However IPv6 has many privacy issues. IPv6 address space uses an ID
(indentifier) derived from your hardware or phone. "That allows your
packets to be traced back to your PC or cell-phone" said <censored>.
<censored> fears abuse as a hardware ID wired into the ipv6 protocol can
be used to determine the manufacturer, make and model number, and value
of the hardware equipment being used by the end user.
...uhm, and? What is the real difference with a IPv4 address and privacy?
You can tell as much (more or less) with a port scan to a IPv4
address...and someone will always track the "ID" (I guess that is what I
call IP address).
If we are talking about the EUI64, that will disclose the vendor but
hardly the make and model number....
- kurtis -
> <censored> fears abuse as a hardware ID wired into the ipv6 protocol can
> be used to determine the manufacturer, make and model number, and value
> of the hardware equipment being used by the end user.
...uhm, and? What is the real difference with a IPv4 address and privacy?
The difference is that someone using a dynamic IP address is still
recognizable by the lower 64 bits of their dynamic address because this
part is always the same. (But cookies do the same thing.)
You can tell as much (more or less) with a port scan to a IPv4
address...
How can I recognize someone by doing a portscan?
http://www.insecure.org/nmap
It slices, it dices, it makes julienne fries.
(I'm assuming you mean in the same sense as "you can identify a machine's
vendor based on the EUI-64..." - neither a portscan or a MAC address will
tell you who's machine it is, as far as I know (although doing an nmap to find
ports that will tell you who it is... hmm... 
And yes, I realized after I hit send that a MAC address can be correlated
to "the same guy as last time" or "different guy", although other means still
need to be used to identify *who* "the same guy" is....
What is interesting is that people can identify a EUI-64 unicast address no matter where you are. For example, i use my laptop at work and at home (assuming I had an ipv6 connection at home). I could be identified as the same computer, without using cookies, since my base 64 address would be the same, despite the network prefix.
> You can tell as much (more or less) with a port scan to a IPv4
> address...
How can I recognize someone by doing a portscan?
Not the person, but the system type.
- kurtis -
> How can I recognize someone by doing a portscan?
http://www.insecure.org/nmap
It slices, it dices, it makes julienne fries.
(I'm assuming you mean in the same sense as "you can identify a machine's
vendor based on the EUI-64..." - neither a portscan or a MAC address will
tell you who's machine it is, as far as I know (although doing an nmap to find
ports that will tell you who it is... hmm...
I am inclined to agree. I am pretty sure I will find out more about the
user with a portscan than I will by knowing the type of his NIC...
- kurtis -
What is interesting is that people can identify a EUI-64 unicast
address no matter where you are. For example, i use my laptop at work
and at home (assuming I had an ipv6 connection at home). I could be
identified as the same computer, without using cookies, since my base
64 address would be the same, despite the network prefix.
What I as external viewer could determine would that you where a computer
that moved. From the frequency I could probably tell that you where a
laptop. I would not tell me what would be home or work, and it would not
say who you actually where.
- kurtis -
Kurtis Lindqvist wrote:
What is interesting is that people can identify a EUI-64 unicast
address no matter where you are. For example, i use my laptop at work
and at home (assuming I had an ipv6 connection at home). I could be
identified as the same computer, without using cookies, since my base
64 address would be the same, despite the network prefix.
What I as external viewer could determine would that you where a computer
that moved. From the frequency I could probably tell that you where a
laptop. I would not tell me what would be home or work, and it would not
say who you actually where.
You could determine this right now using a cookie and traceroute.
And traceroute _could_ tell if you're at home or work (does your path lead into an ISP or a corporation?) and depending on the corporation, might yield enough information to do some simple human engineering and find out who you are as well.
A traceroute may also indicate what part of the country you're in. Most ISP's group routers geographically and have somewhat descriptive names. So by looking at the trace, you can usually determine the state, and sometimes town, where the connection is coming from. (This isn't completely accurate, of course...)
I don't see the advertisement of a Mac address to be any more or less secure than what we've got right now. Especially since most people do not disable cookies (since a lot of popular web sites don't work without them.)
-- David