[liberationtech] IPv6 good for anonymity

Seth David Schoen schoen at eff.org
Sun Jun 17 12:58:37 PDT 2012 

Walid AL-SAQAF <alkasir admin> writes:

> Are we supposed to be more concerned or glad that we are slowly moving to
> IPv6 ?

I think the effect of IPv6 on privacy is complicated; it depends on how
addresses are allocated.  It depends on what ISPs do and on what users do.

There's one debate about whether people will bother to keep such detailed
records of which ISPs are using which IP addresses once IP addresses are
more plentiful.  With IP addresses less scarce, there may be a reduced
incentive to keep careful records about delegations of address space, and
more willingness to grant delegations casually and easily.  In that case,
it may be more difficult bureaucratically to figure out who or where some
Internet users are.  You can see some discussion of this in this current
thread on NANOG:

http://mailman.nanog.org/pipermail/nanog/2012-June/049300.html

See also

https://en.wikipedia.org/wiki/SWIP

Apart from that, there are at least seven potential effects on privacy:

- The original addressing scheme for IPv6 suggested using individual
  devices' MAC addresses as (the basis for) the lower-order 64 bits of
  the public IP address.  This is catastrophic for privacy because
  then you can recognize and track individual devices all around the
  world, like an indelible cross-site cookie for each device.  (What's
  more, if you seize the device, you can confirm that it was the actual
  device that was used to send some particular communications at some
  point in the past.)  However, we don't have to use this scheme for
  assigning IP addresses.  It depends on how our individual operating
  systems are configured, and it's unlikely that ISPs or anyone could
  somehow force us to use the privacy-invasive style.

- Having plentiful IP addresses means that we don't have to use network
  address translation (NAT) anymore, at least not for IP address
  scarcity reasons.  This could actually be bad for privacy because
  there is less ambiguity about which user of a network was responsible
  for particular communications; NAT can create ambiguity from the
  outside world's point of view about who at a particular institution
  actually sent some network traffic, and if we get rid of NAT, we
  reduce that uncertainty.

- Having plentiful IP addresses means that ISPs could choose to give
  end-users more dynamic IP addresses, without re-use.  It's easier
  to imagine using highly ephemeral IP addresses, like using a new
  source address for each and every connection (!) or having one's
  home network address change every day or every hour.  In that case,
  it would be harder to make associations between users or to track
  users based on their IP addresses.

- On the other hand, ISPs could also choose to give end-users more
  static IP addresses, making it relatively easier to profile or
  recognize users over time.

- With more plentiful public IP addresses, it would be easier and
  for more people to start to run publicly-useful proxy services
  like Tor entry nodes.  It will also be somewhat harder for
  censors to enumerate and block secret bridge-style proxy nodes
  ahead of time because it will be far more difficult to port-scan
  the larger address space.  (It was traditionally thought to be
  impossible, but there is a paper showing it may not be impossible
  in practice.)

- With reduced use of NAT, we could more easily implement more
  things as pure peer-to-peer services, with less intermediation.
  This is good for users' privacy against service providers and
  potentially bad for users' privacy against each other.  For
  example, if you make an intermediated VoIP call, the service
  provider learns your approximate location from your IP address,
  but the other party to the call doesn't.  If you make a more
  disintermediated VoIP call, no service provider learns this
  information, but the other party can learn it.

- Many network monitoring and logging systems aren't yet correctly
  set up to log IPv6 addresses, so IPv6 users can't yet be monitored
  and tracked by them as effectively as IPv4 users can.  That will
  probably change over time.

Maybe I should make this a blog post. :-)

-- 
Seth Schoen  <schoen at eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
454 Shotwell Street, San Francisco, CA  94110   +1 415 436 9333 x107

More information about the liberationtech mailing list