[liberationtech] IPv6 good for anonymity

ei8fdb at ei8fdb.org ei8fdb at ei8fdb.org
Mon Jun 18 13:05:59 PDT 2012 

I'm not an IPv6 expert, but any technical courses I have done on IPv6 
have promoted the complete trackability and full audit-trail possible 
with IPv6 - each unique IPv6 host makes a direct connection to the other 
host, which simplifies security, and routing.

There is no need to carry out NAT (Network Address Translation), or IP 
Masquerading, which is great news for ISPs or mobile operators. A visit 
to an IPv6 enabled website from an IPv6 enabled client is simple to see, 
therefore simple to do a lookup on the client address. If the 
documentation and records are not properly managed, then I guess thats 
another issue, but I certainly wouldn't call that "security"!

Due to this "great" advantage of full audit-trail, it will now be 
simple to "manage" traffic based on actual addresses, as opposed to 
blocks of addresses which can be "messy", due to casting such a wide 
net.

Personally, as someone who is involved in building mobile networks and 
who values the little privacy left, I am certainly concerned for the 
possibilities of incorrect usage of IPv6 "network management".

I could be wrong though, and would be happy to be proven wrong.

thanks,
Bernard

On Sun, 17 Jun 2012 12:58:37 -0700, Seth David Schoen wrote:
> Walid AL-SAQAF <alkasir admin> writes:
>
>> Are we supposed to be more concerned or glad that we are slowly 
>> moving to
>> IPv6 ?
>
> I think the effect of IPv6 on privacy is complicated; it depends on 
> how
> addresses are allocated.  It depends on what ISPs do and on what 
> users do.
>
> There's one debate about whether people will bother to keep such 
> detailed
> records of which ISPs are using which IP addresses once IP addresses 
> are
> more plentiful.  With IP addresses less scarce, there may be a 
> reduced
> incentive to keep careful records about delegations of address space, 
> and
> more willingness to grant delegations casually and easily.  In that 
> case,
> it may be more difficult bureaucratically to figure out who or where 
> some
> Internet users are.  You can see some discussion of this in this 
> current
> thread on NANOG:
>
> http://mailman.nanog.org/pipermail/nanog/2012-June/049300.html
>
> See also
>
> https://en.wikipedia.org/wiki/SWIP
>
> Apart from that, there are at least seven potential effects on 
> privacy:
>
> - The original addressing scheme for IPv6 suggested using individual
>   devices' MAC addresses as (the basis for) the lower-order 64 bits 
> of
>   the public IP address.  This is catastrophic for privacy because
>   then you can recognize and track individual devices all around the
>   world, like an indelible cross-site cookie for each device.  
> (What's
>   more, if you seize the device, you can confirm that it was the 
> actual
>   device that was used to send some particular communications at some
>   point in the past.)  However, we don't have to use this scheme for
>   assigning IP addresses.  It depends on how our individual operating
>   systems are configured, and it's unlikely that ISPs or anyone could
>   somehow force us to use the privacy-invasive style.
>
> - Having plentiful IP addresses means that we don't have to use 
> network
>   address translation (NAT) anymore, at least not for IP address
>   scarcity reasons.  This could actually be bad for privacy because
>   there is less ambiguity about which user of a network was 
> responsible
>   for particular communications; NAT can create ambiguity from the
>   outside world's point of view about who at a particular institution
>   actually sent some network traffic, and if we get rid of NAT, we
>   reduce that uncertainty.
>
> - Having plentiful IP addresses means that ISPs could choose to give
>   end-users more dynamic IP addresses, without re-use.  It's easier
>   to imagine using highly ephemeral IP addresses, like using a new
>   source address for each and every connection (!) or having one's
>   home network address change every day or every hour.  In that case,
>   it would be harder to make associations between users or to track
>   users based on their IP addresses.
>
> - On the other hand, ISPs could also choose to give end-users more
>   static IP addresses, making it relatively easier to profile or
>   recognize users over time.
>
> - With more plentiful public IP addresses, it would be easier and
>   for more people to start to run publicly-useful proxy services
>   like Tor entry nodes.  It will also be somewhat harder for
>   censors to enumerate and block secret bridge-style proxy nodes
>   ahead of time because it will be far more difficult to port-scan
>   the larger address space.  (It was traditionally thought to be
>   impossible, but there is a paper showing it may not be impossible
>   in practice.)
>
> - With reduced use of NAT, we could more easily implement more
>   things as pure peer-to-peer services, with less intermediation.
>   This is good for users' privacy against service providers and
>   potentially bad for users' privacy against each other.  For
>   example, if you make an intermediated VoIP call, the service
>   provider learns your approximate location from your IP address,
>   but the other party to the call doesn't.  If you make a more
>   disintermediated VoIP call, no service provider learns this
>   information, but the other party can learn it.
>
> - Many network monitoring and logging systems aren't yet correctly
>   set up to log IPv6 addresses, so IPv6 users can't yet be monitored
>   and tracked by them as effectively as IPv4 users can.  That will
>   probably change over time.
>
> Maybe I should make this a blog post. :-)
>

More information about the liberationtech mailing list