IPv6 is great for everything that is DIRECTLY connected to the internet (needs a public accessible address):

  • modems
  • routers
  • servers

but it seems completely “overkill” to assign internet-clients such as laptops and SmartPhones with a public (!) accessible address.

it is NOT needed.

the user’s NAT service of the internet-router does it for the user (send and receive the traffic).

so ipv6 could be used to uniquely identify devices and users even behind NAT aka mass surveillance, building perfect records of user’s lifes in order to manipulate.

even worse: it leaks the MAC address?

How to turn off IPv6:

tested on GNU Linux Debian various versions:

# Append ipv6.disable=1 to the GRUB_CMDLINE_LINUX variable in
vim /etc/default/grub

GRUB_DEFAULT=0
GRUB_TIMEOUT=2
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
# quiet can be removed to have more verbose output during boot
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
GRUB_CMDLINE_LINUX="ipv6.disable=1"

update-grub;
# run Debian 8 and later
update-grub2;
# rpm based Fedora/CentOS/Redhat
grub2-mkconfig -o /boot/grub2/grub.cfg

# and reboot
shutdown -r now
# check if ipv4 only address is assigned
su - root
ifconfig

alternative:

edit

vim /etc/sysctl.conf

and add those parameters to kernel. Also be sure to add extra lines for other network interfaces you want to disable IPv6.

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1

After editing sysctl.conf, you should run

sysctl -p

to activate changes or reboot system.

BigBrother v6: “You’re being followed

“MAC addresses are unique, as in globally unique, as in the Ethernet interface in your computer has a MAC address that doesn’t exist anywhere else in the world.

If you have a wired and a wireless connection in your computer, your computer has two unique MAC addresses. This is partly why SLAAC works. By using an interface’s MAC address as part of its IPv6 address we ensure a unique IPv6 address is generated every time.

However, the problem with uniqueness is that it can also work as an identifier. When IPv6 was conceived in the mid-90s the Internet wasn’t composed of so many mobile devices like it is today. Also, the combination of the words ‘privacy’ and ‘computer’ weren’t as salient nor contentious as they are today.

Your mobile phone most likely has a MAC address, and will need an IPv6 address if it doesn’t already have one. If your operator is using SLAAC then you can be tracked using the last 48 bits of your IPv6 address because it’s unique. Websites that you visit can see that you have a new IP address, because you have roamed to a new operator, they can also see that the last 48 bits of the address stay the same every time. Hence, every website you visit will know your device regardless of what network you’re on. You can be easily tracked across providers.”

src: https://www.internetsociety.org/resources/deploy360/2014/privacy-extensions-for-ipv6-slaac/

admin