Dear Seth, Thank you for this tremendously helpful summary of the the situation & potentials associated with IPv6. Your 'blog post' is enlightening, worrying, but also giving hope at the same time.
One could conclude is that -like any technology- it is the service providers and users who would decide whether to use it for the good or bad of netizens. In the case of China, static assignment of IP pools to users could indeed be deployed to track users' online actions. But I assume that usage of privacy tools such as Tor could be helpful in limiting surveillance in such situations. It appears that one cannot predict how things will evolve. Let's wait and see but be ready for how ISPs and governments would deal with the ongoing migration to IPv6. All the best. Sincerely, Walid ----------------- Walid Al-Saqaf Founder & Administrator alkasir for mapping and circumventing cyber censorship https://alkasir.com <walid.al-sa...@oru.se> On Sun, Jun 17, 2012 at 9:58 PM, Seth David Schoen <sch...@eff.org> wrote: > Walid AL-SAQAF <alkasir admin> writes: > > > Are we supposed to be more concerned or glad that we are slowly moving to > > IPv6 ? > > I think the effect of IPv6 on privacy is complicated; it depends on how > addresses are allocated. It depends on what ISPs do and on what users do. > > There's one debate about whether people will bother to keep such detailed > records of which ISPs are using which IP addresses once IP addresses are > more plentiful. With IP addresses less scarce, there may be a reduced > incentive to keep careful records about delegations of address space, and > more willingness to grant delegations casually and easily. In that case, > it may be more difficult bureaucratically to figure out who or where some > Internet users are. You can see some discussion of this in this current > thread on NANOG: > > http://mailman.nanog.org/pipermail/nanog/2012-June/049300.html > > See also > > https://en.wikipedia.org/wiki/SWIP > > Apart from that, there are at least seven potential effects on privacy: > > - The original addressing scheme for IPv6 suggested using individual > devices' MAC addresses as (the basis for) the lower-order 64 bits of > the public IP address. This is catastrophic for privacy because > then you can recognize and track individual devices all around the > world, like an indelible cross-site cookie for each device. (What's > more, if you seize the device, you can confirm that it was the actual > device that was used to send some particular communications at some > point in the past.) However, we don't have to use this scheme for > assigning IP addresses. It depends on how our individual operating > systems are configured, and it's unlikely that ISPs or anyone could > somehow force us to use the privacy-invasive style. > > - Having plentiful IP addresses means that we don't have to use network > address translation (NAT) anymore, at least not for IP address > scarcity reasons. This could actually be bad for privacy because > there is less ambiguity about which user of a network was responsible > for particular communications; NAT can create ambiguity from the > outside world's point of view about who at a particular institution > actually sent some network traffic, and if we get rid of NAT, we > reduce that uncertainty. > > - Having plentiful IP addresses means that ISPs could choose to give > end-users more dynamic IP addresses, without re-use. It's easier > to imagine using highly ephemeral IP addresses, like using a new > source address for each and every connection (!) or having one's > home network address change every day or every hour. In that case, > it would be harder to make associations between users or to track > users based on their IP addresses. > > - On the other hand, ISPs could also choose to give end-users more > static IP addresses, making it relatively easier to profile or > recognize users over time. > > - With more plentiful public IP addresses, it would be easier and > for more people to start to run publicly-useful proxy services > like Tor entry nodes. It will also be somewhat harder for > censors to enumerate and block secret bridge-style proxy nodes > ahead of time because it will be far more difficult to port-scan > the larger address space. (It was traditionally thought to be > impossible, but there is a paper showing it may not be impossible > in practice.) > > - With reduced use of NAT, we could more easily implement more > things as pure peer-to-peer services, with less intermediation. > This is good for users' privacy against service providers and > potentially bad for users' privacy against each other. For > example, if you make an intermediated VoIP call, the service > provider learns your approximate location from your IP address, > but the other party to the call doesn't. If you make a more > disintermediated VoIP call, no service provider learns this > information, but the other party can learn it. > > - Many network monitoring and logging systems aren't yet correctly > set up to log IPv6 addresses, so IPv6 users can't yet be monitored > and tracked by them as effectively as IPv4 users can. That will > probably change over time. > > Maybe I should make this a blog post. :-) > > -- > Seth Schoen <sch...@eff.org> > Senior Staff Technologist https://www.eff.org/ > Electronic Frontier Foundation https://www.eff.org/join > 454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107 >
_______________________________________________ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
