IPv6 Privacy Extensions aren't enabled

REPRODUCIBILITY: always?
BUILD ID = OS VERSION (Settings > About product): 4.2.0.19 (Verla)
HARDWARE (XA2, X10, X10 II, …): X10 II
UI LANGUAGE: Finnish
REGRESSION: (compared to previous public release: Yes, No, ?): No (unknown)

DESCRIPTION:

When a dualstack network is used, IPv6 privacy extensions aren’t enabled so the device MAC address is revealed to all IPv6-capable services making cross-network tracking trivial.

PRECONDITIONS:

Dualstack network is used.

STEPS TO REPRODUCE:

  1. Connect to a IPv6-capable WiFi
  2. Navigate to https://ipv6-test.com/ and observe SLAAC: yes and see the device MAC address.
  3. Check Settings → About to confirm that it indeed is the WiFi MAC address.

EXPECTED RESULT:

https://ipv6-test.com/ says SLAAC No and doesn’t show the MAC address which is the behaviour on any modern operating system (including Android or iOS).

ACTUAL RESULT:

SLAAC: Yes and MAC address is shown making cross-network tracking trivial.

ADDITIONAL INFORMATION:

Screenshots/photos available upon request, I don’t consider it necessary for this problem.

2 Likes

I see that there is /etc/sysctl.d/ipv6-settings.conf which contains

# Enable IPv6 tempaddress and prefer it
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.all.use_tempaddr = 2

# Disable icmp redirects
net.ipv6.conf.default.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0

which should resolve this issue or prevent it from appearing, but it doesn’t seem to have an effect

I tried to fix it by /etc/sysctl.d/99-privacyextensions.conf containing:

net.ipv6.conf.rmnet_ipa0.use_tempaddr=2
net.ipv6.conf.wlan0.use_tempaddr=2

but didn’t have any luck either. I guess this issue comes from Connman as manually loading the file with sysctl -p /etc/sysctl.d/99-privacyextensions.conf didn’t help either.

1 Like