IETF Logo Mail Archive

Re: Is addressing privacy via NAT really achieving much compared to a privacy goal of anonymity? (Re: [v6ops] A common problem with SLAAC in "renumbering" scenarios)

Tom Herbert <tom@herbertland.com> Fri, 22 February 2019 18:56 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8207B130F66 for <ipv6@ietfa.amsl.com>; Fri, 22 Feb 2019 10:56:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9iVYnjn7JEx4 for <ipv6@ietfa.amsl.com>; Fri, 22 Feb 2019 10:56:04 -0800 (PST)
Received: from mail-qk1-x742.google.com (mail-qk1-x742.google.com [IPv6:2607:f8b0:4864:20::742]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2195130F4F for <6man@ietf.org>; Fri, 22 Feb 2019 10:56:04 -0800 (PST)
Received: by mail-qk1-x742.google.com with SMTP id m9so1774072qkl.4 for <6man@ietf.org>; Fri, 22 Feb 2019 10:56:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=x7sUjCK6t2Zo+CTA01NnSvPJ02ay1bSGa4FVV1ZsZUk=; b=KFsvPrCUr70MM/SKPu0F6hQvdtkHdwRyXJOdeJqvThNXWEiWPxu/pnBLjsJoIHKPdL vowdQDVM8mcadr1XUbIP+jbG/0mLzbKFieJBJGyvWhwp29c3JYK+yfydB0JxFEL9NWC8 OGE4xyOyg97LKW2vheYohEJio/iOwc7Y7i8MXe/4XiKFJAfqbrQcU/9DurhPKFJOQMzg ZOnXukOn/MhA2XY1bcTWrGPVJ7eymfS7l2ayonT9t9Bkab1gzPiNfWUVHm/C1M+wHqg/ gFBCpxmt64cC47l9NHYnajzTNG5V+Q2MqetYSSJwI64t1IaST+pgNTq09B416H7FMMQB k9Fg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=x7sUjCK6t2Zo+CTA01NnSvPJ02ay1bSGa4FVV1ZsZUk=; b=hQR3TUgoK4XuC5JdqDg/QS5DkQSw+YNvjFK8DeHaqnbhYfqbryV/C9+8j7cY3J1/vK F75ynWLcDkdxkMdbMTYj+Tm3GBqt4unepkbVTuqazRi6PzySP84ae+FByybwZT4SCTcU ckUwAQqRWJzSWchmIH0eY69yxdnEArdRnAcqgJ5mhyp2oHLKBTPPubKLXvn05uSywrq4 PnQpiG3jAzFXxpS3XWiQrk1Dd9mI+L85+WPMrsldK4Avl0iyZv6qnP1dXKx7zJWNpWox fvp4p7v+06SjKUjz19zpCn18sCmlL7C3kY89H15b6uPuDnr8sBqzQiOvefWcmot0n9yo UAow==
X-Gm-Message-State: AHQUAuZtHeY0K75+Bn35vmC3u2RbbEqY/Q3/7EJlXQ4AUiKy2OVsJpX9 SB4BuoEXbkS3Q0cydmOmSrKnaNIbaVFqIGWt/JJMfQ==
X-Google-Smtp-Source: AHgI3IaRFjAPx+yNi41qwk8QCMT/N8F2j5/RbQxZXmotiVku0WD5DZ574rCjVq7kuIfPyCGD/kiZtFq9pUUwcsYhhJE=
X-Received: by 2002:ae9:dc84:: with SMTP id q126mr3381020qkf.121.1550861763128; Fri, 22 Feb 2019 10:56:03 -0800 (PST)
MIME-Version: 1.0
References: <6D78F4B2-A30D-4562-AC21-E4D3DE019D90@consulintel.es> <B6E2EC33-EEAF-40D0-AFCC-BDAFA9134ACD@consulintel.es> <20190220113603.GK71606@Space.Net> <28fbc2c305c640c9afb3704050f6e8d7@boeing.com> <20190220213107.GS71606@Space.Net> <019c552eb1624d348641d6930829fd1f@boeing.com> <CAKD1Yr0HBG+rhyFWg9zh0t3mW486Mjx9umjn+CRqAZg4z9r0dg@mail.gmail.com> <20190221073530.GT71606@Space.Net> <CAO42Z2wmB2W52b4MZ2h9sW5E9cQKm-HRjyf--q8C26jezS7LXQ@mail.gmail.com> <a73818d31db7422b99a524bc431b00ed@boeing.com> <CAO42Z2z9-48Gbb_Exf+oWUqDO=axSLpZBtqeDcxkAoFq5OziGw@mail.gmail.com> <CALx6S3624hnGauG1HaSWPMvQw0t2Q5R3gb8W4R8w3kuK7dcrWQ@mail.gmail.com> <CAO42Z2wOyTDrp5FNnBZ6KMOPT86o6n8rWRhXWdtSU_AOR9mV2A@mail.gmail.com> <CALx6S37FQVx=Hw3yLGfg-SkCwECc1JZkbcsqxrYLw6Pw5izdfw@mail.gmail.com> <CAD6AjGSsh7GvmrWpn_ZT--KRf=vMUR5awcUe=uhGdKP_w8fW9Q@mail.gmail.com>
In-Reply-To: <CAD6AjGSsh7GvmrWpn_ZT--KRf=vMUR5awcUe=uhGdKP_w8fW9Q@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Fri, 22 Feb 2019 10:55:52 -0800
Message-ID: <CALx6S36i0C5vJ8YHi6KuQ6813d0STYOOyDGN5UY7ytk4X+fKdg@mail.gmail.com>
Subject: Re: Is addressing privacy via NAT really achieving much compared to a privacy goal of anonymity? (Re: [v6ops] A common problem with SLAAC in "renumbering" scenarios)
To: Ca By <cb.list6@gmail.com>
Cc: "6man@ietf.org" <6man@ietf.org>, IPv6 Operations <v6ops@ietf.org>, Mark Smith <markzzzsmith@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/pGCH_g8DlBUE1g0JvFFmcIFBr8c>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Feb 2019 18:56:09 -0000

On Fri, Feb 22, 2019 at 10:06 AM Ca By <cb.list6@gmail.com> wrote:
>
>
>
> On Fri, Feb 22, 2019 at 10:12 AM Tom Herbert <tom@herbertland.com> wrote:
>>
>> On Thu, Feb 21, 2019 at 11:35 PM Mark Smith <markzzzsmith@gmail.com> wrote:
>> >
>> > Hi Tom,
>> >
>> > On Fri, 22 Feb 2019 at 10:04, Tom Herbert <tom@herbertland.com> wrote:
>> > >
>> > > On Thu, Feb 21, 2019 at 2:46 PM Mark Smith <markzzzsmith@gmail.com> wrote:
>> > > >
>> > > > On Fri, 22 Feb 2019 at 08:53, Manfredi (US), Albert E
>> > > > <albert.e.manfredi@boeing.com> wrote:
>> > > > >
>> >
>> > <snip>
>> >
>> > > >
>> > > > So I think there's commonly a big different between works and works
>> > > > well. NAT may work, however compared to stateless IPv6 (and IPv4)
>> > > > forwarding, it doesn't work anywhere as near as well.
>> > > >
>> > > Mark,
>> > >
>> > > I agreee with that with one exception. I believe that NAT/IPv4 can
>> > > offer better privacy in addressing than IPv6 given current addess
>> > > allocation methods.
>> > >
>> >
>> > So I don't think addressing privacy via NAT is really all that
>> > valuable if there are many other ways, some quite easy, to uniquely
>> > identify an anonymity desiring end-point/end-user, whose effectiveness
>> > aren't impacted at all by NAT.
>> >
>> > For example, this website is coming over IPv4 for me, and I'm using
>> > IPv4+NAPT. If IPv4+NAPT was that effective at anonymity, I shouldn't
>> > be able to tracked.
>> >
>> > https://amiunique.org/
>> >
>> > Yet it is saying I can be with both Chrome and Firefox on Fedora 29 in
>> > Incognito/Private windows mode on this host. It says the same about my
>> > Android 9 phone with Chrome in Incognito mode.
>> >
>> > Going into the detail of how, they don't seem to be using IP address
>> > at all for any identification, it is all browser attributes.
>> >
>> > We have IPv6 temporary addresses, which makes using addresses harder
>> > to use to identify a node. I think that is a lot better than nothing.
>>
>> Mark,
>>
>> Yes, but by that same rationale a simple substitution cipher is better
>> than nothing in cryptography!
>>
>> What pretty much any conversation about privacy in addressing seems to
>> lacking is a quantitative description of privacy and any empiracal
>> data on the impact that privacy mechanisms, like those defined in
>> RFC4941, have had. You might say it "makes using addresses harder to
>> use to identify a node". But then the obvious question is _how_ much
>> harder? Is this really protecting anyone's privacy, or it is just a
>> minor inconvenience to attackers and only giving users a false sense
>> of security?
>>
>> The irony is that CGN seems to have the best supporting evidence for
>> being a mechanism that impacts privacy, but it was never even intended
>> to be a privacy mechanism. The evidence is in the form of concerns
>> form law enforcement that the privacy side effect is too strong and
>> impedes their investigations
>> (https://www.theregister.co.uk/2017/10/18/europol_cgnat/).
>>
>> So I don't think "Is addressing privacy via NAT really achieving much
>> compared to a privacy goal of anonymity?" is the right question. The
>> right question to ask is "Is addressing privacy via any IETF defined
>> mechanism achieving much compared to a privacy goal of anonymity?"
>>
>> Tom
>
>
>
>
> 1.  Network service providers cannot provide address anonymity.  LEA requirements in the USA and many jurisdictions simply do not allow it, so who is the customer of such a standard?  Who would make and deploy it?

The customer of this is political dissident that is speaking out
against injustice of a corrupt government. There is nothing that
prevents a solution that provides the privacy for the dissident, but
still allows their network provider to maintain records that correlate
address to identity is available to LEA for the local jurisdiction
under lawful order. This really isn't different than other areas of
privacy on the Internet (like the logs that Facebook or Google keep).
The point is that anonimity is needed to prevent unauthorized third
parties from breaking someones privacy.

>
> 2. Network address annonimity today is generally provided via Tor.  How could the ietf provide something better than existiting tor solutions, knowing that it will not be baked into the network — meaning it must be over the top.
>

I'm not sure what "provided via Tor" means.

> 3. CGN is not private. It throw off per session logs of every transaction, so this is a full click stream archived ... with varing levels of intentional monetization and security from hackers.
>
Yes, it is expected that the local provider has full view of all
associations of address to some device, that's pretty much a given and
we have to trust the local provider to some extent. What we're trying
to prevent is untrusted external parties from deducing identity or
location of users.

>
>>
>> > However, I don't see how IPv6 NAT would improve it much, and it
>> > introduces the other drawbacks of NAT.
>> >
>> > Regards,
>> > Mark.
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > > Tom
>> > >
>> > > > Regards,
>> > > > Mark.
>> > > >
>> > > >
>> > > >
>> > > > > Bert
>> > > >
>> > > > _______________________________________________
>> > > > v6ops mailing list
>> > > > v6ops@ietf.org
>> > > > https://www.ietf.org/mailman/listinfo/v6ops
>>
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email