Something I'm not seeing discussed much is that the fundamental shift of "Who has this IP" doesn't change. Right now my ISP gives me a single IPv4 address and I NAT behind it. If someone asks them "Who has IP X at this time?" they can answer. That doesn't change with IPv6. They assign me a /64. And while it's true that I have 18,446,744,073,709,551,616 I can choose from to assign to myself in crazy ways (one per new connection? one per minute?) - when someone asks them, "Who had IP X at this time?" they just look up who was assigned that /64 IPv6 block.
Networking tools have to adapt to handle reputation on a /64 (I'm presenting about this at Black Hat in Vegas next month), and it will be a slow shift to upgrade everything that filters/whitelists/blacklists/searches/etc to do so on a subnet scale, but it will happen. And we're not any better off. On 17 June 2012 15:31, Walid AL-SAQAF <alkasir admin> <ad...@alkasir.com> wrote: > See: > http://news.cnet.com/8301-1009_3-57453738-83/fbi-dea-warn-ipv6-could-shield-criminals-from-police/ This says they're worried that RIRs, LIRs, and ISPs may not keep records of who is assigned what addresses. This doesn't strike me as a boon for privacy. It might be an incidental benefit - but it's not something anyone should rely on, advertise, or be joyous about. On 17 June 2012 15:58, Seth David Schoen <sch...@eff.org> wrote: > - The original addressing scheme for IPv6 suggested using individual > devices' MAC addresses as (the basis for) the lower-order 64 bits of > the public IP address. This is catastrophic for privacy because > then you can recognize and track individual devices all around the > world, like an indelible cross-site cookie for each device. (What's > more, if you seize the device, you can confirm that it was the actual > device that was used to send some particular communications at some > point in the past.) However, we don't have to use this scheme for > assigning IP addresses. It depends on how our individual operating > systems are configured, and it's unlikely that ISPs or anyone could > somehow force us to use the privacy-invasive style. Absolutely, this is a huge deal, and it's not solved. Look up draft-gont-6man-stable-privacy-addresses and http://void.gr/kargig/presentations/athcon_2012_kargig.pdf for some pointers into this. I can't understate this: this is an open research project, and we need solutions. We don't want to wind up in a scenario where the lower 64 bits of my address stay with me across networks. Very, very bad. > - Having plentiful IP addresses means that we don't have to use network > address translation (NAT) anymore, at least not for IP address > scarcity reasons. This could actually be bad for privacy because > there is less ambiguity about which user of a network was responsible > for particular communications; NAT can create ambiguity from the > outside world's point of view about who at a particular institution > actually sent some network traffic, and if we get rid of NAT, we > reduce that uncertainty. While true, I view this in the same category as the first link. We may get incidental benefits from NAT, but it shouldn't be relied on for strong anonymity. University or ISP level NAT is out of your control and they're usually happy to turn over information to whoever asks. > - Having plentiful IP addresses means that ISPs could choose to give > end-users more dynamic IP addresses, without re-use. It's easier > to imagine using highly ephemeral IP addresses, like using a new > source address for each and every connection (!) or having one's > home network address change every day or every hour. In that case, > it would be harder to make associations between users or to track > users based on their IP addresses. Disagree, for the points I put in the beginning. As long as I'm changing my IP inside the /64 I'm assigned, I'm easily to correlate. And AFAIK there's been no plans for ISPs to do anything other than the recommendation of giving each user a /64 to play with. > - With more plentiful public IP addresses, it would be easier and > for more people to start to run publicly-useful proxy services > like Tor entry nodes. It will also be somewhat harder for > censors to enumerate and block secret bridge-style proxy nodes > ahead of time because it will be far more difficult to port-scan > the larger address space. (It was traditionally thought to be > impossible, but there is a paper showing it may not be impossible > in practice.) Yes. Right now, portscanning in IPv6 is still possible in a number of ways: reverse mapping .arpa, invalid multicast pings, and others. (See the source in http://thc.org/thc-ipv6/ for a lot of IPv6 attacks) However I believe/hope that we will solve most of these in the next 5 years so port scanning will not be feasible in IPv6. However, I don't know if anyone is actively pushing to fix these things, so if anyone has a grad student free... > - With reduced use of NAT, we could more easily implement more > things as pure peer-to-peer services, with less intermediation. > This is good for users' privacy against service providers and > potentially bad for users' privacy against each other. For > example, if you make an intermediated VoIP call, the service > provider learns your approximate location from your IP address, > but the other party to the call doesn't. If you make a more > disintermediated VoIP call, no service provider learns this > information, but the other party can learn it. I'm in general in favor of end-to-end connections because you can use end-to-end crypto. Crypto to an intermediary is near-useless. But fair enough, this can go either way. > - Many network monitoring and logging systems aren't yet correctly > set up to log IPv6 addresses, so IPv6 users can't yet be monitored > and tracked by them as effectively as IPv4 users can. That will > probably change over time. I consider this an incidental benefit for now, but not to be relied on. Conversly, currently the anonymity set of IPv6 users is so small it's super-dangerous to use IPv6 for anything like tor. One other random thing I've come across is Mobile IPv6. Your phone gets an IPv6 address it keeps forever, and gets moved around to different towers. Always reachable at that address. Great for running a service from it, like voip or something. But seems bad for privacy! This is still way out, but something to think about if you're really into this topic. Anyway, I think something that's huge that isn't be talked about is what I said in the beginning: the reputation change from an IPv4 address to an IPv6 subnet. It will happen in all the legitimate and less-legitimate tools out there, and when it does, changing your address to any of the (4 Billion)^(4 Billion) addresses available to you won't gain you anything. It won't be any better (or any worse) than IPv4. -tom _______________________________________________ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
