Conversation

You’re unable to view this Tweet because this account owner limits who can view their Tweets. Learn more

Replying to

and

Agree, and we don't intend to disable privacy addresses, but it's frustrating that a privacy feature is making things worse than not using the feature. Not much point using privacy addresses for link-local addresses though, so the new status quo for that upstream is good.

Replying to

and

If you want to avoid correlation, why do you use stable addresses in the first place? Why not RFC8981 addressess only?

Replying to

FWIW, we explicitly removed the requirement to configure stable addresses with that in mind ;-)

Replying to

and

Associated MAC randomization is enabled by default in Android. It uses a persistent per-network random MAC address. When MAC randomization is enabled, they use a link-local IP address based on the MAC address. They only use the stable privacy address feature when MAC rand is off.

Replying to

GrapheneOS adds an ephemeral MAC randomization option and that's the default for us. It can be changed to per-network MAC randomization or disabling MAC randomization, which are the 2 options in AOSP and the stock OS on Pixels without modifications to them.

Replying to

and

My take is that if you randomize the MAC addresses (*not* on a per-network basis), you probably have no reason for configuring a stable address. -- so you should doing RFC8981-only.

Replying to

and

Stable privacy addresses are only used by Android when MAC randomization is disabled. The stable privacy address feature otherwise isn't used. The issue with public IPv6 addresses isn't an intentional design choice by Android but rather a Linux kernel design issue.

Replying to

and

So, if you stay on the same net, for a long period of time, no addresses remain stable? -- my recolection is that Android did RFC4941+RFC7217 of sorts... (i.e., *not* temp-only..)

Replying to

and

By default, Android uses a persistent random MAC address for each network, a link-local IPv6 address based on the MAC address and an ephemeral public IPv6 address rotating daily for new connections and valid for up to a week per Linux kernel defaults for privacy address rotation.

Replying to

If you disable MAC randomization, it uses the hardware MAC and a stable privacy address for the link-local IP address. Public addresses always work the same way: ephemeral rotating privacy addresses. GrapheneOS adds ephemeral MAC rand and uses that as the default mode instead.

9:25 AM · May 23, 2021Twitter Web App

Replying to

We still have both of their standard modes (per-network randomization, device MAC) but we add a 3rd mode. The problem we need to fix is that when you move across networks, the Linux kernel doesn't start over with fresh public privacy addresses. Keeps counting down same timers.

Replying to

They should have worked around this but I guess they somehow didn't notice it. You wouldn't notice if your local network has IPv6 but you don't have IPv6 internet access, so maybe the people working on these things weren't testing on networks with IPv6 internet access. *shrug*