Conversation

Notices

1. Embed this notice
   Gus (projectgus@aus.social)'s status on Wednesday, 28-Aug-2024 13:38:08 JST Gus

   I have a probably-foolish question about IPv6 and privacy, I suspect something fundamental I don't understand.

   My home ISP issues IPv6 ranges that effectively never change. I know there is a spec for how to do automatic rotation, but mine haven't changed in the 9+ months I've been watching them. I think this is pretty common.

   A big win if you want to run any kind of server as you basically get all the static IPs that you could want, at no extra charge. Yay!

   However, isn't any privacy preserving stuff you do in your home web browser almost a waste of time now? At best, all the internet access from this location is trivially correlated by the IPv6 prefix. At worst, it's trivially correlated per-device if your home router never rotates addresses.

   I know dynamic IPv4 isn't "for" privacy, but (especially with CGNAT) I always felt a little comfortable that correlating someone's online activity long term would take at least a small amount of effort (for businesses, not for governments).

   (BTW I know that routing all traffic through a VPN provider takes this mostly off the table, similar to CGNAT but you get to solve a lot more captchas. I still feel like I must be missing something, given the overlap between nerds who like Privacy and nerds who like IPv6 rollout.)

   #ipv6 #privacy

   • Embed this notice
     Ti Nguyen (litchralee_v6@ipv6.social)'s status on Wednesday, 28-Aug-2024 13:38:08 JST Ti Nguyen

     in reply to

     @projectgus Often when it comes to privacy, people speak of tradeoffs. As in, what's being gained and what's being lost. With Legacy IP (whether rotating or CGNAT), the proposition is a nebulous gain of non-correlated addresses. But the guaranteed loss is: no end-to-end connectivity, necessity of STUN/TURN, breakage of p2p, and difficulty/impossibility of hosting game servers.

     #IPv6 avoids all those problems and is the modern protocol. Non-correlatability isn't worth giving those features up.

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Joel Michael (jpm@aus.social)'s status on Wednesday, 28-Aug-2024 13:40:03 JST Joel Michael

     in reply to

     @projectgus kind of sort of not really: kind of because a single /64 is almost guaranteed to represent a small number of people (at most a couple of hundred in an office or something), and it’s recommended that an ISP delegates aleast a /56 per customer (so you get 256 /64’s to play with). Sort of being that because the address range of a /64 is so large you can just turn on IPv6 privacy addresses for outbound new connections and jump between mostly-random addresses in your /64, which will obfuscate individual machines inside the subnet. And not really because programmers do not give a single shit about IPv6 and it’s unlikely their per-IP tracking works in IPv6 anyway.

     Haelwenn /элвэн/ :triskell: likes this.