Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
saltcured 2 days ago

I feel like this is a silly narrowing of the problem for normal, retail users. My priority isn't masking "the number of addresses" or devices. My desire is to not have a persistent identifier to correlate all my traffic. The whole idea of temporary addresses fails at this because the network prefix becomes the correlation ID.

I'm not an IPv4 apologist though. Clearly the NAT/DHCP assignments from the ISP are essentially the same risk, with just one shallow layer of pseudo-obscurity. I'd rather have IPv6 and remind myself that my traffic is tagged with my customer ID, one way or another.

Unfortunately, I see no real hope that this will ever be mitigated. Incentives are not aligned for any ISP to actually help mask customer traffic. It seems that onion routing (i.e. Tor) is the best anyone has come up with, and I suspect that in today's world, this has become a net liability for a mundane, privacy-conscious user.

throw0101c 2 days ago | parent | next [-]

> My desire is to not have a persistent identifier to correlate all my traffic.

Reboot your router. Asus (with the vendor firmware) allows you do this in a scheduled manner. You'll get a new IPv4 WAN IP (for your NAT stuff) and (with most ISPs) a new IPV6 prefix.

As it stands, if you think NAT hides an individual device, you may have a false sense of security (PDF):

* https://oasis.library.unlv.edu/cgi/viewcontent.cgi?article=1...

ronsor 2 days ago | parent | prev [-]

> The whole idea of temporary addresses fails at this because the network prefix becomes the correlation ID.

So the same as the public IPv4 on a traditional home NAT setup?

graemep 2 days ago | parent [-]

Most home users do not have a static public IPv4 address - they have a single address that changes over time.

db48x 2 days ago | parent | next [-]

But most ISPs aren’t giving out static IPv6 prefixes either. Instead they are collecting logs of what addresses they’ve handed out to which customer and holding on to them for years and years in case a court requests them. Tracking visitors doesn’t need to use ip addresses simply because it’s trivial to do so with cookies or browser fingerprinting. There’s exactly zero privacy either way.

graemep a day ago | parent [-]

> Instead they are collecting logs of what addresses they’ve handed out to which customer and holding on to them for years and years in case a court requests them.

They are only supposed to hang on to them for a limited time according to the law where I live (six months AFAIK). Courts are also unwilling to accept IPv4 addresses as proof of identity.

> Tracking visitors doesn’t need to use ip addresses simply because it’s trivial to do so with cookies or browser fingerprinting

Cookies can be deleted. Browser fingerprinting can be made unreliable.

Its not zero privacy either way. Privacy is not a binary. Giving out more information reduces your privacy.

throw0101c 2 days ago | parent | prev [-]

> Most home users do not have a static public IPv4 address - they have a single address that changes over time.

I'd be curious to know the statistics on this: I would hazard to guess that for most ISPs, if your router/modem does not reboot, your IPv4 address (and IPv6 prefix) will not change.