Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
The Internet

Statement on IPv6 Privacy Concerns 68

angio writes "As a followup to the IPv6 privacy concerns (discussed in this slashdot news item), the IANA has released a statement addressing these concerns. Their major point follows the objections slashdotters raised, that is, that IPv6 does not require divulging the hadware address. Good to read. "
This discussion has been archived. No new comments can be posted.

Statement on IPv6 Privacy Concerns

Comments Filter:
  • I have to argue with you when you say that IPv4 doesn't leave a paper trail. IPs are registered to ISPs and even if you're on a dialup with dynamic IP, all (smart) ISPs keep logs of authentication which almost always included the IP you logged in with and the times you were on. If one ISP needs to find what user was doing what with X.X.X.X IP, all they have to do is ask the user's ISP and they can find out.

    MAC addresses are only registered in blocks to manufacturers and as such, are much more difficult to trace back to you. That's not to say that ad agencies can't track a MAC address from site to site but they can't say 'This MAC address belongs to Joe Schmoe' unless you tell them you're Joe Schmoe.
  • by Plasmic ( 26063 ) on Friday October 22, 1999 @11:27PM (#1593565)
    I think the primary question everyone should be asking themselves is:

    Even if IPv6 is as horrible as the most skeptical, paranoid, privacy-centric folks think it must be, how could it possibly be any worse than IPv4?

    The answer is (get ready for this, cause it's a huge surprise): it couldn't be. Under IPv4, it's simple to find out the geographical location of every web surfer as well as what ISP you should contact should they be doing anything bad. If they have a static IP or they have cookies enabled, it's also simple to tell if they come to your site often. All of these can be bypassed (disabling cookies and changing your MAC address), as most of the world is aware.

    Even under the guise of part of your IP address being "randomly generated," it's still traceable directly back to your ISP, for all intents and purposes.

    In other words, what on earth is anyone worried about? I see comments like "Well, it sounds good, but is it really?" and "Be careful.. 128 bits is a lot of IPs.. the government must be spying on us," (among others which have no real logical basis and leave me wondering why the poster is imparting his lack of knowledge upon us).

    For those of you who aren't aware, the IETF is a highly respectable organization. If you can trust them with the responsibility of making every other protocol you touch, then surely this one isn't too much of a leap. The last thing you have to worry about is that they would intentionally deceive you into adopting some sort of covertly anti-privacy concept (don't think for a second I'm asserting that everything that the IETF produces is perfect.. merely that they're honest and have genuinely good-karma-filled intentions).
  • The nice thing about an Ethernet MAC address is that it is guaranteed to be globally unique, although I've heard that isn't true for certain very cheap, brain damaged Ethernet cards made in Taiwan.

    That is the reason that it was included as part of GUIDs and UUIDs by Microsoft and many other software developers. It wasn't a global conspiracy to track computer usage.

    A 64 bit random number would work for IPV6, the trick is generating it. Linux has /dev/random but it might be more difficult on other operating systems.

  • Let's say your MAC address is part of your IP address, as IPv6 will have. You go to a website that asks for your name and other personal information. They put your MAC address in a big file along with all your other information and start selling it off to tons of other sites. All of a sudden the entire corporate, privacy un-trusted internet knows who you are without you even telling them.

    IPv6 addresses will also be assigned in blocks, no? Even if that one part of your address can only be traced to your card manufacturer, your entire IP can still be traced back to you through your ISP, whether it's IPv4 or 6. Only this way, since MAC addresses are globally unique in the hardware, the FBI comes and confiscates your computer, notices your MAC is the same as who they're looking for, and they have irrefutable evidence that they are who they say you are. Some might say this is a good thing, but even if it were, the first part isnt worth the advantages of the second.



  • This is sort of like asking if your serial card supports PPP -- IPv6 vs. IPv4 is handled by a higher protocol layer and the card doesn't get involved at that level.

    The one gotcha with ethernet hardware is that v6 makes somewhat heavier use of multicast (in place of broadcast), while most existing ipv4 systems don't use multicast at all. Certainly all earlier 3c9xx cards can deal (I'm running a small v4/v6 net at home using a mix of hardware including 3c905's and 3c900's and they're doing just fine). A more likely compatibility problem is incomplete drivers which don't know how to program the multicast receive filters on certain ethernet NIC's.

  • True, but on a busy subnet, I'd really prefer not having to do that, since as someone else pointed out it normally puts the NIC in promiscuous mode. If you could tell the NIC to respond to more than one MAC though....
  • I'm obviously missing something here - if a random number is used as part of the address, how do other computers locate the computer at that adrress?
  • by Decibel ( 5099 )
    I'm not sure exactly what you're asking, but you'd probably find the answer if you'd read the farking article. They state that you can assign a fixed IP to a machine. If you're reffering to how do packets get back to your machine (ie, when you request a web page), then it works the same way as today; you send your address as part of the request.
  • Yes, assuming you are using an operating system and a new nic that supports it, you can change it.

    For the fun of it set it to 00:DE:AD:00:BE:EF :)
  • Once the packets go from you to the router, you can attach the address of the router to the packet. The server then communicates with the router, letting the router keep track of the machine on it's local network, which knows who all the machines are.

    I'm not sure this is how it goes, but this seems like the logical way to do it.
  • From the article:

    An Internet device that is intended to be a target of communication initiated by other devices must have a unique IP address that is stable over a relatively long period of time, just like anyone wishing to receive telephone calls must have a unique and stable telephone number, and anyone wishing to receive postal mail delivery must have a unique and stable postal address. The presence of unique, factory-assigned serial numbers on common LAN adapters, such as Ethernet adaptors, makes it possible to reliably generate unique, stable IPv6 addresses for such devices, without requiring either manual configuration or separate address-assignment servers.

    This is a neat feature, but my question is this: what happens if the NIC that you were using dies? Can you continue to use the same serial # based address with a new NIC?

  • If somebody can answer this to get it out of the way, I'm just posting it to be thorough and polite:

    There is much use of the words "not required." Does this mean that the specs and standards don't require hardware IPv6 addresses to be transmitted, but allow it? Or does it mean that the specs and standards require the system to not require the hardware addresses? Could somebody design or build something to take advantage of hardware addresses, despite the specs and standards?

    Somebody's got to ask the stupid questions, for the masses, you know.

  • Then why isn't IPv6 just 0.0.0.0.0 instead. Seems to be it would make life a lot simpler. And I don't think 255^5 IP addresses will go to quickly.....
  • by Ryandav ( 5475 ) on Friday October 22, 1999 @06:09PM (#1593586) Homepage Journal
    It's almost like the author of this article _actually_reads_ this forum.

    I have to say that this is one of the reasons that I like slashdot. It's a meritocracy of ideas, because the people who often best understand a technology are on hand to help explain it to those in another area of expertise. The amount of (unintentional) misinformation floating around here is uncharacteristic of the forum.

    Rob, you rock. And if nobody's said that lately, it's never because you've been taken for granted...
  • i said it before, i'll say it again.
    Compliments of the linux.com tuning guide :
    On a related note, you can also have your card use a different MAC address

    ifconfig eth1 hw ether deadbeef0001
    (this needs do be done while the card is down for obvious reasons)

    now your card will answer all arp requests with DE:AD:BE:EF:00:01.

    Note:
    The kernel performs this trick on most cards by setting the card into promiscous mode and using software to filter out all MACs that
    aren't yours which stands to reason it would be slightly slower than just using your real MAC.
  • because the ip numbers will go faster than we think they will(especially if sun gets their way). so we should make a wealth of them so that we aren't required to fully update the ip system anytime soon. I just hope that people make all computers, routers etc IPv7-10 compliant-so that we won't have to ditch good equipment when everyone needs to upgrade.

    matisse:~$ cat .sig
  • As mentioned in the article, the number can be generated in a number of ways. What is important is that the number is unique and known to the rest of the world, not that it is random or that the number includes your hardware address. Currently we have servers (DHCP)to hand out IP addresses, and DNS servers to track who has them. You can generate any IP address you want, so long as it is unique and that the DNS servers, routers, and so forth know the IP address so they can route to it.

    In other words, if you don't want to use the hardware address option, you can use one of the tried and true methods that have always been used to generate unique IP addresses.

    Also as the article pointed out, devices that don't need to be contacted, but just want to spit info out somewhere don't need a stable IP address.

  • OK, I get your point, I was confused how often your address changed. It sounded almost like they were sending out a different random number as part of each packet - that would make it awfully difficult to route responses.
  • IPv6 addresses are 128 bits, typically partitioned into 64 bits of network number and 64 bits of host number. The host number can be assigned manually (as is typically done today with ipv4), derived from a 48-bit or 64-bit MAC address, or (this is what's new in the privacy proposal) generated randomly in a way unlikely to collide.

    The network number is assigned by the network and is used to route the packet back to you, just as in IPv4.

    See RFC2373: IP Version 6 Addressing Architecture [isi.edu] as well as Privacy Extensions for Stateless Address Autoconfiguration in IPv6 [ietf.org] for more details.

  • this IETF statement smells a little too much like the kind of letter a telco sends when it's rais^W giving you a discount. the fact that the IETF isn't requiring a unique identifier isn't very comforting: they could just as easily recommend - which goes a long way - that no packets carry a persistent identifier other than an IP address. let vendors and sysadmins build in optional peristent IDs for those who want them or situations where they're needed.

    the vast majority of traffic on the net involves this statement's second category, "less trusted targets," and that proportion will only grow over time, to the point where implicitly trusted traffic is a barely expressible nanopercentage. if in fact the IETF is interested in articulating a structure that will reflect those plain facts, then they should skip this kind of condescending "explanation," with it's "there's two situations" stuff, and base their analysis on the actual directions in which the net is developing.

    IPv6 offers a chance to develop a protocol that will allow the net to develop into a field for truly open, random, and free social engagement - or to become a tool for systematic surveillance by those in a position to do so. and note well: encouraging persistent, unique IDs will put a lot of people in a position to do so.

    we'll see what the IETF decides on this - and on the question of whether "the IETF [should] develop new protocols or modify existing protocols to support mechanisms whose primary purpose is to support wiretapping or other law enforcement activities." [ietf.org]
  • It seems to me that people want both privacy and security . No one can talk to you unless you reveal your address to them. It's that simple. What people really want is anonymity. This can/should only be done through trusted third parties. How many third parties can you trust -- not many if any at all.

    In order for there to be security on the internet, we must be able to verify who sent a packet and that requires knowing the address sending it. Which do we want? I vote for security. You can also use tunnels to hide networks (and therefore addresses) behind edge devices like VPNs.

    matt
  • What if everybody starts changing their hardware address to this deadbeef0001? If it really changes the hardware address, isn't gonna affect the operation on the LAN (ie, no cards can have the same hardware address)?

    Is this actually changing the hardware address or is it just masking it? I tried it and it changed, but upon a reboot went back to the old value (which tells me it's wired inthere somewhere).

    Just some thoughts.

    Geoff Wozniak
    gzw@home.com
  • Most of you have no clue what "FUD" means. You just see other people using it and think it's a nifty cool Linux hacker buzz-word that other people don't know. Just because somebody doesn't know that the MAC address can be changed in many ethernet cards doesn't mean he's trying to spread "fear, uncertainty and doubt" about Linux.
  • they could just as easily recommend - which goes a long way - that no packets carry a persistent identifier other than an IP address. let vendors and sysadmins build in optional peristent IDs for those who want them or situations where they're needed

    This is implicit. As far as I know, this is precisely what they're doing. Admins can create/generate the link identifier however they want. It was only a *suggestion* that they use the MAC address, since it was already there, and essentially guaranteed to be unique. Sysadmins can use numbers from 1 to a billion for all of their machines, or generate random numbers to fill in the link identifier.

    At least this is how I read it..
  • I suppose you pay cash and wear rubber gloves so as not to leave fingerprints behind too, yes?

    This thread is growing very old and very stale. MAC addresses were never a requirement of the IPv6 address specifications, and the IETF is essentially pointing this out. If you don't want your ISP to assign you a static IP address (in any form, which would, in IPv6, involve a fixed link identifier), just as you do today, ask them for a dynamic one or take your business elsewhere. IPv6 provides no additional "anonymity" constraints over IPv4.

    The truth of the matter is that the privacy nuts blow everything out of proportion whenever somebody whispers "hmm, couldn't this keep me from being totally anonymous?" regardless of how informed the speaker truly is. The people who know better then have to deal with migrains as we struggle to find small enough words to explain what's really going on, only to have said privacy nuts say, "well you're speaking on behalf of the evil corporations, so you must be lying or you are an evil anti-first-amendment communist bastard!"

    It's a no-win game, and frankly, I'm sick of playing.
  • Joy, another "Big Brother" reference.

    Contrary to what you seem to think, not every Internet host is owned/used by a dialup user. Things like routers, web servers and people that secretly know their IP address isn't being cross-referenced in some database along with their sexual orientation, want and in many cases require their IP address to be static.

    Now, to generate these static IP addresses, the IPv6 address specification says that there's this huge link identifier part of the address that conveniently is able to hold a MAC address, thus instantly guaranteeing a unique IP address on the local subnet (where it needs to be unique). No administration headaches involved.

    OBVIOUSLY this will not be the best solution for all IPv6 hosts. There are reasons certain IP addresses would need to remain unique, such as in the event of a machine upgrade (swap-out) where the IP address is important (such as a name server).

    An "Internet cafe" does not need cryptographically-secure random link ID's for each of its machines. MAC addresses would work perfectly with a minimum of administration.

    The people responsible for implementing IPv6 are not idiot buffoons. They tend to be highly educated network and electrical engineers. No offense to you, but I really think they're smart enough to figure out how to implement IPv6 on their own. I sincerely doubt they've all been reading the IPv6 spec and saying to themselves, "well err durrh.. it sez mac address so let's use mac address!" If you're really concerned that vendors are going to implement IPv6 in this fashion, perhaps you should write them a letter and ask them.
  • Nowhere in the IPv6 specification does it say, "All users must have a static IP address."

    Just like in IPv4, this is ENTIRELY UP TO YOUR ISP. The growth of IPv6 address space merely makes it easy for your ISP to use a static IP address should they so desire. If you don't want one, let your ISP know that static vs dynamic IP addressing is a factor in your decision to continue doing business with them.

    Of course, the alternative to keep people from performing their various DoS attacks on you is not to try and flex your IRC penis and piss people off, but hey...
  • If your NIC dies, and you need to put in another one, you're going to need to restart the machine anyways, so the only reason you'd even need the same persistent IP is if the machine itself were a server.

    In that case, just manually set up your IP address so that it's the same as the old one. No MAC modifications necessary. Remember: the MAC address suggestion was just meant to be an easy method for obtaining a link identifier that didn't require manual intervention. If your machine is acting as a server, you'd probably want a manually specified IP address regardless.
  • There's this common protocol called IPX. It uses MAC addresses as part of the logical addressing. I hear no outpours of protest.

    Either way, why does it matter? Its easier to trace an IP address than MAC address. IPs are registered with your ISP, while MAC addresses are reigistered with the manufacturer: all they know is that your NIC is made by Novell or Cisco. And anyway, a few minutes and a large hammer will elimate all proof of a MAC address. Try doing that with an IP!

    Peter Pawlowski

  • The kinds of things which IPv6 was created to do can be achieved without referencing any kind of unique number that can be tied to a specific computer. The only way to truly achieve privacy is to make certain that addresses cannot be directly traced back to a host without going through a virtual "paper trail." IPv4 can do this, therefore IPv6 must be able to before it can be trusted as a viable Internet protocol.

    In other words, all references to a MAC address need to be removed from the IPv6 standard, at least as pertains to network addressing. This can be done, despite what the IANA would have us believe. Verification of the origin of a packet/message/whatever can also be done without resorting to MAC addresses, so it's still possible to have both privacy and security, without letting Big Brother get in the way.
  • The old standard used 4 bytes, the new standard 128. They said: What to do with all those extras....Why not have one option of sticking the 8 or so Ethernet ID bytes into the end? There's room!

    They have dreamed up a number of different options for using the 128 bytes and this is only one.

    Because Ethernet card IDs are pretty well unique, this is a 'fingerprint' to one's machine. Part of the Ethernet address is the Vendor ID, part (presumably) is the type of card, then serial number.

    The issue is not the option of using it, the issue is that the *capability* exists. It is then possible for some governing body to mandate its use.

    That isn't likely in North America or Europe, But in other states which are uneasy with internet related freedoms and privacy, it is much more likely--and dangerous.

    Cheers All!
    Bobzibub.

    'Nobody here's stupid Bob!'
  • The specs allow it, it is not required, but really, people can do whatever they want. I could devise an IPv4 based system that required each packet to contain an address and valid credit card number (if I was crazy). This worry over IPv6 is mostly paranoia. Yes, IPv6 makes using a hardware address for IP address assignment more feasible, but if someone doesn't want that then find another internet feed that has different rules.

    Ben Higgins
  • by Anonymous Coward
    IPv4: 32-bit (4 bytes) address
    IPv6: 128-bit (16 bytes) address
    Ethernet: 48-bit (6 bytes) address
  • This is frivolous, but:

    I suspected that I knew the answers to my questions, but I actually picked up some well described technical stuff that I didn't know! Rad!

    This goes to the other people who replied as well.

    I'd moderate all of your answers up as interesting, if I could.

  • Given the complexity of IPv6 addresses anyways, DNS will probably play a greater role under IPv6 than IPv4, where static IP's were common. If an IP address changes every few weeks, it's probably a lot easier just to use already standard dynamic DNS to keep track of the new IP address.

    So even if your machine *does* act as a server, so long as it isn't a major Internet infrastructure type of thing (such as a name server), so long as the hostname was kept updated with the correct IP you shouldn't really need to worry...

    But yah, IPv6 doesn't *remove* administrative options in the least for selecting IP addresses, so you're always free to manually specify an IP if you need to.
  • If, as IETF's statement on IPv6 Address Privacy states, "The privacy of communication is a major issue in the Internet Engineering Task Force", and if they've Done The Right Thing here...

    ...then when can we expect a similar statement about IETF and wiretapping standards [slashdot.org]?

    While I'm encouraged by IETF's sound technical and privacy statement on MAC addresses in IPv6, there's a second issue that's still open. IMHO the technical and privacy factors are even stronger when it comes to decisions that amount to building a security hole into the system.

    If a pro-privacy stand was the right thing for MAC addresses in IPv6, then it's even more so for CALEA and other wiretapping "standards".

  • One Big Whoops!!!!
    I shoulda known better.
    -B.

  • by jd ( 1658 )
    IPv6 doesn't have a notion of static IPs. You can't only not be forced to have one, you can't even GET one!

    IP's are generated EACH AND EVERY TIME you connect to the Internet, move from ISP to ISP, or even if your ISP moves from one ISP to another.

    IPv6 IP addresses are STRICTLY transitory. They have NO permanence. They last as long as YOU want. Unlike IPv4's "dynamic allocation", though, the numbers aren't picked out of a preset pool. IPv6 is based on transitions, not permanence.

    Oh, and if you piss people off, chances are it's not their fault. Yes, they get to pick their reactions, and if they react badly, that is their problem, but if you act like an idiot, you can't blame that on others, either.

  • At the risk of sounding stupid (a common risk I know) what's the beef with this deadbeef stuff (pun intended).

    I have a kind of vague cultural memory about it - hex digits spelling a word - someone filling core memory with it (IBM or VAX??). Remind me.

    Also am I correct in imagining that this was the inspiration for freshmeat.net.

    Ignore me if this is worn....

    Sean
  • Old IBM Mainframes did it. See the jargon file [wins.uva.nl]:

    DEADBEEF /ded-beef/ /n./ The hexadecimal word-fill pattern for freshly allocated memory (decimal -21524111) under a number of IBM environments, including the RS/6000. Some modern debugging tools deliberately fill freed memory with this value as a way of converting heisenbugs into Bohr bugs. As in "Your program is DEADBEEF" (meaning gone, aborted, flushed from memory); if you start from an odd half-word boundary, of course, you have BEEFDEAD. See also the anecdote under fool.
    --Joe
    --
  • by Mr Z ( 6791 )

    A number of people have posted the same misinformation, namely "Yeah, you can tell it to act like it has a different MAC address, but it'll put you into PROMISC mode and slow your machine down, etc. etc."

    Most of these people are probably not actively trying to spread "fear, uncertainty, and doubt" about Linux. However, some people may use that information as FUD. The difference is intention. I guess it's that fine line between "stupidity" and "malice."*

    --Joe

    * For those who didn't catch it, I'm referring to Hanlon's Razor: "Never attribute to malice what can be adequately explained by stupidity."


    --
  • actually, my laptop (Sony Z505S) has an on-board eepro 10/100 which seems to work just fine with ipv6 under NetBSD; seems to deal with multicast traffic for neighbor discovery just fine. when in doubt, look at other open-source drivers for clues on how the hardware works..
  • I would say far from most. It's an elementary security precaution not to bind NETBIOS (used for file/print) to a dialup adapter.

    The author is describing a cable modem/ADSL setup via the Ethernet port, with multiple local hosts. That doesn't sound like a typical configuration to me. Really, if you're going to leave your machine online via a semi-permanent mechanism like that you ought to make some effort to harden it.

    Even with Linux, OpenBSD or whatever, one of the first moves in connecting a local network to the Internet is to do it via a machine with two NICs, disabling unecessary services on the external one.

    If you just bang in a permanent connection to the Internet, having others track your MAC address is going to be way down your list of things to worry about.

  • A lot of /.ers don't seem to be thinking very far ahead on this thread. Try to think 10 or 20 years ahead, and realise that whatever the future looks like, IPng is likely to be a key part of it.

    The typical case today where the most common item assigned an IP address is some flavour of PC just won't be true anymore. One can safely predict that the majority of IP aware devices won't even have keyboards.

    We need autoconfiguration folks! We've come some way down the line with DHCP, and with dynamic DNS updates a bit further. However, it's all a bit overkill for the simpler situations.

    Maybe the IETF screwed up slightly by doing the obvious thing (which various vendors have done previously). But it's easily fixed.

    The whole issue of reprogramming your NICs MAC address is an irrelevance. If you're going to go to the trouble of doing that, just use a manual IP address. But remember - there are billions of them for each of us.

    The next person who suggests manual configuration is the answer to it all gets a jar of nanobots, a magnifying glass, and a small screwdriver to set their IP addresses (via DIP switches) dumped on him.

  • Why not put other more useful things in there? It seems to me that PGP digital signatures (or some other encryption dig. sig.) could be useful.
  • The current situation is this: Any PC running Windows 95/98/NT with the Microsoft network client installed will give it's MAC address out if you query it. Hence the vast majority of all computers on the Internet right now give out the MAC addresses.

    See this article for a complete explanation [securityportal.com]

We have a equal opportunity Calculus class -- it's fully integrated.

Working...