Re: [v6ops] Google Alert - IPv6
Tom Herbert <tom@herbertland.com> Thu, 02 November 2017 18:07 UTC
Return-Path: <tom@herbertland.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75B5913F75F for <v6ops@ietfa.amsl.com>; Thu, 2 Nov 2017 11:07:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6ZAXAJHpGmlH for <v6ops@ietfa.amsl.com>; Thu, 2 Nov 2017 11:07:47 -0700 (PDT)
Received: from mail-qt0-x235.google.com (mail-qt0-x235.google.com [IPv6:2607:f8b0:400d:c0d::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2D0213F56A for <v6ops@ietf.org>; Thu, 2 Nov 2017 11:07:46 -0700 (PDT)
Received: by mail-qt0-x235.google.com with SMTP id p1so476400qtg.2 for <v6ops@ietf.org>; Thu, 02 Nov 2017 11:07:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=yvTzlST2YbNtQeAOfLMbYtW2tqfXQ8O0uPEfuEGf6ao=; b=ndTLtJ00/CICJa900GAxwJVdsfYVYpxRZdw0zCOEwlL/rl+OuWkZPnBjQIVHEbUYQE fOzlJdiYJ2MuUt50tuEaYaUAgLWoHdOtu4xc7j6ea2P5BIKTO5oUBV8ZHO/YmnvWhbhM c7hmY5IXssC11JBISECpX60Ik8FxIDmae2VyLEJKb1CBkjqiVIGrZiaADosn+HB/V0bt m+AXO9OeeBz07Qvu9NFmKANkEZLUY0rRf/HxsIYoMWzaBZgoGVzfg4yPXF0n35vzaayf kbi+8IxtiLecNzAlClssrJ9bnr6K51TprmpKE8ZAaD5OwxSujlm2FmWI1R4V0DnRwVRG u0KA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=yvTzlST2YbNtQeAOfLMbYtW2tqfXQ8O0uPEfuEGf6ao=; b=oFLvSZdeYy5SAPOvfOuG+ncJUyNx/C/0iloGaRK2/GjhtNnq6P4bknScJnaaH6odwn IKN5cl1PbjxXvBgDzv0hvid2fLblxJ+hlKMh7hneRDsK6J5/cwEGeGRw6ciiQQg3ZI98 vLYwUbW2es3WZYKVl4H2zMcAQHKgfmPov2puMyyq9m9HvFkF5541ybhAtpbMJMpGzByd Gl5JZx5iSKlLkNn4SK1PR4xUN6Qdxv23HSMreAEVb5PidbTPQvKzQ0SQGo2MLuaAqq7O nORDQRs2ySHuOO3IGDnUXjUpxJbY9l1y0Wf/VPGC4UXDkWaN2UqJJTZtCvMVnq82ab9L CcAg==
X-Gm-Message-State: AMCzsaW7B+8kMoySEkcSjg1avP55yKQWVmSFtCjDyVkQcTqxlpN6wh4P xmJVsmMmi789zlN9WsBRAsWlvxAS00gQ9mCCM3JVQQ==
X-Google-Smtp-Source: ABhQp+Sufinw6P3OVcxE5K3j8+Phho4B4mRn5XmysxirKcmgUzFI1SqsaffraC8FPxupjariCek6Ot3KfAmXHcPSWbU=
X-Received: by 10.237.35.58 with SMTP id h55mr6275504qtc.108.1509646065951; Thu, 02 Nov 2017 11:07:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.237.54.4 with HTTP; Thu, 2 Nov 2017 11:07:44 -0700 (PDT)
In-Reply-To: <8C09CC26-AA68-4E1F-98F4-963B5A53F875@daveor.com>
References: <f403045ef57ac52962055bd88b84@google.com> <20395E98-DA55-447F-BEFE-CB581A88BB78@gmail.com> <alpine.DEB.2.20.1710190655260.31961@uplift.swm.pp.se> <20171019083506.6627a166@echo.ms.redpill-linpro.com> <alpine.DEB.2.20.1710190856530.31961@uplift.swm.pp.se> <787AE7BB302AE849A7480A190F8B93300A056EB5@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <CAHw9_iLWAMexrfXwsdB8duGa5ueJMofqVRqNck6DeOzA=KChqA@mail.gmail.com> <C4E37677-A2FB-49F8-B362-C29B28DFD570@daveor.com> <CE4906A4-E0CC-4C3F-A1F8-D2B5BED294D7@employees.org> <EDC5E9C7-F193-40CE-B21C-8E1D91E9E7E3@daveor.com> <C71D6C23-2720-403F-B655-D8156898A137@employees.org> <CALx6S37E9TN9SyMQfk3CSx9vWzjBM3bmuhvsyN0tFXGYFz9Mjw@mail.gmail.com> <CAO42Z2yXH0sPJYXJ6Nrq0B=UaDK4mC1R2Tds1tFQeBhuVh5meg@mail.gmail.com> <CALx6S36kUrhP=+8KiX3ttr5cszezQfpYdmaFBsOFS-s+_Dqd8g@mail.gmail.com> <8C09CC26-AA68-4E1F-98F4-963B5A53F875@daveor.com>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 02 Nov 2017 11:07:44 -0700
Message-ID: <CALx6S35awQE4V8RxSfZwboOnhU898+BmEQiy8kFhAHPDmdVYGA@mail.gmail.com>
To: Dave O'Reilly <rfc@daveor.com>
Cc: Mark Smith <markzzzsmith@gmail.com>, Ole Troan <otroan@employees.org>, v6ops list <v6ops@ietf.org>, Tore Anderson <tore@fud.no>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/nH9fs5zvnno1d2f1Gmszt7Vg_t0>
Subject: Re: [v6ops] Google Alert - IPv6
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Nov 2017 18:07:49 -0000
On Thu, Nov 2, 2017 at 10:12 AM, Dave O'Reilly <rfc@daveor.com> wrote: > Tom, I have a question. > > You say: > >>> >> Mark, >> >> I think the point is that for privacy we _don't_ want IP addresses to >> identify individuals, but it is work to ensure that they don't. The >> fact that a device can be shared makes the coupling weaker, but >> probably not weak enough to be considered good privacy unless the >> population sharing the device is large enough to avoid statistical >> inference. >> > > I never understood this to be a design consideration of IPv4 (I don’t know about IPv6 but perhaps others could enlighten me?). In either case, is it the case that “we don’t want IP addresses to identify individuals”? Is it not more the case that the evolution of technologies on the Internet has, as a side effect, meant that IP addresses don’t identify individuals? Dave, It wasn't and isn't a design consideration of IPv4. However, it seems to be an accidental side effect of NAT. With a large population of NAT users behind a NAT address there is a strong decoupling between an address and the device or individual associated with the device as viewed externally. That can be contrasted with some of the addressing concepts of IPv6 which entailed used stable identifiers based on a permanent MAC address. In the absence of any mechanisms like NAT that obfuscate addresses, addresses with stable identifiers allow unrelated flows to be correlated to have come from the same source device. When the device is a personal device, then the address can then be correlated to an individual with some degree of accuracy that they are the user. This issue is addressed in RFC4941 which randomizes interface identifiers. RFC4941 allows an IPv6 address to be changed with some frequency, but isn't really intended to give a different source address per flow like NAT effectively does. > > > >>> There really needs to be something else that supports or proves use of a >>> device other than an assumption that an IP address is tightly coupled to a >>> device's owner, and therefore all actions associated with an IP address are >>> thoe se of the device's owner. >> >> I believe there is. It is common for apps, like email, social >> networking, etc. to login to a service with username and password. >> When login is done, the service now has a mapping of an individual to >> an IP address. That mapping could then be exploited to identify the >> same individual in completely unrelated communications, hence breaking >> privacy. This could be done external to the device and the network >> provider and across different jurisdictions. The problem is >> exacerbated if the app is always connected so that whenever the >> devices gets a new IP address to user mapping maintained by some third >> party is kept up to date. Also, in this case, randomizing addresses at >> some frequency may no provide much benefit to privacy unless every >> connection gets a different source address (which is effectively is >> what CGNAT gives). >> > > You don’t even need to log in to anything - isn’t this exactly how doubleclick et-al work? They drop a cookie on your browser and then follow you around the Internet on all sites with double-click banners? > IIRC (I spent some time working in ads), cookies aren't used that way any more since it's an obvious violation of privacy. There is need for remarketing and cross device advertising, but the correlations can be made within double-click system and not exposed to just any advertiser. Companies such as Google obviously collect a lot of PII, and it's clear that they have obligation and got to great pains to protect it (grant it Equifax and others seem to be glaring failures in protecting PII). > Same problem for any application layer identifying information - but also a bit beyond the scope of the CGNAT discussion... > Right, but similar to security, if we want to build a system that has good privacy characteristics then privacy at every layer, even networking layer, should be considered. Tom
- Re: [v6ops] Google Alert - IPv6 Paul Marks
- Re: [v6ops] Google Alert - IPv6 Fred Baker
- Re: [v6ops] Google Alert - IPv6 JORDI PALET MARTINEZ
- Re: [v6ops] Google Alert - IPv6 Brian E Carpenter
- Re: [v6ops] Google Alert - IPv6 Rajiv Asati (rajiva)
- Re: [v6ops] Google Alert - IPv6 Ca By
- Re: [v6ops] Google Alert - IPv6 Erik Kline
- Re: [v6ops] Google Alert - IPv6 Mikael Abrahamsson
- Re: [v6ops] Google Alert - IPv6 Tore Anderson
- Re: [v6ops] Google Alert - IPv6 Mikael Abrahamsson
- Re: [v6ops] Google Alert - IPv6 mohamed.boucadair
- Re: [v6ops] Google Alert - IPv6 Ca By
- Re: [v6ops] Google Alert - IPv6 Lorenzo Colitti
- Re: [v6ops] Google Alert - IPv6 Alexandre Petrescu
- Re: [v6ops] Google Alert - IPv6 Warren Kumari
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 Ca By
- Re: [v6ops] Google Alert - IPv6 Ole Troan
- Re: [v6ops] Google Alert - IPv6 mohamed.boucadair
- Re: [v6ops] [SUSPECTED SPAM] RE: Google Alert - I… Ole Troan
- Re: [v6ops] [SUSPECTED SPAM] RE: Google Alert - I… mohamed.boucadair
- Re: [v6ops] Google Alert - IPv6 Lee Howard
- Re: [v6ops] Google Alert - IPv6 Erik Nygren
- Re: [v6ops] Google Alert - IPv6 Lee Howard
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Ole Troan
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Fred Baker
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Ole Troan
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Fred Baker
- Re: [v6ops] Google Alert - IPv6 Fernando Gont
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Gert Doering
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Mark Smith
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Fred Baker
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 JORDI PALET MARTINEZ
- Re: [v6ops] Google Alert - IPv6 Ole Troan
- Re: [v6ops] Google Alert - IPv6 Fred Baker
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 Ole Troan
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 Ole Troan
- Re: [v6ops] Google Alert - IPv6 Mark Smith
- Re: [v6ops] Google Alert - IPv6 DY Kim
- Re: [v6ops] Google Alert - IPv6 Fred Baker
- Re: [v6ops] Google Alert - IPv6 DY Kim
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 JORDI PALET MARTINEZ
- Re: [v6ops] Google Alert - IPv6 Mark Andrews
- Re: [v6ops] Google Alert - IPv6 JORDI PALET MARTINEZ
- Re: [v6ops] Google Alert - IPv6 Lee Howard
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 JORDI PALET MARTINEZ
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 JORDI PALET MARTINEZ
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 t.petch
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 Ole Troan
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Mark Smith