undefined | Better HN

0 pointsbityard3y ago0 comments

Most devices support privacy extensions (temporary v6 addresses) for this exact reason. https://www.rfc-editor.org/rfc/rfc4941

0 comments

jlokier3y ago

Those IPv6 privacy extensions still reveal when the same node connects to a sequence of destinations within the address change interval, though. E.g. observers can see a single device connects to Facebook, OnlyFans, Pornhub and PayPal in that order.

Behind a NAT, observers can only make that connection (using only addresses) for the network as a whole, instead of an individual device on the network. So the privacy extensions are weaker than NAT

(If the IPv6 privacy extensions used a different address for each connection, they would be more like NAT in this regard.)

That said, other observable clues still allow connections from a single device to be associated, NAT or not. There's TCP OS fingerprinting for example, and the close timing of related connections.

bert643y ago

That requires someone who has the ability to monitor all your traffic - ie the government, your ISP, or a hacker who has infiltrated one of those two.

In this scenario it's a lot more work trying to map out your infrastructure than to try performing a MITM connection against some of your outbound traffic.

waych3y ago

This helps mitigate correlations over time but doesn't do anything to mask the identity of the node within a given refresh interval (default one day).

j / k navigate · click thread line to collapse