Privacy-over-IP does not exist

  1. evgeni
    3. 13 comments

Did not exist. Will never exist. There was quite a lot of buzz about privacy with that new IPv6 thingy. Some say it is bad, as you will have a static address. Some say the privacy extensions will fix everything. I say: lemme rant ;) First of all, that was the internet, when I started using it back in 1999:

[© New Yorker Magazine, March 1993] On the Internet nobody knows that you are a dog' [© New Yorker Magazine, March 1993] On the Internet nobody knows that you are a dog'

And that's the internet today:

robcottingham.ca - How the hell does Facebook know I'm a dog?[© robcottingham.ca] How the hell does Facebook know I'm a dog?

Well, I'd say that's not correct. Even in 1999 facebook could know you are a dog (if you ignore the fact, that there was no facebook in 1999), it's just noone really cared about it. But let's start from the beginning :)

An IP-address is a 32-bit integer

An IP-address is technically a 32-bit integer, formatted into 4 8-bit parts (you can read more about IPv4 at Wikipedia), which makes a total of 4,294,967,296 possible IP-addresses. Your ISP has a range in this "address-space" it can give to its customers (you). My ISP (Unitymedia) "owns" about 300,000 IP-addresses (based on the RIPE database), which is about 0.007% of the whole address-space. If you look at the RIPE page, you see two common netname prefixes (DE-KNRW and DE-IESY-HFC) which match two regions of Germany where my ISP has its customers (Unitymedia is a merge of ish and iesy). What does that mean? It means one can map a Unitymedia customer into one of these regions, even if he would change his IP-address (Unitymedia uses DHCP with high lease-times, so this does not happen actually). It does not map the customer to a dog yet, but I bet real GeoIP databases can map them correctly to a city (I didn't try much, but this site suggests it works: http://www.ip-adress.com/?lc=en - at least they map me correctly to Duesseldorf).

Dynamic IP-addresses do not improve privacy

Given the above facts, even if Unitymedia would give me a new IP-address every X hours (many DSL-providers have X=24), it is still possible to map me into a set of about 150,000 "users" (here user means customer, there still may be multiple computers connected via the same line). I would even go further and say the set is much smaller, as I think I am not able to get every "free" IP-address from DE-KNRW-*, as these should be bound to cities/regions (GeoIP databases exist, you rememember?) and I do not move with my line.

Routers and reverse DNS kill privacy

Currently, "my" IP-address is 62.143.232.104, which has a reverse DNS entry ip-62-143-232-104.unitymediagroup.de and does not say anything about me or my location, besides of the obvious "Unitymedia customer". But look at the traceroute:

4  7111A-MX960-01-ae5.frankfurt.unity-media.net (80.81.192.181)

5  13NOC-MX960-01-ae8.kerpen.unity-media.net (80.69.107.26)

6  1411G-MX960-01-ae9.neuss.unity-media.net (80.69.107.2)

7  1411J-MX960-01-ae1.bilk.unity-media.net (80.69.107.70)

8  PH-1411J-uBR10k-06-Te-1-2-0.bilk.unity-media.net (80.69.102.106)
Frankfurt is about 250km from here, Kerpen about 60, Neuss about 10 and Bilk is a part of the city I live in, about 4km away from my home. I guess you get the idea :)

Browsers kill privacy too

Do I have to say more than a link to https://panopticlick.eff.org/? My Chromium scores one in 1,400,000. How much IP-addresses did I have to hide in again? We are at the dog level now, dogs use BoneOS with FireBark, not Linux with Chromium :)

IPv6 kills cute kittens

Oh, and privacy, because with IPv6, there are 2^128 IPv6-addresses out there, of which your provider will maybe own a /32 (2^96 addresses) and give you a /48 (2^80 addresses) or (more likely) /64 (2^64 addresses). Then you enable the great IPv6 privacy extensions (RFC4941) and happily hide in your own assigned subnet, still being a customer of your ISP, still living in the same city and using your old browser... It's just about mapping subnets instead of individual IP-addresses then. And we can't get lower as the dog level

People can annoy me

I did not write all this to teach you, you can do yourself with Wikipedia and RFCs. There is a person out there, who thinks using a random name, mail address and twitter account could fool me into thinking that's a new, yet unknown, person to me. Well, I am not stupid, sorry. When you comment on my blog, your IP-address is logged, when I approve the comment, I often look at the reverse DNS and the whois entry of that IP-address (sorry, I AM paranoid). I even might check my webserver logs (or Piwik) where did you come from (Google etc), writing "accidentally" in your comment does not help :) Also, if you are trying to fool me, don't use your own computer, running Windows 7 and Firefox which I installed. Oh, and probably do not use your home line which I used to login into my admin-area using my unique Chromium ;) Sorry Hanna Lena, the chicken has just eaten her own eggs... And yes, one can track down a single person on this big thing called internet, IPv6 will not change this (in any direction).

Comments

Nobody wrote on 2011-02-13 07:36:

So okay, what country do I come from and what web site referred me here? Posting info about yourself, as you now just did, is far more incriminating than any DNS-based analytics.

evgeni wrote on 2011-02-13 08:35:

Well, you are coming from a GB-located TOR node. You have JavaScript disabled and most probably not running Firefox 3.6.3 on Windows 7 as your user-agent suggests. I do not know more (yet).

rozie wrote on 2011-02-13 07:37:

Well, the most reliable way to identify people is by they language (dogs bark, cats meow) or their believes (dogs like bones, cats like milk). Random name and email won’t help much here indeed.

But IP, browser data, OS data and referrer can be easily (and in pretty comfortable way) hidden. There are ready tools for this.

Of course using masking techniques is fingerprint as well… ;-)

evgeni wrote on 2011-02-13 08:46:

Sure tools exist. TOR exists. But most people are not using these AND as your correctly said using them is a fingerprint too.

There was a cool talk by Jeroen Massar at the 27C3 about this: http://events.ccc.de/congress/2010/Fahrplan/events/4301.en.html http://media.ccc.de/browse/congress/2010/27c3-4301-en-flow_analysis_of_internet_activities.html

Giorgos wrote on 2011-02-13 09:23:

Yes, perfect privacy does not exist. Relative privacy may be hard to achieve. So, does that mean we should just give up and not care about privacy at all?

evgeni wrote on 2011-02-13 09:30:

Nope, we just should stop whining about new stuff we believe could kill privacy but in fact do not more than existing one.

Giorgos wrote on 2011-02-13 17:23:

The “great” privacy extensions are still useful.

evgeni wrote on 2011-02-13 18:46:

Yepp, but only for roaming devices, when you use your laptop at work and at home, or your iPhone or Android (as Juri mentioned)

Giorgos wrote on 2011-02-14 12:15:

There shouldn’t be any harm in keeping them enabled for stationary devices as well. Being known on the Internet by your MAC address, you will have less (if any) of an incentive to deal with the other privacy issues you raised.

Browsers change their fingerprints and behaviour, cookies and LSOs get deleted, people switch browsers, OSes, ISPs and move homes but your MAC will probably stay with you throughout your network card’s lifetime (unless you make a habit of spoofing it).

PS. Just out of curiosity, are you able to get a reverse DNS entry for my IP?

evgeni wrote on 2011-02-15 08:25:

No, I cannot resolve your rDNS.

Seraphyn wrote on 2011-02-13 10:29:

Wise words.

For me is the only reason to fear IPv6 the part of OttoNormal-User and his security.

I think that the user is overcharged to secure his new blingbling-things like a.e tv with internet, operating system and so. I’m from Germany too and I’m fascinated about WLAN-Security at all in my small town, the same in Frankfurt/Main. It seems not easy to keep the spambots etc low if IPv6 comes around and every user with every of his gizmos have a static IP.

I think there won’t be anymore the small rushle of scriptkiddies in the net, it will be a little bit harder to fight botnets etc.

So, for me it is time to think about that, and of course in the part of privacy you’re right.

Greetings

Seraphyn

Seraphyn wrote on 2011-02-13 10:34:

BTW look at Android, it is a nice addition to your words.

Android is possible to determine your position with just GSM ;)

Greetings

Seraphyn

Juri wrote on 2011-02-13 16:30:

Hi there,

interesting article. You could also mention the _exact_ identification of android and iphone users using IPv6, since they Hardware ID is appended to the IPv6 address. :)

Just added your blog to my newsreader. Keep up the good work.

Send your comments to evgeni+blogcomments@golov.de and I will publish them here (if you want).