Post 9uhd20mDm8gM59b4uO by irl@57n.org
(DIR) More posts by irl@57n.org
(DIR) Post #9uhUkcX5rTkiKniYDY by kravietz@social.privacytools.io
2020-05-04T10:47:15Z
0 likes, 0 repeats
Starting a new service and considering #ipv6? It's a good practice to go IPv6 for a number of reasons:1) IPv4 is exhausted, 2) IPv6 offers much better privacy thanks to the client address rotation, 3) IPv6 greatly simplifies P2P, 4) slightly better performance & latency
(DIR) Post #9uhd20mDm8gM59b4uO by irl@57n.org
2020-05-04T12:14:01.910944Z
0 likes, 0 repeats
@kravietz Individual IP addresses get rotated, but still within the same subnet. A subnet can easily represent only a single person. Selling IPv6 as privacy enhancing is really stretching the truth.I'm also not convinced it gives better performance or latency, given that everywhere I have IPv6 it's going via tunnels.
(DIR) Post #9uhd2102wjk0m247SS by kravietz@social.privacytools.io
2020-05-04T12:19:56Z
0 likes, 0 repeats
@irl My IPv6 address today is 2a02:390:79ef:0:bc7c:b971:4e32:1c20Most detailed information you will get from WHOIS is 2a02:390:7000::/36 registered to my ISP somewhere in UK. And tomorrow the IP will be different.
(DIR) Post #9uhdADzcWQq5O6mSxc by kravietz@social.privacytools.io
2020-05-04T12:21:31Z
0 likes, 0 repeats
@irl Regarding performance - well, that's why I got myself a native IPv6. In any case I don't think it's a big selling point today because currently observed IPv6 latency might be due to lower usage and saturation - nice, but still side effect.
(DIR) Post #9uhdyKQGtFgjoD8biq by irl@57n.org
2020-05-04T12:24:43.884847Z
0 likes, 0 repeats
@kravietz ISPs do dynamic addressing with IPv4 too. This is no different.This is not a feature of IPv6, it's how they've chosen to manage addressing, which could be applied to any addressing scheme.A recent-ish paper showed that even /48 aggregation can still uniquely identify a single customer.https://arxiv.org/pdf/1707.03900.pdfIf you're using your computer at work, you were probably getting more privacy from IPv4 NAT aggregation than you are from IPv6 address rotation, most enterprises will have fixed addressing to make network management easier.
(DIR) Post #9uhdyKcg97c4QgwW3s by kravietz@social.privacytools.io
2020-05-04T12:30:34Z
0 likes, 0 repeats
@irl Ok, this makes perfect sense - looks like privacy extensions offer privacy protection equivalent to an ISP-scale NAT.
(DIR) Post #9uhe2ZXobszbrlgqUi by kravietz@social.privacytools.io
2020-05-04T12:31:21Z
0 likes, 0 repeats
@irl Regarding stable IPv6 addresses - they are pain to configure as you have to use DHCPv6 and DHCP simply makes little sense with SLAAC. I've spent significant amount of time configuring DHCPv6 only to be able to track traffic in my LAN as all my personal and kids devices had different IPv6 addr each time :)At the end of the day, I'm just tracking their MAC addresses as these are stable and configured everything else to use privacy extensions.
(DIR) Post #9uhf3UasbMLkkw7sMi by kravietz@social.privacytools.io
2020-05-04T12:42:42Z
0 likes, 0 repeats
@irl > by using throwaway addresses for each connectionThis is technically possible. I've seen some services using this technique to bypass Google search query limits by switching their egress IPv6 address every 5 minutes or so. Of course this works only as long as Google doesn't enforce limits per subnet but switching is easy. Choosing a new IPv6 address *per connection* is also technically possible with /etc/gai.conf, the client software would just need to actually do it.