[tahoe-dev] does Tahoe support IPv6 fully?

Eugen Leitl eugen at leitl.org
Thu Oct 11 08:31:37 UTC 2012

On Thu, Oct 11, 2012 at 08:07:36AM +0200, Roland Häder wrote:

> Be careful with IPv6, it raises a lot privacy concerns, as you can
> assign IP numbers to even toilet brushes or almost everthing wihtout
> running out of free IP numbers. This allows permanent assignment of
> such IPv6 addresses to your computers, so every computer is in your
> network is no longer "anonymized" by a single IPv4 address, instead
> they have public IPv6 addresses all on their own.
> This allows "permanent tagging" of your computer systems which is a
> privacy problem.
> You then need to rotate your IPv6 address on your own.



Like IPv4, IPv6 supports globally unique static IP addresses, which can be used to track a single device's Internet activity. Most devices are used by a single user, so a device's activity is often assumed to be equivalent to a user's activity. This causes privacy concerns in the same way that cookies can also track a user's navigation through sites.

The privacy enhancements in IPv6 have been mostly developed in response to a misunderstanding.[35] Interfaces can have addresses based on the MAC address of the machine (the EUI-64 format), but this is not a requirement. Even when an address is not based on the MAC address though, the interface's address is (contrary to IPv4) usually global instead of local, which makes it much easier to identify a single user through the IP address.

Privacy extensions for IPv6 have been defined to address these privacy concerns.[36] When privacy extensions are enabled, the operating system generates ephemeral IP addresses by concatenating a randomly generated host identifier with the assigned network prefix. These ephemeral addresses, instead of trackable static IP addresses, are used to communicate with remote hosts. The use of ephemeral addresses makes it difficult to accurately track a user's Internet activity by scanning activity streams for a single IPv6 address.[37]

Privacy extensions are enabled by default in Windows, Mac OS X (since 10.7), and iOS (since version 4.3).[38] Some Linux distributions have enabled privacy extensions as well.[39]

Privacy extensions do not protect the user from other forms of activity tracking, such as tracking cookies. Privacy extensions do little to protect the user from tracking if only one or two hosts are using a given network prefix, and the activity tracker is privy to this information. In this scenario, the network prefix is the unique identifier for tracking. Network prefix tracking is less of a concern if the user's ISP assigns a dynamic network prefix via DHCP.[40][41]

More information about the tahoe-dev mailing list