Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Privacy

Are There Still Privacy Concerns With IPv6? 92

Posted by Cliff from the have-the-problems-been-fixed-yet dept.
Zanguinar asks: "Whatever happened with the privacy issues in IPv6? I recall there being a small uprising by privacy advocates and even this article on Slashdot. However, I don't recall ever hearing more about it. What has the response from IETF and IANA been? Did they do something about it, or just dismiss it as unimportant? I cannot find anything recent (i.e. in the past six months) regarding this. With the news that some companies may soon begin using IPv6, I'm a bit concerned..."
This discussion has been archived. No new comments can be posted.

Are There Still Privacy Concerns w/ IPv6? More

Are There Still Privacy Concerns w/ IPv6?

Comments Filter:

  • Re:easy way around privacy concerns (Score:1)

    by Anonymous Coward
    Oh god - more crap from somebody that doesn't know what they are talking about. Please read the fscking IPv6 draft before posting!

    Buy nothing from any vendor that forces your to use the MAC address option
    Doh - the other end can't force this - you can either say "use my MAC address to construct my address" or "use something else like this random number or address server ..."

    Buy nothing from any vendor that turns the option on by default
    See above

    Buy 4 NICs and switch them once a week, confusing the HELL out those bastards tracking you
    Learn how a computer works! Just change the MAC address on the same nic, cheaper, quicker, easier.

  • Not a security breach. (Score:1)

    by Anonymous Coward
    The reason MAC addresses are used as the last 64 bits in the IPv6 address is to scrap ARP ip->MAC resolution. for PPP/SLIP or tunnel users is generated from random and so can you do and change your MAC using 'ifconfig' then you want to. IPv6 includes security functions for end-to-end authentication and encryption of payload data including headers using md5, sha1, 3des, rsa, rc5, blowfish, etc. So its way more secure than IPv4.

  • ipv6 is more private than ipv4 (Score:5)

    by Anonymous Coward on Monday October 02, 2000 @02:31AM (#740684)
    Your concerns are fully addessed by this slashdot article [slashdot.org]. --Doug Moen

  • Oh, please... (Score:5)

    by Millennium ( 2451 ) on Monday October 02, 2000 @03:16AM (#740685)
    The privacy concerns with IPv6 are really no greater than with IPv4. Yes, even with the IP address possibly tied to a MAC address (which, I might add, it does not have to be). Think about it...

    1) Your MAC address is already embedded in every single packet going out of your Ethernet card, no matter what protocol you're using. It's the way Ethernet works.

    2) MAC addresses are handed out to companies or individuals in huge chunks. The body that does this has no way of tracking right down to the user, only to the card manufacturer. If you're really concerned, pay for your NIC with cash and don't register it with the manufacturer.

    3) MAC addresses are configurable with most card/stack combinations. So chances are you can change your MAC at will.

    4) The IPv6 address is not necessarily tied to the MAC address. There are other ways to do it.

    5) If even these aren't enough for you, please remember that services like Anonymizer still exist.

    6) One feature of IPv6 is security. In order for transmissions to be secure, they have to be verifiable for obvious reasons. In other words, if you want to have truly secure communication, you have to give up some measure of privacy, just enough so that you can be verified as the intended recipient. Conversely, you can have private communications if you want them, but in doing so you lose all semblances of security because there's no way to verify who's on the other end. It's a tradeoff; take your pick.

    7) It's an outright fallacy to think your Internet communications are currently truly anonymous. Even under IPv4, you leave a trail of "mouse droppings" wherever you go, and these can be traced straight back to you if the hops in the chain are willing to cooperate (you can foil this by using things like Anonymizer, who won't cooperate, but this will be no different in IPv6).

    So yes, you might say there are potential privacy concerns with IPv6. However, they're no greater than those already in the IPv4 system we've been using for many years, and they're just as easy to circumvent if you truly need the extra measure.
    ----------

  • Adam Smith capitalism is supposed to be consumer driven,

    I promise you that it isn't, and Adam Smith agrees with me. The idea of systematically rebalancing economic power away from the owners of the means of production is one that only arrives after Marx, let alone Smith.

    Hang on, where did aphor say anything about "systematically rebalancing economic power away from the owners of the means of production"? He's talking about the basic old supply-and-demand stuff that assumes the consumer has as much market power as the producer - which is rarely (and decreasingly) true these days.

  • Point taken, but that's still got nothing to do with Marx or a system that rebalances power away from the producer.

    Ignoring the fact that I've forgotten who said it, the issue is that consumers have less power in the market than they used to have.

  • The fuss was all about IP addresses having the MAC address of the NIC as part of them.

    As the IETF pointed out, this is a optional implementation, but not a requirement of the standard.


    --
    Why pay for drugs when you can get Linux for free ?

  • Statement on IPv6 Privacy Concerns [slashdot.org]
    --
    Why pay for drugs when you can get Linux for free ?

  • Summary: "Don't gripe that IPv6 is insecure, since IPv4 is insecure also."

    Is that what you really mean? It certainly seems so.

    Just because there are [whichever] problems in the status quo doesn't mean that [whichever] problems need to be accepted in future "improvements" in the (future) norm.

    Changing an insecure model to a new model is the optimal time to fix the insecurities.

    (Why isn't this self-evident? What am I missing here?)

  • "whether you like it or not"

    It truly amazes me the number of people who respond to the outrageous by saying "So what? That's reality."

    To use a (United States-centric) analogy: In the sixties, many persons decried the existence of racial injustices, such as "separate but equal" restrooms, white-only lunch counters, etc. And many "negroes" (to use the term of the day) reacted to the protests of their peers saying "That's just the way it is; you will never change it. Be quiet and accept it rather than irritate the oppressor."

    It was only *because* people refused to accept the unacceptable that change was made (albeit slowly.)

    The same could be said of almost any social justice issue, not just racial matters. Change came only because people did *NOT* _tolerate_ the unacceptable.

    Why do people tolerate privacy invasions? Why do people tolerate the erosion of their basic rights? Why do people tolerate anything that they perceive to be unfair or inapproprate?

    It scares me to see the trends in this society. ("Sheeple" irritate me, regardless of whether the term is cutesy or not.)

    Why is "...then DO something about it!" no longer an acceptable response? :-(

  • I've never heard of 'mac translation', but there's no performance loss when using a mac address other then the one in your cards rom. At initialisation time, the driver basicly loads the mac out of the rom (from the networkcard) and gives it to the little controler-chippy thing on the network card. It can just as easily give it another mac, the procedure is exactly the same. Try:

    ifconfig iface ip netmask netmask hw ether mac-addr

    This is for linux, I'm not sure freebsd's ifconfig supports setting the mac, it doesn't appear to know the hw param.

    What you might be thinking of is a not-so-subtle hack to pretend to have multiple nic's on a single network, where you put the nic in promisc mode, and then do the filtering of incoming packets in software. This is quite a bit slower than doing it in the hardware on the nic, but has the nice sideeffect that you can have as many mac's (and thus give them each an ip, and thus have them appear to be different interfaces) as you want.
  • I think you're confusing it with multicast, which appears to do some promiscoid stuff... However, If you could give some evidence of your claim... (source linenumbers would be nice).
  • It was no biggie in the first place; simplys stating that, as an option, a network could choose to use the last 48 bits of their address space by simply using the mac address of the respective computer. Darn good idea, ensures unique space, makes management easier.

    Not at all necessary, or required.
  • That's basically exactly the logic they used. And you can also change your mac easily.

    They didn't want your mac to change just because your network card blew up.
    Kudos to them.
  • Land Of The Free.
  • As I found out when I put another NIC into my Sparcstation 4 (currently doing its job as a firewall/NAT box). I was quite surprised to discover that both NIC in the SPARC -- built-in and the card -- had the same MAC address. I started worrying and hit Google.

    It turned out that on SPARCs (at least older ones) the NIC do not have their own MAC address -- they get theirs from the motherboard! So if a machine has two (or more) NICs, they all have the same MAC, which is really a motherboard MAC.

    I think the Sun argument was that multiple NICs are likely to find themselves on different (physical) networks, so having the same MAC address for all of them was OK, and it probably saved five cents somewhere.

    Kaa
  • As technology has become increasingly pervasive in our lives, it is now necessary to apply for a IPv6 address as well as a social security number. Your newly born child's IPv6 address
    will never be used to track or collect data, nor should it be used for identification purposes. The IPv6 address is there only to guarantee access to the Internet at large.

    That sounds like it was lifted from the back of my original (U.S.A.) Social-Security card.

    We all know how long THAT promise lasted...
  • Notice they don't say that anymore?

    Get a new one and check it out :-(
  • I don't think there is a 'manufacturer-field' part of the MAC. It's just that the numbers are given out in large blocks by the Grand High MAC council or whatever it is. Might be wrong though.
  • MAC = Media Access Controller a MAC address is simply your address on the ethernet.
  • I wouldn't worry too much about your MAC address being exposed. There are much better ways to track what people are doing, and to combine the information that is gathered about you.

    You can store a unique personal number in somebody's cookie, and use that to track what they are doing. This is especially powerful in combination with big banner ad servers: the ad server reads your cookie, and combines this information with the URL the banner ad was on. This information can even be augmented with data (like your home address) that you fill in on web forms, assuming that the site owner is willing to sell that kind of data. And why wouldn't they?

    The banner ad doesn't even have to be visible for this purpose, it can be a 1x1 pixel transparent gif.
  • Most users arn't concerned with privacy anyway; lets face it, 99.9% of all users are not doing anything illegal anyway.

    What has privacy got to do with illegal activities?

    There are a lot of completely legitimate reasons for wanting privacy.

    Also, don't confuse privacy and anonymity.

  • This is almost exactly what AT&T's Crowd's does. Haven't heard anything about it in ages, but this is what it does. No link handy at the moment, unfortunately.
  • Static IP won't be the norm, it's a pain in the ass to manage.

    Probably less of a pain, certainly it would be the end of whole ISP's being blacklisted because of a single jerk or spammer.
  • Bizzare, was thinking about this mornining before this article came up and wondering how easy it would be to write a local proxy that would choose from randomly a list (e.g. from http://proxies.hotmail.ru/proxies.htm [hotmail.ru]) for each request sent.

    Really mess up people's log files :), each time you hit someones site you would be showing up as a different unique user for every page and image you got...

  • Check the Internet Draft "Privacy Extensions for Stateless Address Autoconfiguration in IPv6" draft-ietf-ipngwg-addrconf-privacy-03.txt [ietf.org]
  • So the ISPs still need to provide a DHCP-like protocol to allow you to have a (somewhat) random prefix. But they don't have much incentive to do so, because 80-96 bits is so large, they won't run out of IPs. Right now DHCP and PPP automatic address assignment is so important because IPv4 address space is tight, and if you have a 10-to-1 modem pool, you only need an IP block large enough for your modem pool and your maximum expected number of customers who disconnect their computers when they aren't using them.

    I, for one, will NOT support dynamic IPv6 addresses in any software I write. The last thing I want is another trend where ISPs get away with giving you a dynamic IP and charge you extra if you want a real (static) IP, and calling it a 'privacy feature'.
    --------
    Life is a race condition: your success or failure depends on whether you get the work done on time.

  • So can a dedicated person with adequate resources. I, personally, LOVE the idea of global, static addresses, because it means we can finally make use of purely peer-to-peer protocols, rather than the horrendously kludgy client-server protocols we use now.

    (Example: All our internet pagers could have long been replaced by SMTP.)
    --------
    Life is a race condition: your success or failure depends on whether you get the work done on time.
  • >Whether you like it or not, everything you do is being monitored anyway. It's just how America works.

    I'm not in america, and have no intention to be. luckily, this is not how most of the world works. please don't go stuffing this monitoring down the world's throat just because some american companies may want to. the net doesn't end outside the US.

    //rdj
  • actually, I do give a shit. I don't want a net ruled by companies based on american laws practically written by those same companies. IPv6 will be adopted worldwide, so this is a worldwide issue. discounting certain problems with IPv6 because 'that's how america works' is shortsighted. Or do you want it built in the protocol to inform a government database when you view subversive information, cos that's how &ltinsert favourite tyrannical country&gt works?

    //rdj
  • >If you aren't willing for it to be YOU saying it in public, then you quite possibly shouldn't be saying it.

    unless ofcourse you can get killed for saying what's on your mind. This may not be the case in the US, but anonymity can be really important for political dissidents. If the US is justified in requiring everyone to identify themselves at all times, than so are other governments.

    //rdj
  • If you want privacy, don't use public forums/exchanges/etc. Same thing goes with the "real" world. If you don't want people to see you have sex, don't do it in Time Square or Central Park. To take what people think privacy should be to the real world, you would have some means of completely disguising your identity, so that you could have sex in Central Park and have it be "private." Anybody with a brain, however, would realize that you aren't doing it privately, only anonymously. We are not guaranteed a right to anonymity, and I'm not entirely sure we should be able to be anonymous in a public forum. If you aren't willing for it to be YOU saying it in public, then you quite possibly shouldn't be saying it. If you should be saying it, you should be working against the forces that make you uncomfortable voicing those thoughts as a human being, not fighting for your right to hide.
  • If you'll notice, that article is from almost a year ago, and I was looking to see if there had been any news in the previous six months. I was aware of that document when I posed my question. However, with the speed of change in technology, I didn't feel that was a sufficient answer to my question.

    One of the biggest "additions" to IPv6 that supposedly makes it more secure if IPSec. Everybody touts this as being the big solution. However, if you take a look at IPSec, it doesn't necessarily have anything to do with IPv6. It was designed for, and works with, both IPv4 as well as IPv6. If you're interested, check out the RFC here [isi.edu]. In section 2, it supports what I just claimed.

    If you are interested in hearing more of my rants on IPv6, check out my article [hellyeah.com] over at Hellyeah.com [hellyeah.com]. Also, while you're there, check out a reply to my article [hellyeah.com] that, in my opinion, does point out some of the good parts of IPv6, but doesn't directly address my points.

  • 1) Your MAC address is already embedded in every single packet going out of your Ethernet card, no matter what protocol you're using. It's the way Ethernet works.
    Sure, but that doesn't mean that my MAC address is visible in the other end of the connection. Typically, packets from my machine pass through at least one router/switch/gateway on their way to some other Internet host, and then the MAC address gets replaced by that of the switch. The only globally-visible addressing scheme used on the Internet is, of course, IP addresses. I'm sure everyone already knows this, but your post really made it sound like it wasn't so. Still, I think this makes the case "against" IPv6 slightly stronger...
  • I'm not in america, and have no intention to be. luckily, this is not how most of the world works. please don't go stuffing this monitoring down the world's throat just because some american companies may want to. the net doesn't end outside the US.

    Sad to say, neither does monitoring of what you do online. If you think people in your country (whatever it may be) aren't monitoring you.... Well, all I can ask is, "What is the speed of light in the little universe you are in?"


    We are all in danger of losing our privacy.

  • However, most cable modems don't pass your NIC's MAC to the network, rather they pass their ID. It is almost certainly possible for the cable company to track your MAC address, however I've had no luck tracking the MACs of the jackasses who probe my system.

  • Not really. (Score:5)

    by Inoshiro ( 71693 ) on Monday October 02, 2000 @02:40AM (#740718) Homepage
    Users can arbitrarily change the MAC addresses on all modern cards without too much trouble. They might be able to figure out what mfr your NIC card is if you've not changed it, but I don't think we'll be seeing black helicopters descending on your house.

    Besides, a simple ARP request will get a person's MAC if they're on the same subnet (or there is a machine configured to forward packets between two subnets, beyond that). I think this is more an issue of people not having a clearer understanding of what's in their computer, and how it can be (mis)used. Hey, if I know your IP address and have a time, I'm just a subpena away from getting all the information your ISP has on you. Is that a big privacy concern? Not really.
    --

  • Same ones as static IPv4 (Score:3)

    by Greyfox ( 87712 ) on Monday October 02, 2000 @02:37AM (#740719) Homepage Journal
    Once static IPs become the norm (And it'll be much more feasible in IPv6) web sites will be able to track you by your IP address. They can do that now with static IPv4 addresses, but most web surfers get a different IP on a regular basis. DHCP is in common use on the cable networks and dialup PPP users almost always are stuck with dynamic addressing.

    There's not really a whole lot you can do about that (Maybe use an anonymizing proxy to hide the originating address.)

  • This doesn't make sense to me.

    (just to recap) Company X wants to make sure that only registered or correct boxes are using their VPN product. They do so by validating the IPv6 address which contains a variable portion (the provider address) and the mac portion (the network unique portion). So the VPN box in question strips out the MAC portion and goes to some table it contains which has EVERY SINGLE MAC address registered by the company using the VPN. Besides the obvious logistic problems (how is this table constructed). This is entirely spoofable. Let's start with the obvious - resetting your mac address to on allowable by the VPN software. Now if we're buying this box why can't we just waltz over to it and change the table? Or use linux or bsd and change your IPv6 address whenever you feel like it (for reverse engineering purposes).

    What is this mysterious "MAC algorithm" doing? Hashing your MAC address? Using a different has with the new box? Or are they setting your MAC address for you? What you seem to be suggesting is that company X can force a buyer to use a IP address. It doesn't matter if it's derived from the boxes MAC address or some other randomly selected source.
    gid-foo
  • I believe there is a performance hit when enabling MAC translation. I've not used it so I can't commment on how much of a slowdown there is though. -Pete

  • It wasn't so long ago that Intel was roasted over an open fire for embedding unique serial numbers in their CPUs. No matter how high and lofty their proclaimed goals were, we saw it as an easy way to track people. Even Amnisty International protested.

    Now, we see the emergence of the IPv6 protocol attempting to use the embedded supposedly-unique serial number (MAC address) of your NIC. Currently, we believe these numbers can only be tracked to a manufacturer. In time, this can change. If there is the proper political climate, it will.

    DHCP isn't perfect. The arbitrary assignment of an IP by your ISP can be traced- but it takes a subpoena and reasonable grounds for obtaining the information. By connecting the number you receive to something on your machine, you effectively remove the ISP as an IP broker. The result is your privacy just became that much easier to thwart.

    -Ouija-

  • Even with dynamic addresses, you cannot prevent "spywares" (say, those creates their own ID) or those nasty 1x1 GIF that tries to identify you, unless you run a firewall of some sort that filters outbound connections.

    I don't think IPv6 can address this...

  • This is a federally regulated government form. This form must be submitted, in writing, completely filled out, before your newly born child turns one (1) year old.

    As technology has become increasingly pervasive in our lives, it is now necessary to apply for a IPv6 address as well as a social security number. Your newly born child's IPv6 address will never be used to track or collect data, nor should it be used for identification purposes. The IPv6 address is there only to guarantee access to the Internet at large.

    Please note that an e-mail address in the form of first.middle.lastname.cityname.statename.zipcodena me@usps.com will also be issued with your social security card. (Please note that the address is @usps.com, @usps.org. The US Government is not happy with the .org designation, as it tends to be used less often as the .com designation.)

    Thank you for your continued tax payments.



    Welcome to the New World Order.

  • That was the point. :-)

    I was hoping to get a +1 Funny, but.. :-)

    -- Talonius
    • Even dynamic IPs as they exist now are not difficult to trace when the need arises (e.g., the Feds are trying to track someone down).
    • As the internet grows and your grandma's curling iron gets its own IP address, there has to be some way to organize those addresses and make it possible for them to interact in some sort of logical way; Unfortunatly, this inevitably will lead to a loss in privacy, because we're leaving the "primal chaos" stage of internet history that made anonymity so much easier.
    • Whether you like it or not, everything you do is being monitored anyway. It's just how America works. Companies want money (it's their whole purpose for existing, you know), and the best way to get it is to track exactly who you are and what you do. Every time you buy groceries, you're just a number in some great big SQL database in the sky.

    Privacy is in the eye of the beholder.

  • If there really do turn out to be serious privacy issues with IPv6, perhaps someone might want to start investing in an "anonymizing network" which would act as a sort of middle-man for internet activity. You view websites through a special browser, for example, that channels HTTP data through a network of dummy sites with IPs that are useless to big companies.

  • I don't think anyone disagrees that tracking people by MAC address gives the supply side an edge in their marketing powers. What I think people are concerned about is the worst-case scenario of a more solid, focused, revenue model.

    Adam Smith capitalism is supposed to be consumer driven, but lately we've been seeing power shift to the producers. That gets dangerously close to fascism when you see how government involvement plays in.

  • Doh - the other end can't force this - you can either say "use my MAC address to construct my address" or "use something else like this random number or address server ..." Like manufacturers routinely follow the specs to the letter. Here's an example, I'll go slow so you can follow me.

    Company X has a neat to VPN box for the SOHO. To make sure that their VPN boxes are only connecting to each other and not to someone that's trying to reverse engineer them, they use the MAC address as well as the IP when connecting. This allows them to have decent planned obsolescence. Change some MAC algorithm and voila, can't use old box with new box and new box's feature set.

    This is transparent to the end user, unless you try to VPN to the cube with your Linux/BSD/BeOS box and it refuses to connect. Then you realize that the MAC portion isn't optional. A company throwing stones in the path of the reverse engineer, and trying to lock a customer into their product alone could find some uses for the MAC in IPv6, and would NOT make it optional

    This is just one example that I came up with AFTER I read the spec the FIRST time around.

  • The fear is that the optional feature of ipv6 that incorperates a MAC address is a bit overblown. Remember the MAC address in the IP is optional. They (IP addresses and MACs) are both nothing but "unique identifer numbers. If your really worried about privacy then try the following.
    • Buy nothing from any vendor that forces your to use the MAC address option.
    • Buy nothing from any vendor that turns the option on by default.
    • Buy 4 NICs and switch them once a week, confusing the HELL out those bastards tracking you.
    • Fight any proposal to change that option to a requirement.
    • Scan the net a bit and use an open proxy server to surf through (obfuscation attack?)
    And of course my favorite; wear a latex suit and wrap your head in aluminum. This totally disgueses your actions on the Internet and makes you totally anonymous.

    PS priacy starts at home, is your phone number listed?

  • But considering how few people turned of the auto-run vbs script feature in Microsoft whatd'ya call it and thus left themselves open to the I Love You Virus, how many do you think will bother to check whether their IP is tied to the MAC. A lot of people I know have never heard of IP, let alone MAC.

    While us techies will have no problems, what about the ordinary people.

  • IPv6 will allow more people to have static addresses because more addresses are available. Whether static addresses end up becoming the norm remains to be seen. A dynamic system of assigning IP's to names would eliminate this problem and remove the problem of identifying users based on their IP address.

    The MAC address is completely independent of your ISP, it's hardwired into your Network Interface Card (NIC aka Ethernet card). DHCP can use MAC addresses to map the same IP to a given NIC.

  • It's so early.... I cannot seem to locate my pants.

    The first time I parsed that I read I cannot seem to locate my penis.

    Bobbitt!

  • The concern was that the unused part of the ipv6 addresses was being used to carry the ethernet id, hence you can identify any NIC anywhere on the internet. This sounds a bit dodgy to me because many people don't use ethernet to connect to the net.

    I suppose I should just read the old article. ;)

  • actually, you're wrong. More and more people are accessing the internet through ethernet every day...

    I'm not wrong, I simply said "many people don't use ethernet to connect to the net." And that stands as truth. The majority of casual net users world wide connect through conventional modems.

    Ethernet won't last long, anyway. I'd say about another 5-10 years and it'll be almost extinct. IPv6 will still exist, however, and that's where the problem lies; in using mac addresses to form IP addresses.

    Anyway, my point is that using hardware as part of a universal protocol is a stupid idea.

  • because MicroShaft likes to use it as a unique identifer which shows up in lots of documents that you create
    I'm sorry, but this is not a Micro$uck$ standard, but an OMG [Object Management Group] standard. It started with their RPC standard.

  • That's funny, and a good idea to boot!

    It might be better given the weird state of the laws in the U.S. though to use something like, 'IPPrivacy Inc.' or something similar. The ever-popular Acme brand ethernet adapters would work for Wile E. Coyote, why not me?

  • Indeed, but there are a lot of people that don't know any better and just use the OS that comes with their computer. Do you think MS won't add the MAC address as part of their IPv6, along with a whole load of crap that isn't in the spec. They should not have their privacy invaded just because their interest and abilities are different to those of geeks. The spec should be changed, why does anyone need to know my ethernet address anyway?

    And of course my favorite; wear a latex suit and wrap your head in aluminum. This totally disgueses your actions on the Internet and makes you totally anonymous.

    Whatever you do in the privacy of your own home is your own business (for now anyway) ;-)
  • The real Slim Shady.
  • And, to take care of any and all privacy concerns, there is always Freedom by Zero-Knowledge [zeroknowledge.com].

    The software in question routes all HTTP requests along an anonymous route of Freedom servers. Only the last and next hops are known to any server in the route; the destination node doesn't know where the request came from, and the intermediate nodes don't know the destination or the source!

    In addition to this, private email is included.

  • I particularly liked this statement from cluge:
    Scan the net a bit and use an open proxy server to surf through (obfuscation attack?)
    That would certainly not increase your privacy as the proxy would be able to track everything you do. I could setup an open proxy just for the sole purpose of tracking what websites hackers / crackers visit.

  • that's where the problem lies; in using mac addresses to form IP addresses.

    This idea is screaming, "LAME!" MAC addresses are only 48 bits; IPv6 allows 128 bit addresses. If the IPv6 designers thought 48 bits would be enough, they should go back and listen to Bill Gates say, "640K of memory is all anyone will ever need." They should look at our current 32 bit addressing scheme. They should look at me, connecting over a 14.4 modem.

    wrt DickBreath's reply, I don't know what'll replace Ethernet... but I envision going back to coax and using broadband on it (instead of baseband.) If you can cram video information for 50 cable channels on it, it should be reasonably high bandwidth.

    -- LoonXTall

  • Adam Smith capitalism is supposed to be consumer driven,

    I promise you that it isn't, and Adam Smith agrees with me. The idea of systematically rebalancing economic power away from the owners of the means of production is one that only arrives after Marx, let alone Smith. And I think you may be working from a wonky definition of "fascism", too.

  • He's talking about the basic old supply-and-demand stuff that assumes the consumer has as much market power as the producer

    You'll find this assumption nowhere in Adam Smith; the perfect competition model basically comes in with Samuelson, or with Debreu and the Lausanne School at a pinch.

    Adam Smith was an actual person, who had a very specific view of political economy. He wasn't a minor pagan deity to be invoked in support of any random argument you might care to support with a vaguely free-market flavour.

  • this is not a first post.
    just wondering how is this worse than ipv4?
  • Some people do not use NIC with MAC address (dial up users) so that part of the spec must be optional.
  • America-centricity aside, this problem is not specific to the states.

    Most massive corporations who would be capable of effectively tracking your data are multinationals anyway. The mom&pop grocer down the street knows my name and what I buy, but they don't need a SQL database to tell them that. The potential for abuse, or at least for annoying targeted marketing exists with the big boys, and they have fingers in every pot.

    However, I disagree with the original poster's reason for bringing this up. The fact that privacy is being encroached in so many ways does not mean that we should shrug when we know about it. Speaking against privacy issues as they arise in technology, in this case IPv6, is vital to the success of tech. At the very least, being aware of what the issues are, or that there is potential for problems is valid and worthwhile.

    ---
    "The Constitution...is not a suicide pact."
  • So it's basically the same as IPv4. Except as the technology moves on and more people are moving from dial-up connections to fixed connections, there is more chance the user will have the same IP address. So why is this different from IPv4?

    Also won't most ISP's be giving you your IP address anyway? This will remove all possibility of the address containing your MAC address, unless they give you the remaining 64bit address space. . . and we can all see that happening can't we :)

  • Cans and a LOT of string.
    Wouldn't have to worry about lag then... just knots. :)

    -- Sig (120 chars) --
    Your friendly neighborhood mIRC scripter.
  • My roommate happens to run ipv6, and i can *assure* you the issue over the MAC address inclusion is far from the truth. Parts of the MAC are used in the address, as well as probably the last 2-3 fields. You can't possiblly track a NIC down with that information. A MAC has 2 principle parts: a manuafacturer ID (the first 2-3 fields) and the variable part (the rest of the MAC).

    This is the general case, since depending on the OS, your MAC could be read differently.
    You can even kernel hack it in Linux to create a different MAC! (someone I know did that and changed their OS to report '00DEADC0FF33' as the new MAC).

    All of this variability and recombination makes it very difficult (if impossible) to deduce the MAC from the ipV6 address. The other hex parts of the address are generated on the fly anyway, when you get assigned your address after boot.

  • I'm curious. What, in your opinion, is going to replace ethernet?
  • If this is true, then it seems that all that is required is for the Linux implementation to have a feature where the system admin can choose what NIC address they want to pretend to have. i.e. you set what NIC address is used in the extra address bits of ipv6.

    Maybe even use a different random address on each new connection (not each packet).

  • Maybe not all that hardwired.

    Can't you reconfigure most cards to have whatever MAC address you want? (Not that you should go doing this.)

    Or, couldn't the ethernet driver be programmed to "pretend" to have a different MAC address? Send out all packets with a fictious MAC. Listen in promiscious mode for packets addressed to that MAC. In fact, one machine could pretend to be several.

    I understand the efficiency issues, but Moore's Law and all that.

  • Hmmm. This got me to thinking.

    If you change your MAC to mask your identity, you should change the manufacturer-field part of the MAC to indicate that the manufacturer is something such as:

    • Mattel
    • Sunbeam
    • Kenmore
    • Hoover
  • What about a Gnutella-like proxy system?

    You run a local proxy agent. It connects to a Gnutella-like network. When you visit a web page, each seperate URL request, each seperate graphic, etc. appears to come from a different location.

    It just occured to me, well, what about if the graphic was customized for you, such as a bar-chart of your neighbor's penis sizes or something. Then you would never see the right graphic in the page. Well, maybe the URL to get the graphic contained a session id, and you still got the right graphic even though it was requested from a different IP address. I haven't really thought through any possible problems by having each seperate URL hit come from a different location, yet still all come back together on your browser to render a coherent page.
  • When using the telephone, you usually don't want/need to be anonymous.

    The Internet is used in an entirely different way and for different purposes. Entertainment device. Shopping. Posting trolls and flamebait. Cr/Hacking into Slashdot. :-)
  • Why a special browser?

    Why not just a network of anonymizing proxies?

    Maybe a Gnutella-like network of such. Just set the HTTP proxy in your current favorite browser to use a nearby node on the anonymizing net.

    As a single web page loads, each seperate graphic and page element URL hit appears to originate from a different location.
  • Static IP won't be the norm, it's a pain in the ass to manage
  • actually, you're wrong. More and more people are accessing the internet through ethernet every day.. most of these people come through broadband connections (cable/dsl) and have to use a NIC. I'm sure IPv6 is a while off for the public, but it's never too soon to start worrying.

  • The MAC address isn't the whole problem. (Score:4)

    by b1t r0t ( 216468 ) on Monday October 02, 2000 @03:38AM (#740760)
    Sure, the MAC address is isually a part of your fixed IPv6 block, and it's particularly annoying because MicroShaft likes to use it as a unique identifer which shows up in lots of documents that you create. The default way of creating a IPv6 address includes this, even if you're using a DHCP-like protocol for the high bits (prefix) of the address. (IPv6 customer blocks are planned to be assigned as the first 64-80 bits, with the low bits being assigned by the local machine).

    But even then, the ISPs may go to fixed IPv6 blocks for customers, so changing your Ethernet MAC address won't be enough. They can simply track your entire LAN full of computers through your prefix address.

    Now, there's nothing that says you HAVE to use your MAC address for the low 48 bits, it just has to be unique, and that's (supposed to be) a unique identifier. (Though I have heard tales of runs of Ethernet cards with identical MAC addresses in their PROMs.) But even if you go changing that around, you may still have the same prefix assigned by your ISP every time your connect, and you can be tracked with that.

    So the ISPs still need to provide a DHCP-like protocol to allow you to have a (somewhat) random prefix. But they don't have much incentive to do so, because 80-96 bits is so large, they won't run out of IPs. Right now DHCP and PPP automatic address assignment is so important because IPv4 address space is tight, and if you have a 10-to-1 modem pool, you only need an IP block large enough for your modem pool and your maximum expected number of customers who disconnect their computers when they aren't using them.

    And again, even if they do, your computer could still be using the same MAC address with every prefix. So the MAC address isn't the whole problem, but it seems to be the bigger problem, because it will normally be assigned by the user's machine.

  • As a quick summary of the address generation procedure:
    The machine starts up; it assigns itself a bootstrap address (potentially using the MAC address) which will never exit the local network; it uses this to find a local router; it asks the router how to obtain the IP address to be used within the organization and/or globally. The router will either give it a network number to prefix the MAC address with, or the IP address of the local DHCP server.

    So it is completely up to the network admin how to trade simplicity for privacy. draft-ietf-ipngwg-addrconf-privacy-03 [ietf.org] contains a must-read evaluation of the privacy concerns.

    -Marcel

    BTW: The IP address is longer than the MAC/EUI-64 address to simplify routing. It would be plainly impossible for every router in the world to keep track of each of the several hundred million hosts around.

  • The MAC address has absolutely nothing to do with Apple Computer in Cup-of-tea-now, right?
  • Don't flame, just wanted to make sure that Steve Jobs didn't proprietarize yet another piece of networking. BTW, what exactly does it stand for? (and I never took Networking yet; I learned all I know about TCP through experience. So don't be so arrogant as to criticize the professor of experience; he will smite you someday.)
  • Hmm, any one want to sign-up with zero's ISP. One high-speed 56k dail-in (323 area code in the usa) and one 1 gig of web space. hell you send us a linux box and I'll put it on the network which has an ADSL.
  • What's the point of that? You'd just get a blank front page...

    Those aren't compiler warnings; they're suggestions.

  • Well, that link is good enough for most of us to remember, but for the benefit of the /. crew, I think it ought to be posted twice (since everything else is lately):

    Article: Statement on IPv6 Privacy Concerns [slashdot.org] .
    --

  • What we need is a program that will automatically change your mac address as it is sent in predetermined intervals. I am not a programmer so I don't have a clue how something like that would be implemented. Tracking you with it would be very obsfucated if it changed every day, or even every few minutes.
  • Thankyou

    Another IP address to add to my list

  • If I host it, can I keep/sell/abuse the information passing through my net please?
  • The privacy concerns you are talking about is embeding mac addresses into your ipv6 address something thats entirely optional. there isnt any privacy concerns with ipv6.
  • Ethernet won't last long ? How do you come do that conclusion ? Currently ethernet is the cheapest, fastest, and most widely used technology for home and business networks. With 1GB ethernet currently being employed in the highest-end networks, eventually coming to the home (granted it will be awhile) and the new 10GB ethernet standard on the horizon, how can you possibly say it'll be extinct in about 5-10 years??? Granted coax cable has potential I doubt it will ever be able to surpass the ether.
  • That was my first post ever, and this is my second!

Slashdot Top Deals

I tell them to turn to the study of mathematics, for it is only there that they might escape the lusts of the flesh. -- Thomas Mann, "The Magic Mountain"

Close