You’ve heard about IPs before; it stands for “Internet Protocol” and you know that when you’re online you have your own IP address. One thing people don’t usually think about, though, is its version. The latest IP version that’s coming along is IPv6 and it has a whole lot of implications for users’ privacy.
IPv6 is a relatively new version of Internet Protocol even though it has been in development for two decades. Its predecessor is IPv4. The gap between IPv4 and IPv6 resulted from the assignment of version 5 to the experimental Internet Stream Protocol in 1979, which was never actually called by the name “IPv5”.
The internet was designed in 1973 and commercially launched in 1983. Because at that time there weren’t many devices that were going to be connected to the internet, the developers allocated the address space to be able to define 4.3 billion addresses thinking that it would be more than enough. The development of IPv6 began in 1992 when the internet Engineering Task Force (IETF) realized that we will need more IP addresses. It was designed with 128-bit addresses, meaning that it is capable of 340 undecillion addresses.
One undecillion is 1 times 10 to the power of 36, while a billion is 1 x 10^9. We needed more addresses if we wanted more devices to be capable of browsing the internet. The number of smartphones we have right now is enough to exhaust the IPv4 address space instantaneously.
Therefore on June 6 2012, IPv6 was launched by many companies, such as Google in hopes that many others will follow – as they did. Right now, IPv6 and IPv4 operate completely independently over the same 2-layer infrastructure.
Ever since it’s launch, there have been many speculations about the IPv6, about its speed, reliability, security, and privacy. There were many public discussions about IPv6 being just too unreliable, slow, and generally bad. Many security problems in IPv6 remain the same as in IPv4, but v6 further has new features that affect the system and network security. One more problem is that it’s fairly new, meaning that we can expect many more issues with it as time and technologies progress, ones that we haven’t even thought about.
But what about privacy?
The division of address space between global registries can provide information about the location of an address as well as its originating device. There are many IPv6 address assignment methods available, including DHCPv6, SLAAC, and Manual assignment.
DHCPv6 or the Dynamic Host Configuration Protocol version 6 is a protocol for configuring IPv6 hosts with IP prefixes, IP addresses and other configuration settings needed to operate in an IPv6 network.
IPv6 hosts can also use stateless address auto-configuration (SLAA).
Such auto-configuration on the basis of the MAC address is a particular privacy concern for mobile devices such as laptops and phones.
The MAC address of the device always stays the same and so it’s basically the device’s ID. So, when you access the internet from a different location, the MAC address based identifier can be used to track the movement of a particular device. It also provides the type of hardware used and allows logging of user’s online activity.
This could have been done even before, but space was a major restriction. This lack of space forced the use of NAT and NAPT which provided a certain amount of privacy. While NAT cannot be considered a privacy solution by any mean, it does provide a layer of abstraction between network communications and the device to a degree.
This certainly increases user privacy since an outside viewer cannot distinguish what device made a particular request without deeper investigation beyond a NAT gateway. Now that IPv6 can provide more than 10000 trillion IP addresses for each human alive, we are looking at the future where each device on the planet has its own unique IP address.
That, together with the already huge problem of companies craving for our personal data so they can sell customer-specific ads becomes an undeniable concern. There was a report that an AI program assigned for tracking the buying habits of Target customers determined that one customer was pregnant and that person started seeing ads for baby products.
At first, it raised the eyebrows of many people, they even decided to contact the supermarket’s manager who kindly apologized, thinking that it was a bug. Only a month later the parents confirmed that their daughter actually was pregnant.
We don’t want such personal information leaked even though this case wasn’t as serious as many of them are. Implementation of IPv6 hasn’t solved any of our problems and judging by many critics, problems are getting worse with each day.
With IPv6 address space being so huge it reduces the need for address recycling. This allows agents to harness the certain characteristics of an IPv6 to mark a specific user and its fingerprint. This would allow tracking of an individual as soon as they get online, even further diminishing internet user privacy.