[OT] Re: IPv6 Interview Questions and critic

Tue Aug 27 16:56:59 UTC 2002

>>> "Kevin" == Kevin Oberman <oberman at es.net> writes:

    Kevin> This is really pretty silly.

Not really, Joe may actually have  a point here.  

    Kevin> Only  end nodes  will auto-configure  with the  MAC address
    Kevin> used for 48 bits of the IPv6 address. Exactly how this is a
    Kevin> serious privacy issue continues  to elude me, but I suppose
    Kevin> that  the paranoid  may want  to change  it to  some things
    Kevin> else. (And change it on an hourly basis, if they are REALLY
    Kevin> paranoid.)

The reason  for EUI64  is to  provide a sensible  default for  the end
system  address.  Yes  it  is  possible  for  anyone  with  sufficient
motivation to use something else,  but the vast majority of users will
just plug their in laptops and get an address.

What information  can be reconstructed  from this? For a  mobile user,
you could construct a list of the providers and POPs that they tend to
use. This  means that when I use  google, they can easily  tell that I
live in  abc neighborhood and  work at xyz  company and tend  to spend
time surfing the  web at my friend's place across  town.  That is, you
can infer patterns of physical movement of the device and the user.

The worry is not so much  about the people with the technical savvy to
randomize their addresses,  but about everybody else that  is not even
aware that they're making  themselves and their movements conveniently
identifiable.

Don't credit cards  and cell phones do the same  thing? Yes, it is the
same problem. But   in those cases, at least  there are  more barriers
to getting at and using the information... In theory...

    Kevin> God help us all if some discovers that I use both Intel and
    Kevin> 3Com cards! (Not to mention Agere on occasion.)

Just wait  until you start getting targeted  advertising from Realtek!

;)

-w