desktop-packages team mailing list archive

[UnrealMiniMe <176125@xxxxxxxxxxxxxxxxxx>]

I think the Ubuntu installer should come with a checkbox option:
[ ] Leave me naked on the Internet and STAB ME IN THE BACK.

Regardless of whether it's checked or unchecked by default, I have a
feeling most people aren't going to want that.

Right now, I'm typing on an operating system where Samba defaults to
settings that basically amount to, "Don't let anything work unless the
user manually edits a configuration file," which is presumably for the
sake of security (unless it's for the sake of deliberately hassling
users).  If security is prioritized over functionality, the same should
go for privacy...yet this same operating system freely gives my MAC
address to anyone I bump into with IPv6, because it's more
functional...and get this:  It's not even more functional for ME, but
for hypothetical system/network admins who aren't even using my
computer.  You have to be kidding me.

I cannot BELIEVE the attitude of system admins on this board.  "Oh no,
this will make forensics so much harder..."  Yes, that is the point.
(It's ironic that these comments are positioned so closely to comments
saying that the privacy extensions don't effectively protect privacy.
Obviously, they do so enough to make forensics a pain in the butt, so
they're accomplishing something good at least.)  "It'd be okay if just a
few rogue users used privacy extensions, but when it's set to default
and everybody does it..."  Yes, that is once again the whole point.  To
the extent that it affects me as an end user, "forensics" = tracking,
and it's not something I particularly appreciate.

This may come as a surprise, but end users are not in the business of
serving system admins who want to track them and/or snitch on them when
some copyright mafia comes knocking.  An end user's operating system
should exclusively serve the end user, not others who may have
conflicting interests.  Writing software that obeys and serves the user
[as opposed to potentially adversarial third parties] is such a
cornerstone of free and open source software that the correct course of
action here should be a no-brainer.  Anything else is a betrayal.

Did I mention copyright mafias?  Let's take that up a notch and consider
the ramifications of default "ass hanging in the wind" policies in
totalitarian countries without free speech.  A
journalist/whistleblower/political dissident or such can use encryption,
a VPN, etc. all she wants, but her IPv6 address may be the one weak link
that ultimately ties all of her activity together and betrays her to the
people who want nothing more than to identify, torture, and kill her.
There is simply no excuse for leaving an obscure hole like this open by
default, especially considering that most people are completely unaware
of it.

Are there lots of other ways for people to track you?  Sure.  Browser
fingerprints are a problem, and that problem should be dealt with...but
there are in fact solutions that are being increasingly adopted, and
this problem is restricted to web browsers anyway.  The existence of
such a problem does not justify saying, "Well, let's just give up on
user privacy and broadcast our friggin' MAC addresses to everyone we
bump into, so we can be persistently tracked across any and all
protocols and applications using IPv6."  There are certainly a lot of
bases to cover when it comes to privacy, but sensible defaults go a long
way toward plugging the holes.

Now, if you're a system admin in an actual enterprise environment where
you legitimately have control over a large number of end user PC's (e.g.
employee PC's), then changing the default IPv6 settings should not be an
issue for you...because, after all, you're the one who installed the OS
on all of these computers in the first place, right?  Each one can be
updated with the same modified config file, and this is made even easier
if they're set up as preconfigured virtual machines.  Now, if you're
just a network admin who has no legal or moral right over end users'
computers, it's simply not their job to appease you.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/176125

Title:
  Ubuntu should activate the IPv6 privacy extension by default (echo 2
  >/proc/sys/net/ipv6/conf/all/use_tempaddr)

Status in “network-manager” package in Ubuntu:
  Confirmed
Status in “procps” package in Ubuntu:
  Confirmed

Bug description:
  Binary package hint: procps

  Some background information:
  recently "Free ADSL", one of the biggest ISP in France, added IPv6 support possibly exposing 2.5 millions of users to IPv6

  The address are configured automatically and by default linux will build it using the MAC address. However this presents a risk of privacy loss:
  - there is an unique identifier which can be used by website to track the location of a laptop or pda
  - some information about the model of the network card (other information can be probably derived if you know the serial number of the card) is leaked

  The following rfc (http://tools.ietf.org/html/draft-ietf-ipngwg-temp-
  addresses-v2-00) mitigitates this problems by introducing temporary
  addresses to be used by outgoing connection (in addition to the static
  address which can be used for incoming connection and have a dns name
  associated with it).

  To activate it under linux you just need to activate the following in sysctl:
  echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr
  or add "net.ipv6.conf.all.use_tempaddr=2"

  thanks for protecting the privacy of the clueless users by default :)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/176125/+subscriptions