Imagine a not-too-distant future where IPv6 is starting to see widespread adoption. On sunday evening you login to Amazon.com on your laptop and purchase some sex-toys for you and your wife for your upcoming anniversary; good for you for keeping it interesting. Naturally you enable privacy mode in Firefox so it won’t show up in your history, society being what it is.
On Monday you head into your job at a large daycare center where you’re a manager in HR. There’s an upcoming restructure and you want to make sure the employees are reassured that its a good thing; in between meetings you flick through some change-management books on Amazon on your laptop, but can’t see anything useful.
Congratulations! Amazon.com (and anyone they feel free to share with) now know that you have sex-toys and access to young children. No logins, no cookies, all they need to do is look in their logs for laptop’s unique identifier and then match your work’s network block to your purchases at Amazon.
How does this work? First a bit of background (the following skips a few details but is basically true for most people)…
Every piece of network hardware in every computer, phone, etc. in the world has a unique identifier: the Media Access Control address, or MAC. This address is 48 bits long, and different from the IP address you use on the internet; it is used purely for finding machines on your local network.
Although it was never a deliberate design decision, the IPv4 internet has a few privacy mechanisms built into it, almost as a side-effect of its limitations. IPv4 addresses are 32 bits long, far too small to contain any significant portion of the MAC address or any other identifier; the MAC address is quietly dropped the moment your traffic enters the wider internet. And although the IP assigned to you or your employer by your ISP is globally unique, in practice its tracking potential is limited: your home IP is regularly reused by your ISP for other customers, and at work the public address is shared by dozens or even hundreds of employees due to NAT.
With IPv6 it’s a different story. A 128-bit IPv6 address consists of two components; a network address that identifies your whole network (usually 64 bits) and a local component that identifies your machine on your network. This local component is based on your MAC address, and by default is included in all communication with the wider internet. Because it’s bound to your physical hardware the local part always stays the same, regardless of which network you’re connected to; it is in essence a global tracking code, and can be used by remote sites to infer some interesting information about you. The example above is the simplest I could come up with; advertising providers operating across multiple sites are going to be able to do some truly stunning pattern matching. And hardware vendors will already have massive database mapping MAC addresses to users and credit-cards; some of them (e.g. Apple) have deep ties with organisations such as the RIAA, who would dearly love to be able to match an IP address to a name and mailing address without any of that inconvenient subpoena stuff.
Luckily this problem was anticipated during the IPv6 specification process and a solution added; RFC3041 privacy extensions. The gist of this is that your operating system can generate a random, short-lived fake local-address that is used for outgoing connections. In the example above, assuming the temporary address is set to a short enough timeout, by the time you’re at work the next day the address you used from home will have been replaced by a new one.
There’s only one problem; it’s not enabled by default in all operating systems. Here’s how to enable it in some of the common ones:
Linux desktop/server distributions
Most Linux distributions seem to have temporary addresses disabled by default. Enabling them is simple enough though:
sudo sysctl -w net.ipv6.conf.all.use_tempaddr=2 sudo sysctl -w net.ipv6.conf.default.use_tempaddr=2 echo net.ipv6.conf.all.use_tempaddr=2 | sudo tee -a /etc/sysctl.conf echo net.ipv6.conf.default.use_tempaddr=2 | sudo tee -a /etc/sysctl.conf
Temporary addresses seem to be disabled by default in Android. However if you have rooted your phone then you can use the Linux method. Either use an Android terminal app or ‘adb’ from the SDK to get a root shell:
mount -o remount,rw /system cd /system/etc/ echo net.ipv6.conf.all.use_tempaddr=2 >> sysctl.conf echo net.ipv6.conf.default.use_tempaddr=2 >> sysctl.conf
Then reboot your phone.
Mac OS X
As of 10.6.7 temporary addresses are disabled. Enabling them is similar to the Linux method:
sudo sysctl -w net.inet6.ip6.use_tempaddr=1 echo net.inet6.ip6.use_tempaddr=1 | sudo tee -a /etc/sysctl.conf
This security advisory implies that iOS 4.3 has this enabled by default. For older releases you’re probably out of luck though.
IPv6 temporary addresses seem to been enabled by default; if you can confirm please comment.