We're working on fixes for IPv4 and IPv6 privacy issues compromising anonymity.
MAC randomization (with our enhancements), anonymous probes with random sequence numbers and the DHCP anonymity profile work properly. However, there are other issues needing to be resolved...
Conversation
One IPv6 issue has been reported upstream and after resolving an initial misunderstanding they seem to be on the same page about it.
It would be best if these kinds of things were resolved upstream. It takes them a long time to deal with it though. Maybe Android 12 at least.
1
1
20
You’re unable to view this Tweet because this account owner limits who can view their Tweets. Learn more
They handle the link-local addresses in a reasonable way: uses MAC address when there's a random MAC address, otherwise a stable privacy address. They were previously screwing up MAC address randomization by always using stable link-local privacy addresses on newer Linux kernels.
2
1
We were disabling that feature downstream but now we no longer need to disable it since they fixed it to be conditional. There are still other issues though. The Linux kernel happily reuses the global privacy address across networks. State isn't always properly flushed for it.
It's worse to have privacy addresses enabled right now if you're using MAC randomization than not having them enabled. In theory, they help due to rotation but in practice there are serious issues with them. Some network management tools reset more state and handle it better.
1
1
There are other issues aside from the addresses. It's frustrating digging deeper into it and realizing how screwed up this stuff is in the Linux kernel. Shouldn't need to reboot between connecting to each network to avoid reusing identifiers, 'keys', counters, etc. for things.
2
1
Show replies
Traditional temporary adresses (RFC3041/RFC4941) were *meant* to work that way. That's why we published RFC8981 earlier this year, obsoleting RFC4941....
1