Re: [v6ops] Is addressing privacy via NAT really achieving much compared to a privacy goal of anonymity? (Re: A common problem with SLAAC in "renumbering" scenarios)

Ca By <cb.list6@gmail.com> Fri, 22 February 2019 22:36 UTC

Return-Path: <cb.list6@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AF9E130DEF; Fri, 22 Feb 2019 14:36:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OVtjFhb3tvjF; Fri, 22 Feb 2019 14:36:17 -0800 (PST)
Received: from mail-yw1-xc44.google.com (mail-yw1-xc44.google.com [IPv6:2607:f8b0:4864:20::c44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98FE71294FA; Fri, 22 Feb 2019 14:36:17 -0800 (PST)
Received: by mail-yw1-xc44.google.com with SMTP id 189so1451292ywi.3; Fri, 22 Feb 2019 14:36:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=GjA5kXIf8JA+dtMWpa9KR46G5CO4jBlhcRvFT46A3cs=; b=u06mdeRFBIz9dbpRxbU0TbZ8OVEF7h3OqctScjVTa6MyiX8KqNePlZ8t1xS8mn09Xb DsXKvl90hkvjCzWqXIaytqV7lPb6DYTiJ/luAj7u5sWpxjMsrO9rTjFLhT1uOSi04FqP hMa1S2WPYq5L+VR2T4cmaiJ9ss8Fc/IcUYGbKQpCV9Vpzt5650DMAla541U9ixhPxQn9 msAG9DSLZxEXtv7PRFdDqopJrvzWYPYiflTrmSSWYIVWCjqVSntUqXWE1wr6zjLBtW+Y JLix8x/VgrP+3aolOHtsTdVtCadIxyRpQEuJMdtxC2rJR0smn1TwXqONWn96KKoAPvrS ATzA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=GjA5kXIf8JA+dtMWpa9KR46G5CO4jBlhcRvFT46A3cs=; b=SHfYx0tC6RId3avTDSj+oEMEaWyyUEMNE2A/2LfN2yyKOlzqfRU3aqR3fgRuHIVAvc Z5WW4SF+2KwYPb+TNLWqS6dP2E8rd1fY/PWsKUzk+72yutIzPzJNb2zMaxgTvkzyDY1w +iHwRGnMAop26lwDtso4AaLaKILCyP29um0MtEcEu4wirrrLKTKpggwh582ZSKNByEel gjUjd9LypHcQRerPgj8s+kUAOMuZFRdIUZ3qOJZFMjuuYiQ4vSY0pw/UbNeeksz6sLXh ZsqYIJqDuhr+0Q/lFh9kU646+t/k2NH6ekBIDPU2EBAPSjtGKjigrcmzZeER1jW9Dlp4 gSdA==
X-Gm-Message-State: AHQUAubfhkbsy2iCHafDXJrLdM9ZrjtOqZuQPd/OV798G/lJfTRTfsEY T/33ck5WdfAffV47NRnYwnWm6sRlwAOzA4afOuQ=
X-Google-Smtp-Source: AHgI3IbYbkIasskhQRhBt/gGvZurJpQ4VNa1GTLHf+lsLwW+LtkXcTpxXTnbmHcCAXphuVzHpPBO3+fpWYbrO0bNKmQ=
X-Received: by 2002:a0d:d882:: with SMTP id a124mr5389380ywe.184.1550874976550; Fri, 22 Feb 2019 14:36:16 -0800 (PST)
MIME-Version: 1.0
References: <6D78F4B2-A30D-4562-AC21-E4D3DE019D90@consulintel.es> <B6E2EC33-EEAF-40D0-AFCC-BDAFA9134ACD@consulintel.es> <20190220113603.GK71606@Space.Net> <28fbc2c305c640c9afb3704050f6e8d7@boeing.com> <20190220213107.GS71606@Space.Net> <019c552eb1624d348641d6930829fd1f@boeing.com> <CAKD1Yr0HBG+rhyFWg9zh0t3mW486Mjx9umjn+CRqAZg4z9r0dg@mail.gmail.com> <20190221073530.GT71606@Space.Net> <CAO42Z2wmB2W52b4MZ2h9sW5E9cQKm-HRjyf--q8C26jezS7LXQ@mail.gmail.com> <a73818d31db7422b99a524bc431b00ed@boeing.com> <CAO42Z2z9-48Gbb_Exf+oWUqDO=axSLpZBtqeDcxkAoFq5OziGw@mail.gmail.com> <CALx6S3624hnGauG1HaSWPMvQw0t2Q5R3gb8W4R8w3kuK7dcrWQ@mail.gmail.com> <CAO42Z2wOyTDrp5FNnBZ6KMOPT86o6n8rWRhXWdtSU_AOR9mV2A@mail.gmail.com> <CALx6S37FQVx=Hw3yLGfg-SkCwECc1JZkbcsqxrYLw6Pw5izdfw@mail.gmail.com> <CAD6AjGSsh7GvmrWpn_ZT--KRf=vMUR5awcUe=uhGdKP_w8fW9Q@mail.gmail.com> <CALx6S36i0C5vJ8YHi6KuQ6813d0STYOOyDGN5UY7ytk4X+fKdg@mail.gmail.com>
In-Reply-To: <CALx6S36i0C5vJ8YHi6KuQ6813d0STYOOyDGN5UY7ytk4X+fKdg@mail.gmail.com>
From: Ca By <cb.list6@gmail.com>
Date: Fri, 22 Feb 2019 15:36:05 -0700
Message-ID: <CAD6AjGSsm=Cjn8ULEs2=GwpXir1yMSbiCyQO0pPevZf_NpSUCw@mail.gmail.com>
To: Tom Herbert <tom@herbertland.com>
Cc: "6man@ietf.org" <6man@ietf.org>, IPv6 Operations <v6ops@ietf.org>, Mark Smith <markzzzsmith@gmail.com>
Content-Type: multipart/alternative; boundary="00000000000011844b058283383d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/Bouk_M5dp66Pb-g1PQvr1iV5rwI>
Subject: Re: [v6ops] Is addressing privacy via NAT really achieving much compared to a privacy goal of anonymity? (Re: A common problem with SLAAC in "renumbering" scenarios)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Feb 2019 22:36:21 -0000

On Fri, Feb 22, 2019 at 11:56 AM Tom Herbert <tom@herbertland.com> wrote:

> On Fri, Feb 22, 2019 at 10:06 AM Ca By <cb.list6@gmail.com> wrote:
> >
> >
> >
> > On Fri, Feb 22, 2019 at 10:12 AM Tom Herbert <tom@herbertland.com>
> wrote:
> >>
> >> On Thu, Feb 21, 2019 at 11:35 PM Mark Smith <markzzzsmith@gmail.com>
> wrote:
> >> >
> >> > Hi Tom,
> >> >
> >> > On Fri, 22 Feb 2019 at 10:04, Tom Herbert <tom@herbertland.com>
> wrote:
> >> > >
> >> > > On Thu, Feb 21, 2019 at 2:46 PM Mark Smith <markzzzsmith@gmail.com>
> wrote:
> >> > > >
> >> > > > On Fri, 22 Feb 2019 at 08:53, Manfredi (US), Albert E
> >> > > > <albert.e.manfredi@boeing.com> wrote:
> >> > > > >
> >> >
> >> > <snip>
> >> >
> >> > > >
> >> > > > So I think there's commonly a big different between works and
> works
> >> > > > well. NAT may work, however compared to stateless IPv6 (and IPv4)
> >> > > > forwarding, it doesn't work anywhere as near as well.
> >> > > >
> >> > > Mark,
> >> > >
> >> > > I agreee with that with one exception. I believe that NAT/IPv4 can
> >> > > offer better privacy in addressing than IPv6 given current addess
> >> > > allocation methods.
> >> > >
> >> >
> >> > So I don't think addressing privacy via NAT is really all that
> >> > valuable if there are many other ways, some quite easy, to uniquely
> >> > identify an anonymity desiring end-point/end-user, whose effectiveness
> >> > aren't impacted at all by NAT.
> >> >
> >> > For example, this website is coming over IPv4 for me, and I'm using
> >> > IPv4+NAPT. If IPv4+NAPT was that effective at anonymity, I shouldn't
> >> > be able to tracked.
> >> >
> >> > https://amiunique.org/
> >> >
> >> > Yet it is saying I can be with both Chrome and Firefox on Fedora 29 in
> >> > Incognito/Private windows mode on this host. It says the same about my
> >> > Android 9 phone with Chrome in Incognito mode.
> >> >
> >> > Going into the detail of how, they don't seem to be using IP address
> >> > at all for any identification, it is all browser attributes.
> >> >
> >> > We have IPv6 temporary addresses, which makes using addresses harder
> >> > to use to identify a node. I think that is a lot better than nothing.
> >>
> >> Mark,
> >>
> >> Yes, but by that same rationale a simple substitution cipher is better
> >> than nothing in cryptography!
> >>
> >> What pretty much any conversation about privacy in addressing seems to
> >> lacking is a quantitative description of privacy and any empiracal
> >> data on the impact that privacy mechanisms, like those defined in
> >> RFC4941, have had. You might say it "makes using addresses harder to
> >> use to identify a node". But then the obvious question is _how_ much
> >> harder? Is this really protecting anyone's privacy, or it is just a
> >> minor inconvenience to attackers and only giving users a false sense
> >> of security?
> >>
> >> The irony is that CGN seems to have the best supporting evidence for
> >> being a mechanism that impacts privacy, but it was never even intended
> >> to be a privacy mechanism. The evidence is in the form of concerns
> >> form law enforcement that the privacy side effect is too strong and
> >> impedes their investigations
> >> (https://www.theregister.co.uk/2017/10/18/europol_cgnat/).
> >>
> >> So I don't think "Is addressing privacy via NAT really achieving much
> >> compared to a privacy goal of anonymity?" is the right question. The
> >> right question to ask is "Is addressing privacy via any IETF defined
> >> mechanism achieving much compared to a privacy goal of anonymity?"
> >>
> >> Tom
> >
> >
> >
> >
> > 1.  Network service providers cannot provide address anonymity.  LEA
> requirements in the USA and many jurisdictions simply do not allow it, so
> who is the customer of such a standard?  Who would make and deploy it?
>
> The customer of this is political dissident that is speaking out
> against injustice of a corrupt government. There is nothing that
> prevents a solution that provides the privacy for the dissident, but
> still allows their network provider to maintain records that correlate
> address to identity is available to LEA for the local jurisdiction
> under lawful order. This really isn't different than other areas of
> privacy on the Internet (like the logs that Facebook or Google keep).
> The point is that anonimity is needed to prevent unauthorized third
> parties from breaking someones privacy.
>
> >
> > 2. Network address annonimity today is generally provided via Tor.  How
> could the ietf provide something better than existiting tor solutions,
> knowing that it will not be baked into the network — meaning it must be
> over the top.
> >
>
> I'm not sure what "provided via Tor" means.


Tor is this
https://www.torproject.org/about/overview.html.en

Tor is what people use today for address anonimity today


>
>
> > 3. CGN is not private. It throw off per session logs of every
> transaction, so this is a full click stream archived ... with varing levels
> of intentional monetization and security from hackers.
> >
> Yes, it is expected that the local provider has full view of all
> associations of address to some device, that's pretty much a given and
> we have to trust the local provider to some extent. What we're trying
> to prevent is untrusted external parties from deducing identity or
> location of users.
>
> >
> >>
> >> > However, I don't see how IPv6 NAT would improve it much, and it
> >> > introduces the other drawbacks of NAT.
> >> >
> >> > Regards,
> >> > Mark.
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > > Tom
> >> > >
> >> > > > Regards,
> >> > > > Mark.
> >> > > >
> >> > > >
> >> > > >
> >> > > > > Bert
> >> > > >
> >> > > > _______________________________________________
> >> > > > v6ops mailing list
> >> > > > v6ops@ietf.org
> >> > > > https://www.ietf.org/mailman/listinfo/v6ops
> >>
> >> --------------------------------------------------------------------
> >> IETF IPv6 working group mailing list
> >> ipv6@ietf.org
> >> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> >> --------------------------------------------------------------------
>