|
|
|
|
|
|
by pdkl95
3912 days ago
|
|
|
For the billionth time, NAT does not provide any security as it only does address conversion. The other fields in the IP and TCP headers (such as the connect(2) side's port number, the TCP timestamp[1], badly implemented initial sequence numbers[2], and anything else that is useful for OS fingerprinting) can be used to distinguish between users[3] that share a single NATed IP address. As you say, HTTP cookies and other higher-level protocol techniques are usually more than enough to enable tracking. Worrying about your MAC or IP address is like worrying about your street address. If you are going to be on the net and ask people to send you data, they need to know where to send it. It will always be possible for the person sending the data to log the return addresses. Use Tor (or similar) for privacy, as your IP is by definition public. The most powerful feature of the internet was how it allowed anybody to publish on their own, unrestricted by any central authority, so please stop trying to create the digital imprimatur[4] with NAT. [1] http://phrack.org/issues/63/3.html#article (section 0x03-2, "TCP Timestamp To count Hosts behind NAT") [2] http://lcamtuf.coredump.cx/oldtcp/tcpseq.html [3] http://memeover.arkem.org/2012/02/identifying-computers-behi... [4] https://www.fourmilab.ch/documents/digital-imprimatur/ |
|
|
The above are all good points. However, using IPv6 for tracking is trivial. Getting behind the NAT is not. It should not be trivial to track. From a behavioral economics framework, the more steps a bad actor has to take to be "bad", the less less he's to do so. Conversely, the easier it easier for people to behave good, the more likely they will do so.