Re: dynamic or static IPv6 prefixes to residential customers
--- jeroen@unfix.org wrote: From: Jeroen Massar <jeroen@unfix.org> On 2011-07-27 03:25 , Scott Weeks wrote:
-------- matt.addison@lists.evilgeni.us wrote: ---------------------
[..] 1: http://panopticlick.eff.org/
All you need to do with what that site says is write a sh script that deletes and then creates the same user.
And there you sprung into a trap. You will be the only one doing this and having no history and thus you stick out very well, as the new guy on the Internet every single day, from a similar prefix, but still accessing a similar set of hosts etc. I think I did a talk about that at CCC last year ;) ------------------------------------------------- Not from the same prefix. I have multiple networks coming into my house and I cycle through them. next... :-) Is there anything you can point me to on the talk? I'd be really interested in reading it. ----------------------------------------------------------------- You are blocking all the facebook/google+ like and the insane amount of advertisement (read: tracking) networks who are included on almost every page do you? As everytime you fetch a page, even if it is not the main site, you also hit them for an ad or a like-button (even if it is just the image and you don't actually click you hit their server) and voila you are tracked anyway. ----------------------------------------------------------------- I have never done facebook and I do very little google (mainly just Earth as nothing free can compete with it afaik) for just these reasons. See Urchin (http://www.google.com/urchin/features.html) and watch your browser for _utma, _utmb, etc cookies. And, yes, I block every cookie (except the few I want to allow) as the various browsers I use all are set to "ask me every time". The bad thing, though, is what they send 'back home'. I am curious and have been looking into that recently. scott Giving dynamic addresses out thus only still have one valid reason: nomadic users and the ability to aggregate prefixes inside a network. Because when users are static, you just route a /36 to a location and route prefixes out of that to the users and voila. When they are nomadic/mobile you don't want all those millions of /48s polluting your iBGP though. For every other case, dynamic addresses just make no sense, except for the cash cow that they are and that is the real reason that is the default being offered, as technically they cost more money. Greets, Jeroen
On 2011-07-27 20:27 , Scott Weeks wrote:
--- jeroen@unfix.org wrote: From: Jeroen Massar <jeroen@unfix.org> On 2011-07-27 03:25 , Scott Weeks wrote:
-------- matt.addison@lists.evilgeni.us wrote: ---------------------
[..] 1: http://panopticlick.eff.org/
All you need to do with what that site says is write a sh script that deletes and then creates the same user.
And there you sprung into a trap. You will be the only one doing this and having no history and thus you stick out very well, as the new guy on the Internet every single day, from a similar prefix, but still accessing a similar set of hosts etc. I think I did a talk about that at CCC last year ;) -------------------------------------------------
[ Scott, please fix your mail program, as the quoting you are using is horrible. I wrote the "All you need" part while you wrote the "sprung in a trap" part, standard quoting rules make it seem the other way ]
Not from the same prefix. I have multiple networks coming into my house and I cycle through them. next... :-)
The source address is not the point where you get profiled, it is the destination address. Or do you also cycle prefixes for your mail server? And I guess you also don't use DNS then ;)
Is there anything you can point me to on the talk? I'd be really interested in reading it.
I suggest you watch the vid on Youtube or from one of the CCC boxes and of course grab the PPT from my website then you have everything there publicly is. The PPT has lot less than the story I told though ;) As for cycling prefixes or changing addresses, it won't help you at all as you are still going to connect as a way of habit to the same hosts/sites that you connected to previously. And as an engineer type you probably whip out the SSH quite quickly to connect to some or or another and that is not the pattern that an innocent 8 year old is following... (hmmm begs to differ if there are actually innocent ones left but heck ;) There is unfortunately not a real way to hide, except making sure that the adversary you don't want to know what you are doing on the net can't at all see what you are doing in the first place. And that is quite a tricky one to accomplish, the best bet as a wolf is to don your sheep uniform and go sit in between the rest of the sheep and act like a sheep and be a sheep as otherwise you'll blow your cover very quickly. It of course all depends what the adversary is and what you are protecting against ;) Greets, Jeroen
participants (2)
-
Jeroen Massar
-
Scott Weeks