I'm doing an article on IPv6 and am looking for comments - here is a
portion on IPv6 which relates to the privacy issue ... any comments,
crtics or interviews welcomed.
-- snip
As you know IPv6 is a suite of protocols for the network layer of the
Internet which uses IPv4 gateways. It's purpose is to expand address
space. At this time IPv6 comes prepackaged with all popular operating
systems. This includes all flavours of unix , windows and Mac OS.
IPv6 is designed to solve many of the problems of the current version of
IPv4 with regard to address depletion. The goal is to use IPv6 to expand
the capabilities of the Internet to enable a variety of valuable
peer-to-peer and mobile applications. According to many industry pundits
it is the future of networking.
However IPv6 has many privacy issues. IPv6 address space uses an ID
(indentifier) derived from your hardware or phone. "That allows your
packets to be traced back to your PC or cell-phone" said <censored>.
<censored> fears abuse as a hardware ID wired into the ipv6 protocol can
be used to determine the manufacturer, make and model number, and value
of the hardware equipment being used by the end user.
Ipv6 empowers the business community by providing a means of identifying
and tracking users. Under Ipv6 users can be tracked and income
demographics determined through hardware identification.
Many members of the networking community have addressed concerns that the
technology could result in potential abuse and <censored> warns users to
think twice before they buy themselves a used Lap-Top computer and inherit
all the prior surfing history of the previous user?
Ipv6 uses 128 bits to provide addressing, routing and identification
information on a computer. The 128-bits are divided into the left-64 and
the right-64. Ipv6 uses the right 64 bits to store an IEEE defined global
identifier (EUI64). This identifier is composed of company id value
assigned to a manufacturer by the IEEE Registration Authority. The 64-bit
identifier is a concatenation of the 24-bit company_id value and a 40-bit
extension identifier assigned by the organization with that company_id
assignment. The 48-bit MAC address of your network interface card is also
used to make up the EUI64.
-- snip
ooh how exciting, you can tell who uses 3Com network cards
Most networks eg P2P will use /127 and not use MAC anyway so I cant see this
being a privacy on issue on anything but end devices and you can override if yuo
feel the need...
On end devices by default yes it uses mac, I cant see why this would be a real
security hole.. vulnerabilities exist in the OS/Apps not the hardware. For the
paranoid theres no reason why yuo cant manually assign the full IPv6 address
anyhow, the use of MACs is only there to provide convenience so users dont need
to configure their networks.
NMAP fingerprinting is of far more interest than what NIC vendor whitehouse.gov
uses (unless your doing market research on NIC cards I guess
I'm doing an article on IPv6 and am looking for comments - here is a
portion on IPv6 which relates to the privacy issue ... any comments,
crtics or interviews welcomed.
-- snip
As you know IPv6 is a suite of protocols for the network layer of the
Internet which uses IPv4 gateways. It's purpose is to expand address
space. At this time IPv6 comes prepackaged with all popular operating
systems. This includes all flavours of unix , windows and Mac OS.
Windows? I don't think so, not yet anyways
IPv6 is designed to solve many of the problems of the current version of
IPv4 with regard to address depletion. The goal is to use IPv6 to expand
the capabilities of the Internet to enable a variety of valuable
peer-to-peer and mobile applications. According to many industry pundits
it is the future of networking.
However IPv6 has many privacy issues. IPv6 address space uses an ID
(indentifier) derived from your hardware or phone.
Hmm - if you mean that there will now be enough addresses to assign each
device its own IP6 Address - then yah. Other than that, how is it "derived"
from the hardware.
Ipv6 empowers the business community by providing a means of identifying
and tracking users. Under Ipv6 users can be tracked and income
demographics determined through hardware identification.
Many members of the networking community have addressed concerns that the
technology could result in potential abuse and <censored> warns users to
think twice before they buy themselves a used Lap-Top computer and inherit
all the prior surfing history of the previous user?
Hmm - again, I would be upset if I wasn't able to CHANGE the IP6 addy
because this would be true.
Ipv6 uses 128 bits to provide addressing, routing and identification
information on a computer. The 128-bits are divided into the left-64 and
the right-64. Ipv6 uses the right 64 bits to store an IEEE defined global
identifier (EUI64). This identifier is composed of company id value
assigned to a manufacturer by the IEEE Registration Authority. The 64-bit
identifier is a concatenation of the 24-bit company_id value and a 40-bit
extension identifier assigned by the organization with that company_id
assignment. The 48-bit MAC address of your network interface card is also
used to make up the EUI64.
I'm definitely not an expert, but my understanding is that the left 64
bits are structured as a EUI64 "address" but are not REQUIRED to be
your systems MAC address. By default, your system may choose to populate
the bits with your MAC, but your system code also choose to populate
it with something else. This gets around privacy issues (i.e. CNN
being able to track my travel habits by watching their web server access
logs) but it does pose some interesting issues for filtering at an Enterprise
which wants to give certain levels of access to certain people.
You might want to pose your question to one of the IPv6 mailing lists -
either 6bone@ISI.EDU or users@ipv6.org.
Since it so easy for a host (relative to ipv4) to have multiple ip addresses, I like what Microsoft has done. If told by a router, a Win XP box will assign itself a global unicast address using EUI-64. It will also create a global unicast anonymous address. This will not be tied to the hardware, and the OS will also limit how long it uses that address before deprecating that address and creating a new preferred anonymous address. I can see servers using the EUI-64 address, while clients use the anonymous address. It will allow servers to narrow down who is accessing their servers to a 64 bit subnet. That will be good enough for most statistics, but will make it more difficult to do the scarier tracking of users.
I have noticed that the Linux and Mac OS X ipv6 implementations so not create the private addresses automatically.
Peter Hill
Network Engineer
Carnegie Mellon University
> Ipv6 uses 128 bits to provide addressing, routing and identification
> information on a computer. The 128-bits are divided into the left-64
> and
> the right-64. Ipv6 uses the right 64 bits to store an IEEE defined
> global
> identifier (EUI64). This identifier is composed of company id value
> assigned to a manufacturer by the IEEE Registration Authority. The
> 64-bit
> identifier is a concatenation of the 24-bit company_id value and a
> 40-bit
> extension identifier assigned by the organization with that company_id
> assignment. The 48-bit MAC address of your network interface card is
> also
> used to make up the EUI64.
Since it so easy for a host (relative to ipv4) to have multiple ip
addresses, I like what Microsoft has done. If told by a router, a Win
XP box will assign itself a global unicast address using EUI-64. It
will also create a global unicast anonymous address. This will not be
tied to the hardware, and the OS will also limit how long it uses that
Wasn't this described in an Internet draft ? Do you know what the status is -
I cannot seem to find it.
Since it so easy for a host (relative to ipv4) to have multiple ip
addresses, I like what Microsoft has done. If told by a router, a Win
XP box will assign itself a global unicast address using EUI-64. It
will also create a global unicast anonymous address. This will not be
tied to the hardware, and the OS will also limit how long it uses that
Wasn't this described in an Internet draft ? Do you know what the status is -
I cannot seem to find it.
Nodes use IPv6 stateless address autoconfiguration to generate
addresses without the necessity of a Dynamic Host Configuration
Protocol (DHCP) server. Addresses are formed by combining network
prefixes with an interface identifier. On interfaces that contain
embedded IEEE Identifiers, the interface identifier is typically
derived from it. On other interface types, the interface identifier
is generated through other means, for example, via random number
generation. This document describes an extension to IPv6 stateless
address autoconfiguration for interfaces whose interface identifier
is derived from an IEEE identifier. Use of the extension causes
nodes to generate global-scope addresses from interface identifiers
that change over time, even in cases where the interface contains an
embedded IEEE identifier. Changing the interface identifier (and the
global-scope addresses generated from it) over time makes it more
difficult for eavesdroppers and other information collectors to
identify when different addresses used in different transactions
actually correspond to the same node.
