IETF Logo Mail Archive

Is addressing privacy via NAT really achieving much compared to a privacy goal of anonymity? (Re: [v6ops] A common problem with SLAAC in "renumbering" scenarios)

Mark Smith <markzzzsmith@gmail.com> Fri, 22 February 2019 07:35 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4929A130DC9; Thu, 21 Feb 2019 23:35:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.499
X-Spam-Level:
X-Spam-Status: No, score=-1.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KK3Xh8ucrxIm; Thu, 21 Feb 2019 23:35:55 -0800 (PST)
Received: from mail-ot1-x332.google.com (mail-ot1-x332.google.com [IPv6:2607:f8b0:4864:20::332]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 894C6126D00; Thu, 21 Feb 2019 23:35:55 -0800 (PST)
Received: by mail-ot1-x332.google.com with SMTP id c18so1072393otl.13; Thu, 21 Feb 2019 23:35:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=RrzKIsDfDY/d6Cm4uKYbTVZ6viBaPc4qGrfBt7WLG7k=; b=nBKvQZB0i/h13IXLGRu2tfxMIM2Yr5uoEZdsEfr2AcUaHVZmwowNSDU1BFJH++4L9t SOV2Zc6m+q4Ap9FI3KJUNpbKBmhi/q+YhfWf9Njzx9C4sUtTBO7pdhXi5sxLE35Oai2n 7tz67MDMtQsB60uqu3HmfOnx5obwR2YagGGBy50oj638dY5ATj4tU0nn0JW6Q9qGJY3C bYKhnfv1LPG/HMAWFgP9XB6Uqyb4Zwqljho/glub7Y9DkufkSpmlG+T+AZJrwFbID3xg uFeJDlZHg6UaZWpbVkRhV7Qd+VMY2u4oUe38gLPK3Xe4m4LClsL5LoX3gxIa7iNsuIg1 JxeQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=RrzKIsDfDY/d6Cm4uKYbTVZ6viBaPc4qGrfBt7WLG7k=; b=p+ru1E0UTOUcxBEAE+CyXYAXNnSFRe0n8QtPbAXYkcSrG/dWUvJE/x7rAgBwxTQJuA gjF/IMgZ9he5LWdPOIqFqpdKHQRYguXoJsVIQ0kTJ2ozIE165ZXl5H+1hkLZ3lkUvoc/ DAHzNLgvmGB5ebD/MQ/SEgq6LXtFk0Lv+HpiX0Ugz/W0rS2kT3y0dQdrNN6hdXrAVSrF l9HA6JiQHWXkKEB8Lzn/8Qa7YlnIRFmvzfaxII8AbBTXtTPIxJGWkSyiJX6YIJrPCXCn imYDj0vVEEEvA/nBKXTWRUat1SK0b0XsiBg92m+aTot1flRq76DBhC1X8OnCtMwE1Zmp 572Q==
X-Gm-Message-State: AHQUAuYdPPuwZSuZv0z/eoMDCy9dsu4BLsVNLGN7AqbNEfUAiFmGL2Mt g9snO/ZHnYrZSwUH22SzNuKdbWGG2Cr31PdgAfg=
X-Google-Smtp-Source: AHgI3IbBcze1wEt/D/gtYWzMjIn0TrghhrhJ4fgJwHm0N/jQHmYp9/ovjRP9I/ldmkYY6siV8o2eqR7zggReMSwNy+Q=
X-Received: by 2002:a9d:630f:: with SMTP id q15mr1735591otk.187.1550820954473; Thu, 21 Feb 2019 23:35:54 -0800 (PST)
MIME-Version: 1.0
References: <6D78F4B2-A30D-4562-AC21-E4D3DE019D90@consulintel.es> <B6E2EC33-EEAF-40D0-AFCC-BDAFA9134ACD@consulintel.es> <20190220113603.GK71606@Space.Net> <28fbc2c305c640c9afb3704050f6e8d7@boeing.com> <20190220213107.GS71606@Space.Net> <019c552eb1624d348641d6930829fd1f@boeing.com> <CAKD1Yr0HBG+rhyFWg9zh0t3mW486Mjx9umjn+CRqAZg4z9r0dg@mail.gmail.com> <20190221073530.GT71606@Space.Net> <CAO42Z2wmB2W52b4MZ2h9sW5E9cQKm-HRjyf--q8C26jezS7LXQ@mail.gmail.com> <a73818d31db7422b99a524bc431b00ed@boeing.com> <CAO42Z2z9-48Gbb_Exf+oWUqDO=axSLpZBtqeDcxkAoFq5OziGw@mail.gmail.com> <CALx6S3624hnGauG1HaSWPMvQw0t2Q5R3gb8W4R8w3kuK7dcrWQ@mail.gmail.com>
In-Reply-To: <CALx6S3624hnGauG1HaSWPMvQw0t2Q5R3gb8W4R8w3kuK7dcrWQ@mail.gmail.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Fri, 22 Feb 2019 18:35:27 +1100
Message-ID: <CAO42Z2wOyTDrp5FNnBZ6KMOPT86o6n8rWRhXWdtSU_AOR9mV2A@mail.gmail.com>
Subject: Is addressing privacy via NAT really achieving much compared to a privacy goal of anonymity? (Re: [v6ops] A common problem with SLAAC in "renumbering" scenarios)
To: Tom Herbert <tom@herbertland.com>
Cc: "Manfredi (US), Albert E" <albert.e.manfredi@boeing.com>, IPv6 Operations <v6ops@ietf.org>, "6man@ietf.org" <6man@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/93mjucsm4WnQTslbYbiWOYxYGfw>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Feb 2019 07:35:57 -0000

Hi Tom,

On Fri, 22 Feb 2019 at 10:04, Tom Herbert <tom@herbertland.com> wrote:
>
> On Thu, Feb 21, 2019 at 2:46 PM Mark Smith <markzzzsmith@gmail.com> wrote:
> >
> > On Fri, 22 Feb 2019 at 08:53, Manfredi (US), Albert E
> > <albert.e.manfredi@boeing.com> wrote:
> > >

<snip>

> >
> > So I think there's commonly a big different between works and works
> > well. NAT may work, however compared to stateless IPv6 (and IPv4)
> > forwarding, it doesn't work anywhere as near as well.
> >
> Mark,
>
> I agreee with that with one exception. I believe that NAT/IPv4 can
> offer better privacy in addressing than IPv6 given current addess
> allocation methods.
>

So I don't think addressing privacy via NAT is really all that
valuable if there are many other ways, some quite easy, to uniquely
identify an anonymity desiring end-point/end-user, whose effectiveness
aren't impacted at all by NAT.

For example, this website is coming over IPv4 for me, and I'm using
IPv4+NAPT. If IPv4+NAPT was that effective at anonymity, I shouldn't
be able to tracked.

https://amiunique.org/

Yet it is saying I can be with both Chrome and Firefox on Fedora 29 in
Incognito/Private windows mode on this host. It says the same about my
Android 9 phone with Chrome in Incognito mode.

Going into the detail of how, they don't seem to be using IP address
at all for any identification, it is all browser attributes.

We have IPv6 temporary addresses, which makes using addresses harder
to use to identify a node. I think that is a lot better than nothing.

However, I don't see how IPv6 NAT would improve it much, and it
introduces the other drawbacks of NAT.

Regards,
Mark.












> Tom
>
> > Regards,
> > Mark.
> >
> >
> >
> > > Bert
> >
> > _______________________________________________
> > v6ops mailing list
> > v6ops@ietf.org
> > https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email