undefined | Better HN

0 pointsadriancr3y ago0 comments

> nobody can infer anything about your network

They can infer that one IPV6 address matches to exactly one device. (reverse is not true, one device may have multiple addresses per privacy extensions)

Once device is identified all its past traffic is discernible.

Changing addresses means identification needs to be done again but once done it can be associated with past addresses and again, all its history is visible.

Identification might just mean querying a data broker with HTTP headers.

NAT does not have this issue.

0 comments

jcalvinowens3y ago

> They can infer that an address matches to a single device

No they can't: the whole point of RFC4941/8981 is to prevent that. The source address for external connections is effectively randomized.

All that can be inferred is that it came from your network, but even with NAT you know that anyway.

adriancrOP3y ago

> The source address for external connections is effectively randomized

It's still unique to one device right?, even if random my argument still holds.

Or do you mean to say multiple devices can use the same address?

note: I've read the RFCs and they just mean - initial address is random but unique to a device. Each day the address will likely change but new address is still unique to the device (otherwise how would routing work).

This is what I structured my inital argument on. Do you see any fallacy in logic?

justeleblanc3y ago

You literally wrote "Once device is identified all its past traffic is discernible." How is that compatible with devices changing their address every day?

1 more reply

throw0101c3y ago

> Each day the address will likely change but new address is still unique to the device (otherwise how would routing work).

If you set up your device to spin up a new IPv6 address every hour (or even every minute), how will they track you using IPs?

On macOS it's 24h, but it doesn't have to be:

    $ sysctl -a | grep temppltime              
    net.inet6.ip6.temppltime: 86400

2 more replies

j / k navigate · click thread line to collapse