, for article's sake?

[Waav]

Frankly this is not very interesting, and not all that worrisome as explained by most other people who have already posted, so I won't go into the details again.

However, this article makes me think that the guy who's job to write stuff on privacy issues on the net came up empty in the actual real security issues department and said, hey I can still write an article about why people aren't worried about an issue...in other words writing about privacy on a non privacy issue.

He says that the EFF among others has not responded to this latest "privacy threat", perhaps he should have thought for a moment and realized...they aren't responding because there is nothing to respond to.

Re:Ummm

[jochen]

The MAC address being part of the IPv6 address is NOT mandatory. It may just be used for autosetup (just like the MAC address being part of an IPX address, as well). It is never used for routing or address resolutions anywhere. Neighbor solicitation and neighbor advertisements do the resolution in the local network and take over the rule or ARP from IPv4.

-- Jochen

This has been discussed on Technocrat

[Lalo+Martins]

Was on Technocrat.net yesterday. Summary:

• It's an arbitrary value. You may use your MAC address or you may use something else.
• Your MAC address isn't any more sensitive than your IP.
• One of the main points of ipv6 is to give IPs for everyone, so why not? We will already have to rethink a lot of our "privacy" systems. We do a lot of what Perens calls "security trough obscurity"; relying on dynamic IP for "privacy" is in effect treating a bug as a feature.

this guy obviously has a huge chip on his shoulder

[cananian]

...maybe the geeks picked on him for using windoze?

In any case, the article, while obviously inflammatory, is backed up by very little actual fact. The author didn't bother to actually *call up* any of those 'professional privacy advocates' and ask them himself why this wasn't an issue (in other words, didn't do any real journalism) -- he just whined and complained that the people *who with very little pay occupy themselves with protecting _his_ privacy* thought they knew better than he about the implications of IPv6. And WTF:

You would think that the 32-bit address field of IPv4, supporting more than 4 billion unique addresses, would be sufficient to last quite some time. Unfortunately, the cabal that controlled the disposition of these addresses had a habit of handing out large blocks to their friends, who parlayed these into start-ups with multibillion- dollar market caps. Hence, the "shortage."

That's quite a statement to make unsubstantiated. Very poor journalism. And:

The spooks and weirdos in Washington, ever eager to empower the surveillance state as they fight a rear-guard action against strong encryption, must be thrilled with such a gift. They appear so thrilled that the Institute for Information Sciences, heavily funded by the Defense Department, is writing a reference stack for IPv6 that it is quietly hoping to slip into Windows 2000.

Eh? Since when was "heavily funded by the Defense Department" an automatic stamp of badness? Does this guy realize that close to 90% of *all* the academic research in this (American) country is one way or another "funded by the Defense Department"? Heck, *I'm* funded by the defense department. The whole *Internet* was started by and remains to some extent funded by the Defense Department. This is just lazy scare-mongering by some guy who considers his opinions too obviously important to merit support with real facts.

If this guy is serious, he ought to research and back up his claims. Lacking any evidence to the contrary, I'd just as soon agree with the poster directly above, who claims that this NIC ID doesn't make it past the first router and so doesn't matter. That seems far more likely than the worldwide conspiracy that Bill Frezza would have us believe. If Bill can make a better argument, I'll go over to the standards and check for myself, but he has very little credibility in my book at this point.

More on IPv6 and address privacy

[angio]

The author of the "IPv6 Privacy Threat" article failed to consider a few things. As several people have already pointed out, MAC addresses are spoofable and changeable in many circumstances.

More importantly, the IPv6 spec suggests (not mandates) the use of the 48-bit mac address for use as part of a local-use address. The local-use address as defined has only local routability scope - it will not trickle out onto the greater Internet. This was designed to provide an easy bootstrapping mechanism, and for non-Internet connected sites to configure their computers easily. However, the use of the 48-bit mac address is completely optional; it's not an automatically assigned address.

Third, people who connect to the Internet via a DSL or modem connection don't need to worry. In the DSL case, their IP address is the IP address of the DSL modem. Since their IP address is provider assigned, and their DSL modem is provider assigned, there's no difference! A user who dials up via a modem will have an IP address assigned by their provider, just like they do now, and it will have no correlation to the hardware address of anything they own.

For more infromation, Robert M. Hinden has a great article, "IP Next Generation Overview". Alternately, the story posted in the Times a few weeks ago provided a cogent introduction to the reality, not the hype, of IPv6. If you're an RFC type, check out:

• aloni.com's IPv6 resources which include a fairly full list of the IPv6 RFCs.
• Or just look directly at RFC 1887, the IPv6 unicast address allocation document.

IPv6 and privacy

[jd]

Ok, let's take a look at this.

• IPv6 mandates that each port have a unique IP address, that that address be configured by the network in a unique way at the time of connection and any time the network changes, and that that address have a lifetime only marginally longer than the period of time that the topology higher up the heirarchy to that port remain the same.

  (In other words, if you move, your ISP moves, their ISP moves, etc, right up to the backbone itself, you are GUARANTEED a new, unique IP address. You are ALSO GUARANTEED that your old IP address will remain valid, and pointing to you, for a transition period.)

• IPv6 also mandates that IP number clashes should be impossible, irrespective of user activity or mobility, or network topology changes.

  (This is not trivial. Not only does this require that your IP address is unique, when you connect, but that you are given a unique address, should you move, whilst still connected, AND that anyone connecting or moving over to your old ISP at the time you're transitioning will ALSO gain a unique IP address. In other words, they can't be assigned your old address, and you can't be assigned their old address, because that violates the uniqueness during the transition period.)

• The use of the MAC address is an optional, but preferred, way to ensure this uniqueness. There are perfectly viable alternatives. Simply having the router assign a number out of a list wold work. It comes to the same thing, really.

• IPv6 has many more mechanisms for privacy (eg: IPSEC, non-spoofable routers, etc.) than IPv4. The use of the MAC address, even if you opt to use it, doesn't help anyone locate you, or find anything out about you.

• You can remotely ask for the MAC address of a number of devices, anyway, using good old IPv4. Only difference is that you can't restrict who asks.

Other concerns

[silversurf]

If I remember right, the IPv6 spec also includes the capability to assign a portion of the address based on MAC and location(?). Or something to that effect (I could be totally off-base here, I saw a talk about IPv6 that discussed it in that way). Basically the idea being that it makes it much easier for packet to find you and for your packets to route as quick as possible to their destination.

IPv6 is trying to address the problem of "dumb" packets that get shoved willy-nilly through routers as they are shuttled from one place to the next in search of their destination. IPv6 is supposed to provide a "smarter" packet that allows it to take the shortest possible (and quickest) route to/from a destination. All of this being done on a location basis. The MAC address, I believe, is used as a unique identifier to help keep addresses unique.

I noticed a post that stated that there is no "database" for MAC addresses. I don't know if totally believe this. Every manufacturer produces a unique address for each card produced, thus guarenteeing that no repition will occur, especially since routers and switches cache and use the info heavily. So, how do they know who is making what MAC address? Also, a MAC address maybe easy to change, but how many users know how to do that?

I am very concerned about privacy in IPv6. It seems like one big, global user tracking system to me.

my $0.02,

colin.stefani

Re: knowledge = lack of outrage

[anticypher]

I've read the RFCs, and there was no outrage on my part. I've sniffed v6 packets off of ethernet and from frame relay and ATM, with nothing triggering any moral alarms.

The field can be anything, it exists so that a bunch of machines plugged into a hub without a router can route packets to each other. It is also there so a router can make some fast decisions about what needs routing, and what is local.

The EUI field can also contain IPv4 addresses, Novell IPX addresses, OSI NSAP, etc. So anything can be put there, and as long as the u/l bit is switched to local, nobody cares. It is the local router who has to decide how to deal with incoming packets.

the AC

read RFCs 2460 to 2473, and especially 2373. Worry less, read more.

Even in windoze

[anticypher]

Since I'm stuck on a win machine, I went to look. Both on 95 and NT.

In the network control panel, select the card driver, then properties.
Go to the advanced tab, in properties there should be a Network Address. Change it from Not Present to Value, and enter a valid 12 character string, with no colons or dots or spaces.

I think you have to reboot after that. I know this is becoming wider spread because home users on cable systems find they are tied to their original MAC address, and when they swap machines the internet stops working :-) There are lots of how-to for dummies cheat sheets going around for cable subscribers.

the AC

Re:this guy obviously has a huge chip on his shoul

[previous poster noted the journalist's attack on the way IP addresses are allocated by ARIN and formerly InterNIC]

It sounds like the journalist or one of his good friends or family has been screwed by the address allocation policies of ARIN (and previously the InterNIC). I can understand his hate. I'm losing customers now, because I can't get more addresses. I lost a customer in August that would have had 40 offices connected to me via frame relay, because it took me over 6 months to get enough addresses freed-up to handle their machines. MIT and CMU have 16 million addresses each, and I can't get another address so I can connect another dedicated customer or another dialup port. @Home got 24/8, and they only have a couple of thousand customers at the time. His claims are unsubstantiated, but the frustration and hard feelings aren't. Even after writting a $5,000 check to ARIN for a /20, I still don't have one. That's more than I pay myself! ARIN claims they won't assign it because I don't need it. I'm using a /22 from MCI and 4 /23's from another provider. I qualify. I've spend almost 50 hours a week renumbering equipment over the past two years, because I'm having to reclaim blocks. Yesterday, I moved a customer with 29 computers from a 64 address block down to a 32 to free-up half of a class C for a new customer. When my old customer adds two more computers, I'm going to have to renumber them again. It's killing me. Rather than working on finishing my OpenSource ISP billing software, I'm forced to drive-out to customer sites, change router configs, and help change machines (or a single DHCP server, if I'm lucky). It's yet another case, how large businesses use their position and cash to screw-out their smaller competition. And, you complained that the journalist needs to back himself up...

Wasteful? Oh, please.

[Wakko+Warner]

The IPv6 spec calls for 128 bit IP addresses. You know how HUGE that is? "wasting" 48 bits of it amounts to a grain of sand on a seashore, or a blade of grass in your backyard; it's absolutely immaterial. You've still got 2^80 IP addresses to play with -- that's 1,208,925,819,615,000,000,000,000 addresses even AFTER you've used up 48 bits with the MAC address.
Hell, wasting even a few trillion addresses wouldn't mean squat.

Once we start giving a few hundred billion IPs away in every cereal box or package of sports trading cards, I'll be slightly worried.

- A.P.
--

"One World, one Web, one Program" - Microsoft promotional ad

Ignorance of IPv6 is amazing!

[JerseyTom]

I'm disappointed that this article shows a basic lack of understanding about IPv6.

I'm MORE disapointed that all the replies on slashdot show they underestand EVEN LESS ABOUT IPv6 Here's the issue: A host's IPv6 address will be 128-bits long. the last 48 bits are going to be the same as their Ethernet ("MAC") address.

Therefore, if I plug my laptop in at work, it will have one address, and if I plug my laptop in at a Internet Cafe, it will get a different address. However, the last 48 bits of both addresses will be the same.

Someone had the mistaken impression that the entire IPv6 address would stay the same no matter what. That's not true. That would make routing very difficult.

Someone else pointed out that the Ethernet "MAC" address of a host can be changed in software. Yes, that is true for newer NICs. However, the average user will not know how to do that.

So, the big issue is that other people will be able to trace a computer as it moves from network to network. In IPv4 one could trace an IP address back to a particular ISP or company... but then you had to rely on the local admins to break any confidentiality to get to the exact machine.

With IPv6 if you catalog the last 48 bits of all the hosts that connect to you, you will eventually be able to coorelate where hosts are moving.

Is this a requirement of IPv6? Not really. This was done to make host configuration without DHCP possible. (There is a DHCPv6, but it only adds features to the native host configuration "AutoConfig" stuff built into IPv6). A IPv6 stack could choose to pick random numbers instead of using MAC addresses. It would just be a simple matter of programming.

Oh, there is one more point I'd like to debunk. That IPv6 development is U.S. Department of Defense funded. Well, they fund a little of everything, so don't get all worried. Heck, they funded the original IPv1 thru IPv4 development too. So deal.

Half of the MAC is assigned by an authority

In response to the previous comments, the first half of the MAC address is assigned by an authority to hardware manufacturers. There is also a bit in the first half which designates the MAC address as locally assigned or globally assigned. Beyond this, pretty much all cards will allow you the change the MAC address (Hence the local vs globally assigned numbers). This is not an invasion of privacy, since no one can track the specific MAC address to a particular person. * The invasion of privacy is when this part of the IPv6 address is used to track an individual, which is much more effective then tracking IP's, as they are usually dynamicaly assigned *

The author is wrong about IPv6

There is no requirement that the lower 64 bits of an IPv6 address be your EUI-64. It's merely one possible method of generating an address. This columnist should do some research before he writes.