Re: end-user ipv6 deployment and concerns about privacy

[Hannes Frederic Sowa <hannes () mailcolloid de>]

On Wed, Aug 18, 2010 at 11:16 PM, Mark Smith wrote:
> They help because you're concerned about privacy. You didn't qualify
> that you're only concerned about privacy from geolocation services, so
> I described a mechanism that would provide you as much privacy as
> possible, while also being automatic, and also continuing to provide
> IPv6 Internet connectivity. No where was cryto mentioned either (on
> both our parts), yet that is also a privacy mechanism.

I tried to highlight the relationship between ipv4-address and
/48-prefixes in regard to privacy. If a provider is known for handling
out statically allocated prefixes, it should be possible to track its
clients by prefix. Sorry for picking a geolocation-service as an
example of where such information can originate from. It was
misleading.

> As a customer, it's relatively hard to hide from geolocation services
> because they use your IP address in combination with information that
> you don't have control over i.e. RIR / whois data. If a customer wants
> to hide from that, then they'll need to start tunnelling their traffic
> to another entry/exit point on the Internet.

Fully hiding from geolocation services is only possible with anonymity
services, yes.

> Much like security, privacy is relative. If you want to have
> bi-directional communications with another entity, you
> have to disclose your identity. How long you retain that identity is
> what makes one form of privacy more private than another.
> Customers who have high expectations of privacy won't trust their
> ISP at the time to preserve it - because, as the cliche goes, if you
> want something done properly, you need to do it yourself. So, as an
> ISP, you need to think about how much privacy you can provide, can
> afford to provide, and at what point it becomes irrelevant because your
> customer doesn't trust you to provide it at all.

But most people just don't care. My proposal is to have some kind of
sane defaults for them e.g. changing their prefix every week or in the
case of a reconnect. This would mitigate some of the many privacy
concerns in the internet a little bit. Of course all the already known
problems would still exist. And still people have to care about the
technology to reach a higher level of anonymity.

> > In IPv4-land I have the possibility to
> > reconnect and get a new unrelated ip-address every time.
>
> They're issued by the same ISP, to they're related.

Ups. Unrelated in the sense of random ip from their pool, of course.

hannes