[LINK] smartphone privacy problems

Karl Auer kauer at biplane.com.au
Sun Jan 30 18:28:03 AEDT 2011 

On Sun, 2011-01-30 at 12:21 +1100, Roger Clarke wrote:
> As I read your post, Paul, you're saying that IETF engineers have 
> decided that privacy doesn't matter, and that unique identification 
> of the device is intrinsic to any IPv6 service?
> 
> If so, aren't anonymity and pseudonymity are banned by IETF decree?
> 
> Leaving aside the small question of privacy for the moment, what do 
> the many organisations that depend on obfuscation in order to protect 
> information and human life think of the design of IPv6?

Whoa, there Nelly! Whoa! :-)

The standard, works-on-all-platforms method is automatic address
configuration. On most/all interface types that have a hardware address,
IPv6 automatic address configuration takes an externally provided prefix
and builds an address out of it using the hardware address, very
slightly (and definitely reversibly) munged.

BUT: There are several other ways an address can be obtained by a host.
Addresses can be statically configured, obtained via DHCP,
cryptographically generated, randomly generated or the privacy
extensions ("temporary addresses") can be used.

Someone with a real need to hide their MAC address can choose any one of
these methods to avoid advertising their MAC address to the world. In
practice it seems likely that DHCPv6 will end up being the most common
delivery mechanism for most end users of addresses. That's just a
prognostication of course - the book is still being written...

Now, that being said, people also need to look at whether the alleged
badness of a "constant" or "partially constant" IP address is really
new. Right now, you have a DHCP-allocated IP address on the outside
interface of your home router. If it changes at all, it changes slowly
(days or weeks between changes). You may have several levels of NAT
between you and the website or other service you visit, but let's assume
there's just one, and you are getting a globally routable IP address.
That IP address "identifies" all hosts in your home network. Typically
there are very few such hosts - often only one. That's the situation
*now*, what are you doing about it? What can you do about it?

What IPv6 does, *but only with autoconfigured addresses*, is to make
your MAC address public. So if you take your laptop from home to an
airport lounge and visit a a website you once visited, that website can
be pretty sure it's seeing the same laptop (strictly speaking, the same
interface) again.

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/kauer/                   +61-428-957160 (mob)

GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687
Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <https://mailman.anu.edu.au/pipermail/link/attachments/20110130/0f08c8b9/attachment.sig>

More information about the Link mailing list