Deploy360 8 December 2014

IPv6 Privacy Addresses Provide Protection Against Surveillance And Tracking

By Dan YorkSenior Advisor

IPv6 BadgeRecently we’ve seen several articles, such as one out today, that assert that IPv6 addresses will make it easier for security services and law enforcement to track you. Surprisingly, these articles seem to miss that when IPv6 is implemented today on mobile devices or other computers, it is almost always implemented using what are called “privacy extensions” that generate new IPv6 addresses on a regular basis.

To put it simply – almost every mobile device or computer using IPv6 in 2014 changes its IPv6 address on a daily basis (usually) to prevent exactly this kind of surveillance.

To step back a bit – if you read any of the documents explaining the basics of IPv6, they inevitably mention that the “auto-configured” IPv6 address for a device is created using the network address and the MAC address assigned to the device’s network interface. This gives a theoretically globally unique address for your computer, mobile phone, or device.

If this were the only IPv6 address your device had, it would be something that could be easily tracked.

But…

The engineers who created IPv6 were very concerned that IPv6 could be used in this way and so way back in 2007 they published RFC 4941 defining “privacy extensions for IPv6” autoconfiguration. This standard defines a mechanism where a device generates a random host address and uses that instead of the device’s MAC address.

The device also changes that IPv6 address on a regular interval. The interval can be set to anything, but typically is configured on most operating systems to be one day. In mobile networks, the IPv6 address may change based on the link to which you are connecting, so as you move around you will be generating and using new IPv6 addresses all the time throughout the day.

As we wrote about in a resource page about IPv6 privacy extensions, the following operating systems use IPv6 privacy extensions BY DEFAULT:

  • All versions of Windows after Windows XP
  • All versions of Mac OS X from 10.7 onward
  • All versions of iOS since iOS 4.3
  • All versions of Android since 4.0 (ICS)
  • Some versions of Linux (and for others it can be easily configured)

So if you are using a Windows or Mac OS X computer, or any of the major mobile devices, you are already using IPv6 privacy addresses.

I know from my own network analysis in my home office network that all my devices are constantly changing their IPv6 addresses. (In fact, these IPv6 privacy addresses can cause problems for some applications that expect IP addresses to be stable – which brought about RFC 7217 this year suggesting a way to create a random address when your device is on a given network but then have that change when you move to another network.)

In the end, the ability of security services to track you on IPv4 versus IPv6 is pretty much about the same. With IPv4, you generally have a public IPv4 address that is assigned to the edge of your network, perhaps your home router or the router at the edge of your corporate network. You then use NAT to assign private IPv4 addresses to all devices on the inside of your IPv4 network. On the public Internet, all that an observer can see and track is your public IPv4 address – there is no further information about the device on the inside of the network beyond a port number.

With IPv6, you typically have a public IPv6 network address assigned to the edge of your network and then the devices internally configure themselves using IPv6 privacy extensions. On the public Internet, an observer can see and track your public IPv6 address, but that will be changing each and every day, making any kind of long-term tracking rather difficult or resource-consuming.

We definitely want to see more articles about IPv6 security appearing out in the mainstream media as these are extremely important conversations to have – but when talking about IPv6 addresses and surveillance, let’s please try to focus on how IPv6 is actually being implemented rather than how it could theoretically be done.

NOTE: For a lengthier technical discussion on this topic, please view this Internet Draft: draft-ietf-6man-ipv6-address-generation-privacy

For more information on how to get started with IPv6, please visit our Start Here page to find resources focused on your role or type of organization.

P.S. From a privacy perspective, I am personally far more worried about the application-layer tracking that occurs through “cookies” (including the new “super cookies” deployed by some mobile network providers) and other mechanisms. For these tracking mechanisms, the underlying IP address is completely irrelevant.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related Posts

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...