On Wed, Aug 18, 2010 at 11:16 PM, Mark Smith wrote:
They help because you're concerned about privacy. You didn't qualify that you're only concerned about privacy from geolocation services, so I described a mechanism that would provide you as much privacy as possible, while also being automatic, and also continuing to provide IPv6 Internet connectivity. No where was cryto mentioned either (on both our parts), yet that is also a privacy mechanism.
I tried to highlight the relationship between ipv4-address and /48-prefixes in regard to privacy. If a provider is known for handling out statically allocated prefixes, it should be possible to track its clients by prefix. Sorry for picking a geolocation-service as an example of where such information can originate from. It was misleading.
As a customer, it's relatively hard to hide from geolocation services because they use your IP address in combination with information that you don't have control over i.e. RIR / whois data. If a customer wants to hide from that, then they'll need to start tunnelling their traffic to another entry/exit point on the Internet.
Fully hiding from geolocation services is only possible with anonymity services, yes.
Much like security, privacy is relative. If you want to have bi-directional communications with another entity, you have to disclose your identity. How long you retain that identity is what makes one form of privacy more private than another. Customers who have high expectations of privacy won't trust their ISP at the time to preserve it - because, as the cliche goes, if you want something done properly, you need to do it yourself. So, as an ISP, you need to think about how much privacy you can provide, can afford to provide, and at what point it becomes irrelevant because your customer doesn't trust you to provide it at all.
But most people just don't care. My proposal is to have some kind of sane defaults for them e.g. changing their prefix every week or in the case of a reconnect. This would mitigate some of the many privacy concerns in the internet a little bit. Of course all the already known problems would still exist. And still people have to care about the technology to reach a higher level of anonymity.
In IPv4-land I have the possibility to reconnect and get a new unrelated ip-address every time.
They're issued by the same ISP, to they're related.
Ups. Unrelated in the sense of random ip from their pool, of course. hannes