Post AlPm5fPKBAyFAp1SKG by litchralee_v6@ipv6.social
(DIR) More posts by litchralee_v6@ipv6.social
(DIR) Post #AlPm5eFMUjPJZdLz9s by projectgus@aus.social
2024-08-28T01:39:30Z
0 likes, 0 repeats
I have a probably-foolish question about IPv6 and privacy, I suspect something fundamental I don't understand.My home ISP issues IPv6 ranges that effectively never change. I know there is a spec for how to do automatic rotation, but mine haven't changed in the 9+ months I've been watching them. I think this is pretty common.A big win if you want to run any kind of server as you basically get all the static IPs that you could want, at no extra charge. Yay!However, isn't any privacy preserving stuff you do in your home web browser almost a waste of time now? At best, all the internet access from this location is trivially correlated by the IPv6 prefix. At worst, it's trivially correlated per-device if your home router never rotates addresses.I know dynamic IPv4 isn't "for" privacy, but (especially with CGNAT) I always felt a little comfortable that correlating someone's online activity long term would take at least a small amount of effort (for businesses, not for governments).(BTW I know that routing all traffic through a VPN provider takes this mostly off the table, similar to CGNAT but you get to solve a lot more captchas. I still feel like I must be missing something, given the overlap between nerds who like Privacy and nerds who like IPv6 rollout.)#ipv6 #privacy
(DIR) Post #AlPm5fPKBAyFAp1SKG by litchralee_v6@ipv6.social
2024-08-28T02:00:36Z
0 likes, 0 repeats
@projectgus Often when it comes to privacy, people speak of tradeoffs. As in, what's being gained and what's being lost. With Legacy IP (whether rotating or CGNAT), the proposition is a nebulous gain of non-correlated addresses. But the guaranteed loss is: no end-to-end connectivity, necessity of STUN/TURN, breakage of p2p, and difficulty/impossibility of hosting game servers.#IPv6 avoids all those problems and is the modern protocol. Non-correlatability isn't worth giving those features up.
(DIR) Post #AlPm5gLSh1TW58Dswa by projectgus@aus.social
2024-08-28T01:42:15Z
0 likes, 0 repeats
I'm gonna footnote this with a depressing suspicion that the "small amount of effort" of tracking someone via browser features is cheap enough and reliable enough that it's actually easier for most tracking companies than bothering to figure out who is on a stable IP address. Plus lets you track people everywhere.
(DIR) Post #AlPm5hWqICAlkiYUK0 by litchralee_v6@ipv6.social
2024-08-28T02:04:37Z
0 likes, 0 repeats
@projectgus I'll also note that if you really want to cycle a stable #IPv6 prefix, you can try manipulating your router's WAN MAC address. That often convinces DHCPv6-PD to assign a different prefix, based on the idea that the former MAC still has the lease for the prior prefix.This isn't guaranteed to work, but seeing how prevalent the opposite scenario is (an ISP cycling the prefix too frequently), your ISP seems to be one of the nicer ones in its stability.
(DIR) Post #AlPmGLVwTxc4f3D5Y8 by jpm@aus.social
2024-08-28T03:19:54Z
0 likes, 0 repeats
@projectgus kind of sort of not really: kind of because a single /64 is almost guaranteed to represent a small number of people (at most a couple of hundred in an office or something), and it’s recommended that an ISP delegates aleast a /56 per customer (so you get 256 /64’s to play with). Sort of being that because the address range of a /64 is so large you can just turn on IPv6 privacy addresses for outbound new connections and jump between mostly-random addresses in your /64, which will obfuscate individual machines inside the subnet. And not really because programmers do not give a single shit about IPv6 and it’s unlikely their per-IP tracking works in IPv6 anyway.