Slashdot Mirror
Statement on IPv6 Privacy Concerns
angio writes "As a followup to the IPv6 privacy concerns
(discussed in
this slashdot news item), the IANA has released a
statement addressing these concerns. Their major point follows
the objections slashdotters raised, that is, that IPv6 does not require
divulging the hadware address. Good to read. "
I have to argue with you when you say that IPv4 doesn't leave a paper trail. IPs are registered to ISPs and even if you're on a dialup with dynamic IP, all (smart) ISPs keep logs of authentication which almost always included the IP you logged in with and the times you were on. If one ISP needs to find what user was doing what with X.X.X.X IP, all they have to do is ask the user's ISP and they can find out.
MAC addresses are only registered in blocks to manufacturers and as such, are much more difficult to trace back to you. That's not to say that ad agencies can't track a MAC address from site to site but they can't say 'This MAC address belongs to Joe Schmoe' unless you tell them you're Joe Schmoe.
I think the primary question everyone should be asking themselves is:
Even if IPv6 is as horrible as the most skeptical, paranoid, privacy-centric folks think it must be, how could it possibly be any worse than IPv4?
The answer is (get ready for this, cause it's a huge surprise): it couldn't be. Under IPv4, it's simple to find out the geographical location of every web surfer as well as what ISP you should contact should they be doing anything bad. If they have a static IP or they have cookies enabled, it's also simple to tell if they come to your site often. All of these can be bypassed (disabling cookies and changing your MAC address), as most of the world is aware.
Even under the guise of part of your IP address being "randomly generated," it's still traceable directly back to your ISP, for all intents and purposes.
In other words, what on earth is anyone worried about? I see comments like "Well, it sounds good, but is it really?" and "Be careful.. 128 bits is a lot of IPs.. the government must be spying on us," (among others which have no real logical basis and leave me wondering why the poster is imparting his lack of knowledge upon us).
For those of you who aren't aware, the IETF is a highly respectable organization. If you can trust them with the responsibility of making every other protocol you touch, then surely this one isn't too much of a leap. The last thing you have to worry about is that they would intentionally deceive you into adopting some sort of covertly anti-privacy concept (don't think for a second I'm asserting that everything that the IETF produces is perfect.. merely that they're honest and have genuinely good-karma-filled intentions).
RFC 1918 reserves certain subnets that aren't routable over the public Internet. If you use them, you can set up a masquerading gateway without needing a second NIC (if you can set up two routes over the same interface). I'll grant that a separate segment for your subnet is more efficient and secure, especially if your end of the DSL/cable connection is promiscuous - all your subnet's traffic will otherwise be forwarded to the nearest router and then dropped.
Gaah! Where did my go? Sorry, all.
That is the reason that it was included as part of GUIDs and UUIDs by Microsoft and many other software developers. It wasn't a global conspiracy to track computer usage.
A 64 bit random number would work for IPV6, the trick is generating it. Linux has /dev/random but it might be more difficult on other operating systems.
Mea navis aericumbens anguillis abundat
Let's say your MAC address is part of your IP address, as IPv6 will have. You go to a website that asks for your name and other personal information. They put your MAC address in a big file along with all your other information and start selling it off to tons of other sites. All of a sudden the entire corporate, privacy un-trusted internet knows who you are without you even telling them.
IPv6 addresses will also be assigned in blocks, no? Even if that one part of your address can only be traced to your card manufacturer, your entire IP can still be traced back to you through your ISP, whether it's IPv4 or 6. Only this way, since MAC addresses are globally unique in the hardware, the FBI comes and confiscates your computer, notices your MAC is the same as who they're looking for, and they have irrefutable evidence that they are who they say you are. Some might say this is a good thing, but even if it were, the first part isnt worth the advantages of the second.
72656B636148206C72655020726568746F6E41207473754A
Why I would NOT want a Static IP is not just to stop the marketdroids, but to stop Nukers, Jerks and other types of 'crackerz' which would be able to hassle me and tell when I was online _VERY_ easily if I had a static IP address.
This is why I do not want to be forced to take a static address. I have been attacked a number of times online and people have grudges against me. Being forced to have static IP's is my idea of a nightmare.
At least I know at the moment I can just reconnect to the internet to be able to get a new IP and foil those who would want to hassle me.
I got 3Com's latest revision of their fast ethernet card today. Does anyone know if it supports IPv6?
Why do they do it that way? You can set the MAC address on most (if not all) cards to any value, because the ethernet chip has settable registers for it that are to be loaded from a ROM or EEPROM on the card by the initialisation part of the driver. Nothing prevents you from loading something else than the content of the ROM at that point.
Just configure your browser to use a webproxy and they won't know your IP address. Only the address of the proxy, which can be anywhere.
You can't see my hardware address unless you are on the same physical network as I am, which you aren't. All you can see is that my address is 192.168.7.122. Knowing my IP address doesn't tell you a thing about my hardware address.
With v6 autoconfiguration, *anyone* who knows my IPv6 address can look at the last 48ish bits of the address and tell what my hardware address is. And *that* is what worries some people.
Really, I don't see it as that big an issue, since autoconfiguration is (and always has been) optional. I understand what others are worried about, but I guess I'm just a little less paranoid.
True, but on a busy subnet, I'd really prefer not having to do that, since as someone else pointed out it normally puts the NIC in promiscuous mode. If you could tell the NIC to respond to more than one MAC though....
I'm assuming "hadware" is hardware installed in Boston.
YOU CAN ACTUALLY CHANGE IT. I'm tired of the FUD on slashdot. You've got the soure. Look: Linux NEVER changes MAC by using PROMISC. Almost ALL cards can be really changed by the driver, the few that can't: They can't be changed at all under linux.
I'm obviously missing something here - if a random number is used as part of the address, how do other computers locate the computer at that adrress?
God does not play dice - Einstein
Not only does God play dice, he sometimes throws them where they
I'm not sure exactly what you're asking, but you'd probably find the answer if you'd read the farking article. They state that you can assign a fixed IP to a machine. If you're reffering to how do packets get back to your machine (ie, when you request a web page), then it works the same way as today; you send your address as part of the request.
Yes, assuming you are using an operating system and a new nic that supports it, you can change it.
:)
For the fun of it set it to 00:DE:AD:00:BE:EF
OFTC: By the community, for the community
An Internet device that is intended to be a target of communication initiated by other devices must have a unique IP address that is stable over a relatively long period of time, just like anyone wishing to receive telephone calls must have a unique and stable telephone number, and anyone wishing to receive postal mail delivery must have a unique and stable postal address. The presence of unique, factory-assigned serial numbers on common LAN adapters, such as Ethernet adaptors, makes it possible to reliably generate unique, stable IPv6 addresses for such devices, without requiring either manual configuration or separate address-assignment servers.
This is a neat feature, but my question is this: what happens if the NIC that you were using dies? Can you continue to use the same serial # based address with a new NIC?
If somebody can answer this to get it out of the way, I'm just posting it to be thorough and polite:
There is much use of the words "not required." Does this mean that the specs and standards don't require hardware IPv6 addresses to be transmitted, but allow it? Or does it mean that the specs and standards require the system to not require the hardware addresses? Could somebody design or build something to take advantage of hardware addresses, despite the specs and standards?
Somebody's got to ask the stupid questions, for the masses, you know.
-- "So far, I have not found the science" -Soul Coughing
It's almost like the author of this article _actually_reads_ this forum.
I have to say that this is one of the reasons that I like slashdot. It's a meritocracy of ideas, because the people who often best understand a technology are on hand to help explain it to those in another area of expertise. The amount of (unintentional) misinformation floating around here is uncharacteristic of the forum.
Rob, you rock. And if nobody's said that lately, it's never because you've been taken for granted...
Check my Go-related blog for beginners: DGD
i said it before, i'll say it again.
Compliments of the linux.com tuning guide :
On a related note, you can also have your card use a different MAC address
ifconfig eth1 hw ether deadbeef0001
(this needs do be done while the card is down for obvious reasons)
now your card will answer all arp requests with DE:AD:BE:EF:00:01.
Note:
The kernel performs this trick on most cards by setting the card into promiscous mode and using software to filter out all MACs that
aren't yours which stands to reason it would be slightly slower than just using your real MAC.
this IETF statement smells a little too much like the kind of letter a telco sends when it's rais^W giving you a discount. the fact that the IETF isn't requiring a unique identifier isn't very comforting: they could just as easily recommend - which goes a long way - that no packets carry a persistent identifier other than an IP address. let vendors and sysadmins build in optional peristent IDs for those who want them or situations where they're needed.
the vast majority of traffic on the net involves this statement's second category, "less trusted targets," and that proportion will only grow over time, to the point where implicitly trusted traffic is a barely expressible nanopercentage. if in fact the IETF is interested in articulating a structure that will reflect those plain facts, then they should skip this kind of condescending "explanation," with it's "there's two situations" stuff, and base their analysis on the actual directions in which the net is developing.
IPv6 offers a chance to develop a protocol that will allow the net to develop into a field for truly open, random, and free social engagement - or to become a tool for systematic surveillance by those in a position to do so. and note well: encouraging persistent, unique IDs will put a lot of people in a position to do so.
we'll see what the IETF decides on this - and on the question of whether "the IETF [should] develop new protocols or modify existing protocols to support mechanisms whose primary purpose is to support wiretapping or other law enforcement activities."
Two corrections: I probably could see your address. With the number of routers/hosts with public as the SNMP read only string, It's usually quite easy to get a MAC. There are other methods of autoconf in v6.
It seems to me that people want both privacy and security . No one can talk to you unless you reveal your address to them. It's that simple. What people really want is anonymity. This can/should only be done through trusted third parties. How many third parties can you trust -- not many if any at all.
In order for there to be security on the internet, we must be able to verify who sent a packet and that requires knowing the address sending it. Which do we want? I vote for security. You can also use tunnels to hide networks (and therefore addresses) behind edge devices like VPNs.
matt
cards like the eepro100's which have bugged multicast filters. (and a maker who wont tell the Linux driver author how to work around the bug so that multicast traffic doesnt panic the computer)
I can see your HW address right now with IPv4. So why are you getting so upset?
Most of you have no clue what "FUD" means. You just see other people using it and think it's a nifty cool Linux hacker buzz-word that other people don't know. Just because somebody doesn't know that the MAC address can be changed in many ethernet cards doesn't mean he's trying to spread "fear, uncertainty and doubt" about Linux.
Joy, another "Big Brother" reference.
Contrary to what you seem to think, not every Internet host is owned/used by a dialup user. Things like routers, web servers and people that secretly know their IP address isn't being cross-referenced in some database along with their sexual orientation, want and in many cases require their IP address to be static.
Now, to generate these static IP addresses, the IPv6 address specification says that there's this huge link identifier part of the address that conveniently is able to hold a MAC address, thus instantly guaranteeing a unique IP address on the local subnet (where it needs to be unique). No administration headaches involved.
OBVIOUSLY this will not be the best solution for all IPv6 hosts. There are reasons certain IP addresses would need to remain unique, such as in the event of a machine upgrade (swap-out) where the IP address is important (such as a name server).
An "Internet cafe" does not need cryptographically-secure random link ID's for each of its machines. MAC addresses would work perfectly with a minimum of administration.
The people responsible for implementing IPv6 are not idiot buffoons. They tend to be highly educated network and electrical engineers. No offense to you, but I really think they're smart enough to figure out how to implement IPv6 on their own. I sincerely doubt they've all been reading the IPv6 spec and saying to themselves, "well err durrh.. it sez mac address so let's use mac address!" If you're really concerned that vendors are going to implement IPv6 in this fashion, perhaps you should write them a letter and ask them.
Nowhere in the IPv6 specification does it say, "All users must have a static IP address."
Just like in IPv4, this is ENTIRELY UP TO YOUR ISP. The growth of IPv6 address space merely makes it easy for your ISP to use a static IP address should they so desire. If you don't want one, let your ISP know that static vs dynamic IP addressing is a factor in your decision to continue doing business with them.
Of course, the alternative to keep people from performing their various DoS attacks on you is not to try and flex your IRC penis and piss people off, but hey...
If your NIC dies, and you need to put in another one, you're going to need to restart the machine anyways, so the only reason you'd even need the same persistent IP is if the machine itself were a server.
In that case, just manually set up your IP address so that it's the same as the old one. No MAC modifications necessary. Remember: the MAC address suggestion was just meant to be an easy method for obtaining a link identifier that didn't require manual intervention. If your machine is acting as a server, you'd probably want a manually specified IP address regardless.
There's this common protocol called IPX. It uses MAC addresses as part of the logical addressing. I hear no outpours of protest.
Either way, why does it matter? Its easier to trace an IP address than MAC address. IPs are registered with your ISP, while MAC addresses are reigistered with the manufacturer: all they know is that your NIC is made by Novell or Cisco. And anyway, a few minutes and a large hammer will elimate all proof of a MAC address. Try doing that with an IP!
Peter Pawlowski
The kinds of things which IPv6 was created to do can be achieved without referencing any kind of unique number that can be tied to a specific computer. The only way to truly achieve privacy is to make certain that addresses cannot be directly traced back to a host without going through a virtual "paper trail." IPv4 can do this, therefore IPv6 must be able to before it can be trusted as a viable Internet protocol.
In other words, all references to a MAC address need to be removed from the IPv6 standard, at least as pertains to network addressing. This can be done, despite what the IANA would have us believe. Verification of the origin of a packet/message/whatever can also be done without resorting to MAC addresses, so it's still possible to have both privacy and security, without letting Big Brother get in the way.
The old standard used 4 bytes, the new standard 128. They said: What to do with all those extras....Why not have one option of sticking the 8 or so Ethernet ID bytes into the end? There's room!
They have dreamed up a number of different options for using the 128 bytes and this is only one.
Because Ethernet card IDs are pretty well unique, this is a 'fingerprint' to one's machine. Part of the Ethernet address is the Vendor ID, part (presumably) is the type of card, then serial number.
The issue is not the option of using it, the issue is that the *capability* exists. It is then possible for some governing body to mandate its use.
That isn't likely in North America or Europe, But in other states which are uneasy with internet related freedoms and privacy, it is much more likely--and dangerous.
Cheers All!
Bobzibub.
'Nobody here's stupid Bob!'
IPv4: 32-bit (4 bytes) address
IPv6: 128-bit (16 bytes) address
Ethernet: 48-bit (6 bytes) address
This is frivolous, but:
I suspected that I knew the answers to my questions, but I actually picked up some well described technical stuff that I didn't know! Rad!
This goes to the other people who replied as well.
I'd moderate all of your answers up as interesting, if I could.
-- "So far, I have not found the science" -Soul Coughing
Given the complexity of IPv6 addresses anyways, DNS will probably play a greater role under IPv6 than IPv4, where static IP's were common. If an IP address changes every few weeks, it's probably a lot easier just to use already standard dynamic DNS to keep track of the new IP address.
So even if your machine *does* act as a server, so long as it isn't a major Internet infrastructure type of thing (such as a name server), so long as the hostname was kept updated with the correct IP you shouldn't really need to worry...
But yah, IPv6 doesn't *remove* administrative options in the least for selecting IP addresses, so you're always free to manually specify an IP if you need to.
While I'm encouraged by IETF's sound technical and privacy statement on MAC addresses in IPv6, there's a second issue that's still open. IMHO the technical and privacy factors are even stronger when it comes to decisions that amount to building a security hole into the system.
If a pro-privacy stand was the right thing for MAC addresses in IPv6, then it's even more so for CALEA and other wiretapping "standards".
One Big Whoops!!!!
I shoulda known better.
-B.
IP's are generated EACH AND EVERY TIME you connect to the Internet, move from ISP to ISP, or even if your ISP moves from one ISP to another.
IPv6 IP addresses are STRICTLY transitory. They have NO permanence. They last as long as YOU want. Unlike IPv4's "dynamic allocation", though, the numbers aren't picked out of a preset pool. IPv6 is based on transitions, not permanence.
Oh, and if you piss people off, chances are it's not their fault. Yes, they get to pick their reactions, and if they react badly, that is their problem, but if you act like an idiot, you can't blame that on others, either.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Old IBM Mainframes did it. See the jargon file:
--Joe--
Program Intellivision!
A number of people have posted the same misinformation, namely "Yeah, you can tell it to act like it has a different MAC address, but it'll put you into PROMISC mode and slow your machine down, etc. etc."
Most of these people are probably not actively trying to spread "fear, uncertainty, and doubt" about Linux. However, some people may use that information as FUD. The difference is intention. I guess it's that fine line between "stupidity" and "malice."*
--Joe* For those who didn't catch it, I'm referring to Hanlon's Razor: "Never attribute to malice what can be adequately explained by stupidity."
--
Program Intellivision!
The author is describing a cable modem/ADSL setup via the Ethernet port, with multiple local hosts. That doesn't sound like a typical configuration to me. Really, if you're going to leave your machine online via a semi-permanent mechanism like that you ought to make some effort to harden it.
Even with Linux, OpenBSD or whatever, one of the first moves in connecting a local network to the Internet is to do it via a machine with two NICs, disabling unecessary services on the external one.
If you just bang in a permanent connection to the Internet, having others track your MAC address is going to be way down your list of things to worry about.
The typical case today where the most common item assigned an IP address is some flavour of PC just won't be true anymore. One can safely predict that the majority of IP aware devices won't even have keyboards.
We need autoconfiguration folks! We've come some way down the line with DHCP, and with dynamic DNS updates a bit further. However, it's all a bit overkill for the simpler situations.
Maybe the IETF screwed up slightly by doing the obvious thing (which various vendors have done previously). But it's easily fixed.
The whole issue of reprogramming your NICs MAC address is an irrelevance. If you're going to go to the trouble of doing that, just use a manual IP address. But remember - there are billions of them for each of us.
The next person who suggests manual configuration is the answer to it all gets a jar of nanobots, a magnifying glass, and a small screwdriver to set their IP addresses (via DIP switches) dumped on him.
The vast majority of consumer PC's are sold without NIC's, while most of them use a modem to dial-up their connection to the Internet with a dynamically assigned IP address (which, of course, the ISP could trace back to their actual customer's address, at least). So what is the situation for this (large) class of INternet users?
The current situation is this: Any PC running Windows 95/98/NT with the Microsoft network client installed will give it's MAC address out if you query it. Hence the vast majority of all computers on the Internet right now give out the MAC addresses.
See this article for a complete explanation