Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

IPv6 will allow them to track you down. Not!

Andrew Sullivan, Principal Architect, Dyn | Jan. 2, 2014
Everyone from marketers to law enforcement officials seem to hold the same misconception that IPv6 is going to make it possible to expose people in a way that IPv4 does not.

NATs are a problem on the Internet because they're in the way. Suppose you want to make a voice call over the Internet to your mother.  The way you think of this might be that your computer connects to your mother's computer.  What actually happens is that you pass your data through your NAT, and your mother passes her data through her NAT, and the only machines that are actually talking to each other across the Internet are the two NATs.  If they get anything wrong, packets get lost and the voice quality degrades.

Now, there is no scarcity of IPv6 addresses: there are more than enough IPv6 addresses for every atom on the face of the earth.  So there's no need to have NAT.  Certainly every device that wants one can have an IPv6 address.  Doesn't this mean that identification of users (by marketers or governments or whatever) will be easier?  Aren't we giving up privacy even as we gain the benefits of getting rid of NAT?  No.

To begin with, the way that IPv6 addresses are usually issued means that most devices won't have just one address. Instead, they're likely to get various ranges, which means that each time you see a different IPv6 address you don't know whether it is a distinct device. This is sort of the reverse of the IPv4 problem. Under IPv4 and NAT, one address corresponds to multiple machines. Under IPv6, one machine may correspond to multiple addresses.

Moreover, there are standard techniques (like those specified in RFC 4941 and RFC 3972) designed to enable a node to change its address.  The goal is to conceal that the same node is involved in different transactions, by using different addresses for different transactions.  Such techniques are not available under IPv4.  So while it is true that nobody can tell which of the boxes is behind your NAT address, they can certainly associate all the traffic with a single NAT.

Currently, IPv6 also provides a lot less geolocation data than IPv4 does.  This is really just a temporary state of affairs, however, there is so much more IPv4 penetration that it is easy for geolocation database builders to identify the geographical location associated with an IPv4 address.  And there are only four billion IPv4 addresses, so it is feasible to store information about every one of them.  The low use rates of IPv6 so far, and the enormous size of the address space, means that the geolocation information about IPv6 addresses is not currently commercially viable.

In any case, the best way to track someone's behavior is not by address anyway, because people change networks too often.  Smartphones and tablets move back and forth between mobile networks and Wi-Fi networks throughout the day.  Even many laptops move through different Wi-Fi networks frequently.  But someone who wants to track a user doesn't want that tracking to fail every time the user leaves home and changes networks.  This is why social networks are so beloved of marketers: they actually reveal the additional information to marketers about where users are and the networks through which they travel.

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.