Conversation

Daniel Micay
@DanielMicay
twitter.com/DanielMicay/st Android 11 disables usage of stable "privacy" addresses for networks where MAC randomization is being used. We'll no longer need to disable this feature. The other issues we've discovered and put initial work into addressing are still problems though.
Quote Tweet
Daniel Micay
@DanielMicay
From the latest GrapheneOS release notes (grapheneos.org/releases#2020.): > disable RFC 7217 support (stable link-local IPv6 privacy addresses) and stick to link-local IP addresses based on the (random) MAC addresses The Linux implementation of privacy extensions is some nasty stuff.
Show this thread
2
9
Daniel Micay
@DanielMicay
twitter.com/DontDisableIPv Silly bot. Disabling IPv6 would certainly be an easy way to address multiple issues in the Linux kernel implementation providing a way to track users across networks. Linux kernel's take on "privacy" addresses regresses privacy in some very serious ways.
Quote Tweet
Don't Disable IPv6
@DontDisableIPv6
Replying to @DanielMicay
Please don't disable IPv6, it will break things. #DontDisableIPv6 superuser.com/questions/1229
1
4
Daniel Micay
@DanielMicay
Replying to
@DanielMicay
There are other issues beyond this too, including problematic timers and overly coarse (or simply poor) randomization. Many of the harder issues to solve are due to having the OS split up into a bunch of independent projects. Serious lack of whole picture privacy/security work.
1
3
Daniel Micay
@DanielMicay
If standards recommend an implementation that would require coordination between wpa_supplicant and the Linux kernel or something similar, they tend to take shortcuts resulting in weaker privacy than expected. A lot of these things have been considered in newer RFCs...
1
2
Show replies