I’ve seen a few discussions about not enabling ipv6 privacy option (temporary address) by default as it might create issues with apps and services that expect a fixed address, however this is the default on Android and the current Ubuntu LTS (24.04) and I’m not seeing any issue with either.
Is it time to enable this by default on Fedora?
What is the security treat model you hope this change to help with?
Do you mean the feature of:
For the periodic change I hear that more often then once every 24 hours leads to issues. Every 24 hours make tracking your internet activity for advertisers unrealistic.
net.ipv6.conf.default.use_tempaddr=2 leads to prefer the temp address the changing it on every reconnection to the network.
I hear that more often then once every 24 hours leads to issues
Maybe this used to be the case in the past? What issues does it create? I’ve been using Ubuntu 24.04 on another laptop for the past few months which is configured that way by default, my Android phone for years and this Fedora laptop for the past two days, with no issue. Are there issues on edge cases? Why are the other OSes not experiencing them?
What is the security treat model you hope this change to help witt
To be completely honest to reduce resistance from the anti-ipv6 crowd who argues that NAT makes it more secure because while the site can be identified (with the ISP ip address), the specific device cannot.
That sounds like it is an education issue not a technical issue.
I think the issue is services that want to use your ip address as part of the authentication.
Authenticating once a day is fine but every would be annoying.
services that want to use your ip address as part of the authentication
Which services do that? With ipv4 NAT, how do they distinguish between devices? Could they not use the ipv6 subnet the same way they use the ipv4 ip?
That sounds like it is an education issue not a technical issue.
Are you saying there is no value in protecting exactly which device is connecting to a service? I’m no privacy expert, this is nowhere as good for privace as a VPN but there is a least some plausible deniability.
It the fact that the ipv4 address is stable that compated tp a always changing ipv6 address.
I am saying that the misunderstanding of the “crowd” is an education problem.
IPv6 does not need NAT to provide great security.
As mentioned earlier I find this argument invalid. I see no difference between ipv6 and ipv4 unless there is a single device behind NAT, which is rarely if ever the case:
the ipv6 subnet assigned by the isp to the customer is as stable as the ipv4 assigned by ISPs
the ipv6 subnet identifies a site (a house, a company) the same way an ipv4 address identifies a site, but typically multiple devices use that subnet/address from within the site
The only case I can think of where a stable ip address can be used is within a site, so say a company which identifies their devices based on their ip address, but I think that is a special enough case that is should be a customized setting rather than a default. Again, how do people requiring that setting deal with other OSes such as Android, Ubuntu and I believe Windows which use the temp addres by default?
What you are missing is that the ISP assigns a /48 to the user.
Then the route assigns a /64 to each endpioint behind the router.
Are outsider can see that there are connects from the same house (if they assume you got a /48 and not a /64 that some ISP allocate),
but no idea which person in the house you are seeing traffic from.
If your concern is on-line tracking then the fact that you cannot know
which connection belongs to which person is enough to deter you being tracked by IPv6 address (this is information I got from a friend that worked at a big social meadia company).
I have my router setup to randomly assign a IPv6 prefix to each of my end points.
Umlike IPv4 where a brute force scan of all IP address is practical,
its not practical to scan for my devices IPv6 addresses from the internet.
You would need to scan 2**80 addresses.
How is it different than NAT’d ipv4? How does an outsider service distinguish between device/people? Don’t they see everybody from the same house with the same ipv4 ip address?
What is tne treat model you want to protect against?
Somebody searches a political hot topic without being logged in any service. They then reboot (to cover their track), and some days/weeks later log in into the same search engine. At this point the search engine company can pinpoint who exactly made the controversial search.
@dorfsmay, if we were going to do this, that’s what I’d want (because changing every 24 hours is also inconvenient, but doesn’t whatsoever improve privacy, unlike what you propose). However, I don’t support this, because I’ve no need for it, and wouldn’t want the inconvenience, if it means I’m logged-out. If it wouldn’t mean that, I’m apathetic.
wouldn’t want the inconvenience, if it means I’m logged-out
Tell me: Which services relie on the ip address for persistence of login?
What issues are you experiencing when using Android/iOS/Windows/Ubuntu with ipv6? Because as far as I know, they ALL use ipv6 temporary addresses and change it on every network recognition (I checked on Android and Ubuntu, but google tells me it’s the same on iOS and Windows).
@dorfsmay, GitLab and Discord appear to be quite fragile. Some UK MoD websites might also be. I’ll attempt to provide others as I interact with them; apologies.
As I understand it while using a mobile device and connecting to a discrete AP at some location the system by default uses a random MAC address for the connection. Once it has been connected to that particular AP it then continues to use the same random MAC address for the same AP.
Connecting to a different AP uses a different random MAC, which also follows the rules I describe above.
This can be changed within the NetworkManager settings, but I refer to my understanding of the default behavior of fedora.
Within the gnome → settings → wifi panel the identify tab gives 5 options for the mac address
preserve
permanent
random
stable
stable per SSID
Each has its own characteristics. The only one that is truly random for every time it connects it the random setting.
The AP then assigns an IP to the device connecting, and often may assign the same IP to the same MAC address, depending upon different factors such as time between connections, how active the AP may be, etc.
Different MAC → means different IP → means no previously saved cookies would directly apply → increases security for that device and helps prevent tracking. The cookies are mostly what allows tracking.
Using net.ipv6.conf.default.use_tempaddr=2 I get a new ipv6 temporary address on every new connection (eg: closing and re-opening a laptop).
Different MAC → means different IP → means no previously saved cookies would apply
Are you talking about http cookies? I don’t believe this is correct, http cookies have nothing to do with ip addresses. If you are logged in say into google and change network (go from one hours to another), your login is still valid. Some services, like facebook, check your ip address and will make you relogin if you change region, but that is a separate concern than cookies.
I’ve used discord on Android with ipv6 (temp addresses by default) and over different networks (home wifi, mobile data, office, etc…) and have not run into any issue. Can you describe what issues you’ve experienced?