IPv6 prefix privacy

Are you assuming everybody has dynamically changing IPv4 addresses? That's not true. I have had the same IPv4 address for 10+ years, until I changed ISP. Now I have my current IP address for about 2 years, and counting. AFAIK that's kinda normal here, in the Netherlands.

It doesn't, though. It's trivial with datamining to build a profile of accesses across sites from the same IP address, even within a limited time frame, and there are other identifiers that will still pertain to you across address changes. I understand your concerns, but you're looking at the wrong approach to address them.

I know you're fed up of hearing about it, but TOR!

Oh, okay. I wasn't aware of that. In Germany, it's pretty common to have dynamically changing IPv4 addresses.

Then your only fix is a script, as also stated in your Post No. 1.

Hope this helps.

That's at least not as trivial as looking at IP addresses... I'm aware that there is a bunch of other identifying information.

I understand and agree with you, that even if we had changing prefixes, we wouldn't be totally safe from a privacy perspective and that TOR does it better.

But please also understand, that TOR isn't a universal solution yet, unless we scale it up extremely and make this kind of a default for every internet user on the world. Until then, we also need smaller privacy improvements.

I think we can stop this now. :smiley: I wanted to hear about opinions and solutions and got them. Even when this went into a different direction than I expected.

Just to convince you that I'm not totally crazy and the only person thinking about this: There even was an Internet standard draft about this topic. Unfortunately it has expired in the meantime. For those who are interested: https://tools.ietf.org/html/draft-herbert-ipv6-prefix-address-privacy-00

You mean your ISP changes your IPv4 address in the middle of a connection!? Or just when you reconnect (just as you are proposing to do for IPv6)?

It sounds like everyone needs it, but it's not.
Those who really need it, are free to use VPN/Tor/etc.

In the past, this was a forced reconnect from my ISP once a day. But it's actually a good question because I changed my ISP a few month ago and haven't checked yet if the new ISP is doing the same. I will observe this soon. Thanks.

Here I like to disagree. I'm a fan of privacy by default and by design. People without further technical knowledge deserve privacy, too.

But the fact is that fingerprinting is going on, and almost all tracking is by this cookies, fingerprints, javascript, etc anyway, so rotating your ipv6 prefix is basically doing nothing, same with moving your browsing to a VPN, still doing nothing. No one is tracking you by your IP because it's already the case that in ipv4 anywhere from 1 to a few tens of thousands of people are behind each ipv4. They want individual tracking and they're doing it with browser cookies and javascript hacks etc.


Privacy is a service, same as IPv4/IPv6-connectivity, public IP-addresses, domain names, etc.
You can disagree, but it's a matter of fact.

Depends on what you consider a service and I doubt that this is always applicable. Privacy is a broad topic. For example when I write a piece of software that blocks certain privacy compromising connections or when you go out with a mask. That's not necessarily a service. But even when we consider privacy a service (especially in our Internet address scenario), this fact does not mean it shouldn't be by default or by design. That's an idealistic position by myself.

But I see that here are different opinions, too. Though it's going slightly off topic...

Altering client public address/prefix on a whim/schedule.
ISP main service is connectivity, which actually confronts privacy to a certain extent.
That's why you shouldn't expect privacy from ISP.

What about:

killall -SIGUSR1 odhcp6c
1 Like

I actually would be very very upset if my ISP went around altering my ipv6 prefix, this should definitely not be the default.


Thanks for telling me, I will have a look. :slight_smile:

Your's is also a definitely valid use case. Use cases differ from person to person. But the prefix changes anyway when I reboot the router (e.g. when flashing new firmware), so it isn't stable anyway. Probably you wouldn't be happy with my ISP.

When you get to stream videos, use VPN

Use different browsers for different purposes.

As far as I can tell the goal of the trackers it to track individuals across their set of devices even, so different browsers might be too simplistic. In reality TOR might be the best option, and even that is not guaranteed to work, as it a) depends on keeping opsec tight (see e.g. http://cryptome.org/0005/tor-opsec.htm) and b) not leaking information by using services that require log-ins, like facebook and co..

1 Like

I'm curious...since ISPs issue prefixes to customers...and you say that's your worry:

  • what does rotating prefixes do?
  • why wouldn't the next prefix issued be just as concerning as the previous?

Not being the OP, but the point is similar to the privacy extensions, if the prefix assigned to a home-network changes often enough there is not much value in using that as an identifier. While I can see where this argument comes from (I had a similar handup about IPv6 and NAT-masquerading in the past), I believe that cycling the IP/prefix more than once in 24 hours is undesirable (as the change-over will necessarily destroy all existing flows and hence will be a noticeable disruption). And honestly, 24-hour identifier stability will be enough for the tracking applications the OP wants to reign in.

Because, any tracking attached to that prefix will not be correct for the new user and hence rapid-cycling will seriously decrease the tracking value of the prefix?

And then you get blamed for other people's acts :joy:

1 Like