I think the Ubuntu installer should come with a checkbox option: [ ] Leave me naked on the Internet and STAB ME IN THE BACK.
Regardless of whether it's checked or unchecked by default, I have a feeling most people aren't going to want that. Right now, I'm typing on an operating system where Samba defaults to settings that basically amount to, "Don't let anything work unless the user manually edits a configuration file," which is presumably for the sake of security (unless it's for the sake of deliberately hassling users). If security is prioritized over functionality, the same should go for privacy...yet this same operating system freely gives my MAC address to anyone I bump into with IPv6, because it's more functional...and get this: It's not even more functional for ME, but for hypothetical system/network admins who aren't even using my computer. You have to be kidding me. I cannot BELIEVE the attitude of system admins on this board. "Oh no, this will make forensics so much harder..." Yes, that is the point. (It's ironic that these comments are positioned so closely to comments saying that the privacy extensions don't effectively protect privacy. Obviously, they do so enough to make forensics a pain in the butt, so they're accomplishing something good at least.) "It'd be okay if just a few rogue users used privacy extensions, but when it's set to default and everybody does it..." Yes, that is once again the whole point. To the extent that it affects me as an end user, "forensics" = tracking, and it's not something I particularly appreciate. This may come as a surprise, but end users are not in the business of serving system admins who want to track them and/or snitch on them when some copyright mafia comes knocking. An end user's operating system should exclusively serve the end user, not others who may have conflicting interests. Writing software that obeys and serves the user [as opposed to potentially adversarial third parties] is such a cornerstone of free and open source software that the correct course of action here should be a no-brainer. Anything else is a betrayal. Did I mention copyright mafias? Let's take that up a notch and consider the ramifications of default "ass hanging in the wind" policies in totalitarian countries without free speech. A journalist/whistleblower/political dissident or such can use encryption, a VPN, etc. all she wants, but her IPv6 address may be the one weak link that ultimately ties all of her activity together and betrays her to the people who want nothing more than to identify, torture, and kill her. There is simply no excuse for leaving an obscure hole like this open by default, especially considering that most people are completely unaware of it. Are there lots of other ways for people to track you? Sure. Browser fingerprints are a problem, and that problem should be dealt with...but there are in fact solutions that are being increasingly adopted, and this problem is restricted to web browsers anyway. The existence of such a problem does not justify saying, "Well, let's just give up on user privacy and broadcast our friggin' MAC addresses to everyone we bump into, so we can be persistently tracked across any and all protocols and applications using IPv6." There are certainly a lot of bases to cover when it comes to privacy, but sensible defaults go a long way toward plugging the holes. Now, if you're a system admin in an actual enterprise environment where you legitimately have control over a large number of end user PC's (e.g. employee PC's), then changing the default IPv6 settings should not be an issue for you...because, after all, you're the one who installed the OS on all of these computers in the first place, right? Each one can be updated with the same modified config file, and this is made even easier if they're set up as preconfigured virtual machines. Now, if you're just a network admin who has no legal or moral right over end users' computers, it's simply not their job to appease you. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/176125 Title: Ubuntu should activate the IPv6 privacy extension by default (echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr) Status in “network-manager” package in Ubuntu: Confirmed Status in “procps” package in Ubuntu: Confirmed Bug description: Binary package hint: procps Some background information: recently "Free ADSL", one of the biggest ISP in France, added IPv6 support possibly exposing 2.5 millions of users to IPv6 The address are configured automatically and by default linux will build it using the MAC address. However this presents a risk of privacy loss: - there is an unique identifier which can be used by website to track the location of a laptop or pda - some information about the model of the network card (other information can be probably derived if you know the serial number of the card) is leaked The following rfc (http://tools.ietf.org/html/draft-ietf-ipngwg-temp- addresses-v2-00) mitigitates this problems by introducing temporary addresses to be used by outgoing connection (in addition to the static address which can be used for incoming connection and have a dns name associated with it). To activate it under linux you just need to activate the following in sysctl: echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr or add "net.ipv6.conf.all.use_tempaddr=2" thanks for protecting the privacy of the clueless users by default :) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/176125/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
