discussion: enable 0701 network.dns.disableIPv6

[Thorin-Oakenpants]

First, lets get some facts about this. Off the top of my head, it certainly is a privacy risk, in fact it can uniquely identify you. IMO it's only slightly worse than revealing your IP. It is assumed with a of things, that you at least mask your IP, but when we look at mitigating items, we always look at them in isolation (i.e worst case scenario). As long the correct info is there, users can make informed decisions.

So before we don anything, lets gets some facts

• what is leaked (eg MAC address)
  • what can be leaked, and what is always leaked?
• can an extension mitigate/spoof these leaks?
• does disabling IPv6 make you more FP'able (added entropy of a boolean, disabled would be a very tiny group)
  • don't get me wrong here: ensuring you're not uniquely ID'ed takes precedence over FP'ing
• does a VPN mitigate this
• are all VPNS the same in this regard
• how widespread is IPv6, and with major sites (eg google, amazon, etc) - widespread enough, thanks Atavic
• other?

Once we have some solid facts, then we can decide how to frame this and what setting (active/inactive) to use.

[Atavic]

In 2016:

Interestingly enough, despite the need for more IP addresses, only 33% of the top 100 sites in the world have IPv6 enabled.

In 2017 (a long read):

APNIC and Akamai (about countries accessing their services using IPv6) report about the top 10 countries having over 22% of user traffic on IPv6.

In 2018 (DDOS):

the IPv4 address space is scannable; not so IPv6, the address space of which is so huge that it would be very difficult to use the same discovery techniques.

[Thorin-Oakenpants]

I don't think how widespread ipv6 is matters (edit, I did ask that :faceplam:). The fact that it exists in reasonable numbers is enough. It's agreed then that it's a threat. What we need are rational answers and info

• eg this is only useful for those not masking their IP (eg via VPN) and will raise your entropy in FP (or something like that)

[earthlng]

How is IPv6 useful for those who DO mask their IP? does it matter for them?

What are the reasons FOR using ipv6? And how does disabling ipv6 raise your entropy?

[Thorin-Oakenpants]

How is IPv6 useful for those who DO mask their IP? does it matter for them?

That's exactly what I was asking. I always thought that a VPN, for example, masked you from this - i.e you couldn't pass on your MAC address or whatever. Maybe not all VPNS are the same? IDK, hence this issue.

What are the reasons FOR using ipv6? And how does disabling ipv6 raise your entropy?

I would say the only reasons for using it are entropy. But again, we need to establish that. I would assume that the web server can tell what type of IP packets you're using (I am not an expert) and since almost no-one would disable IPv6, you would be in an extremely small group of users.

I spose I better do some wiki reading

[Thorin-Oakenpants]

^^ I used to have an extension called 4 or 6 or something like that, that would display in the urlbar far right, a little red 4 or green 6. And I saw lots of sites with green 6s. But again, I need to go learn about this, because I don't know who gets/sends/sees the ipv6 info along the chain

[Atavic]

mirimir created https://vpntesting.info/

[Thorin-Oakenpants]

well, someone wanted IPv6 disabled - if you want it, then provide some compelling reasons

[crssi]

I have IPv6 disabled system wide. Its bad that anyone can announce itself for router on IPv6... at IPv4 at least MAC spoofing is needed for MITM, which can be detected. Also there is a MAC address leaking all over the globe in some cases. I also haven't bumped into a case where some site would not be reachable over IPv4 but only over IPv6. But as said, I do disable it system wide and I don't care if it is disabled or not in FF, but for to be on a safe side, I would vote for disabling.

[Thorin-Oakenpants]

Starting to get way too many issues open here. Earthlng mentioned (in another issue, can't find it, not relevant really) that we should disable IPv6. In fact he disables it in his overrides. So I started this issue to discuss the matter - but nothing has come of it in six weeks. **I expected more***

so I have done some quick "research"

---

Articles

2017-Mar https://krebsonsecurity.com/tag/ipv6-leak/

• talks about VPNs and DNS/IPv6 leaks
• links to howtogeek article below

2016-Aug https://www.howtogeek.com/253475/how-to-see-if-your-vpn-is-leaking-your-personal-information/

• IPv6 Leaks section
• "the IPv6 protocol can cause leaks that can give away your location and allow third parties to track your movement across the Internet"
• goes on about VPNs
• Right now, IPv6 leaks are the least threatening source of leaked data. The world has been so slow to adopt IPv6 that, in most cases, your ISP dragging their feet even supporting it is actually protecting you against the problem
• ^^ see testmyipv6.com test

2015-Jun https://yro.slashdot.org/story/15/06/30/1356231/uk-researchers-find-ipv6-related-data-leaks-in-11-of-14-vpn-providers

• The study of 14 popular VPN providers found that 11 of them leaked information about the user because of a vulnerability known as 'IPv6 leakage'

There must be a reason VPNs provide a "IPv6 leak protection" (rhetorical question)

• 
• 
• This is more about not leaking you real IP, rather than what the protocol can hold for tracking

2016-Dec https://www.vpnuniversity.com/learn/how-to-fix-every-vpn-ip-leak

• Many of the popular VPN protcols (OpenVPN, PPTP, L2TP) were created before IPv6 addresses existed. So by default, many VPN services only route IPv4 traffic through the secure VPN tunnel, and IPv6 traffic is routed unsecured and unencrypted

Test sites

• http://ipv6leak.com/
• http://testmyipv6.com/ - gives three test modes
  • IPv6 test only, personally I fail to load the link ( http://v6.testmyipv6.com/ )

Summary

I see two things to address

1. IPv6 leaks in VPNs are a nightmare
   • its definitely a thing
   • protocols designed before IPv6 was a "thing"
   • way too many shady or broken VPN services out there
   • human/coding errors etc
2. how IPv6 can be abused (which I haven't gotten into). 128 bits is a vastly enlarged address space (over 32 bit)

Assuming you can even use IPv6 (ISP, router? ¹) and taking into account website uptake is slow, and outside of networking (router) or OS ( https://support.microsoft.com/en-us/kb/929852 ) levels, for those using a VPN, you would rely on the VPN provider's ipv6 protection (networking software). The last level of protection IMO is the application level - i.e Firefox

So lets just disable IPv6 (based on the VPN thing alone). If you're not hiding your IP, it's pointless but IMO does no harm (need some real world figures). For those who do hide eg behind a VPN, it adds an extra layer of protection

---

¹ I am surprised I can not get IPv6. I have a very expensive new'ish router (I DD-WRT'd it) and my ISP is definitely not some hack in the middle of Mongolia with no infrastructure

[grauenwolfe]

In total agreement with @earthlng about this issue so it's nice to see you're thinking about it and discussing it. I've had it disabled for quite some time now at the system level and through about:config. Redundant, but I have no reason to leave it enabled anywhere, don't want it. Seemingly one the most efficient and accurate ways to ID anything.

Assuming you can even use IPv6 (ISP, router?) I am surprised I can not get IPv6. I have a very expensive new'ish router (I DD-WRT'd it) and my ISP is definitely not some hack in the middle of Mongolia with no infrastructure

Completely on the ISP to provide it. They're all too busy getting new customers to care if you have or want it or not, already have you so why bother.

[Atavic]

The main difference for an home user like me is that DHCP in IPv6 can be substituted by a stateless auto-configuration. I keep mobile and home LAN separate, so I don't need any of the IPv6 feats. Page 6 here has some info.

[grauenwolfe]

This is for Mac users wanting to disable IPv6 since the "Off" option isn't directly available though the Network Preferences UI.

1. Set the Configure IPv6: setting to Automatically.

2. Enter this string in Terminal: networksetup -listallnetworkservices | while read i; do SUPPORT=$(networksetup -getinfo "$i" | grep "IPv6: Automatic") && if [ -n "$SUPPORT" ]; then networksetup -setv6off "$i"; fi; done;

3. Enter password. (Prompt comes from an OS dialog box and NOT through Terminal as you might expect as with a sudo command, etc.)

In Network Preferences you will see IPv6 is now set to "Off".

[Thorin-Oakenpants]

Just need someone to draft up a new 0701, and I'm willing to do it.

[grauenwolfe]

Lol. Nice.

[Thorin-Oakenpants]

discussion: enable 0701 network.dns.disableIPv6 P3 → P1 needinfo@earthlng

[Thorin-Oakenpants]

am writing up a draft (why do I have to do everything?) and it's interesting that parts of the ipv6 address space can be randomized - https://en.wikipedia.org/wiki/IPv6#SLAAC_privacy_extensions

[SLAAC] is now enabled by default in Windows (since XP SP1), OS X (since 10.7), and iOS (since version 4.3).[26][27] Some Linux distributions have enabled privacy extensions as well.[28]

So if I understand that correctly, you don't leak you real MAC address anyway? Regardless of that, we're still going to disable it (VPN's for starters (including not handling ipv6 at all!!!!), and abusing other fields in the address space etc).

[Thorin-Oakenpants]

^^ this is a much better read:

• https://www.internetsociety.org/blog/2015/02/ipv6-security-myth-5-privacy-addresses-fix-everything/

[Thorin-Oakenpants]

feel free to improve .. I just know you're itching to do better and contribute to this topic, especially earthlng (who needled me for months on end about it :grinning: and brought it up in the first place)

/* 0701: disable IPv6
 * IPv6 can be abused, especially regarding MAC addresses. They also do not play nice
 * with VPNs. That's even assuming your ISP and/or router and/or website can hande it
 * [TEST] http://testmyipv6.com/
 * [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/437#issuecomment-403740626
 * [2] https://www.internetsociety.org/tag/ipv6-security/ (see Myths 2,4,5,6) ***/
user_pref("network.dns.disableIPv6", true);

[crssi]

You have mentioned:

/* 0804: limit history leaks via enumeration (PER TAB: back/forward) - PRIVACY
 * This is a PER TAB session history. You still have a full history stored under all history
 * default=50, minimum=1=currentpage, 2 is the recommended minimum as some pages
 * use it as a means of referral (e.g. hotlinking), 4 or 6 or 10 may be more practical ***/
user_pref("browser.sessionhistory.max_entries", 10);

Is there any reasons (security/privacy) not to set the following as default 10?:

/* 1020: disable the Session Restore service completely
 * [WARNING] [SETUP] This also disables the "Recently Closed Tabs" feature
 * It does not affect "Recently Closed Windows" or any history. ***/
user_pref("browser.sessionstore.max_tabs_undo", 10);

Cheers and thx

[Thorin-Oakenpants]

@crssi - can you remove that - you asked it in the other issue, u hijacking bastard you

[Thorin-Oakenpants]

Why is this change so hard to done. Only one thumbs up on my draft and no other comments. I basically had to all the work myself. This repo will not become a dumping ground for suggestions and then no further input - I will just drop the suggestion in future.

[claustromaniac]

I think that's probably because most of the collaborators disable IPv6 at the OS level anyway, so we don't really care. In fact, in my setup, choosing to use IPv6 is not even possible. I'm sorry I didn't give my thumbs up on time :sob:

[ArchangeGabriel]

I was away from this project for several months personally (and have a several thousands comments backlog atm). Regarding IPv6, well I’m not in favour of disabling it, but that’s also because I know how to work with it regarding privacy (random IP not based on MAC + random MAC helps a lot). Btw, I don’t think that disabling it in the browser rather than at the system level is very useful.

Also, note that a VPN, giving you constantly the same IP address in most cases, might not be very good for your privacy as a matter of fact (because you always browse with the same IP). That really depends on your threat model and of course VPN provider (you hide your location partially, which can be useful if we can get a very precise location for you otherwise and thus can match your online activity to you). But here privacy is TOR or equivalent, EOL.

And it can raise your FP as @Thorin-Oakenpants guessed if you refuse communication over IPv6 while we actually now that the provider you use (by looking at the IPv4 you have) provides IPv6.

So my take on this is that whatever you decide for you, it’s not at the browser level that this should happen.

[Thorin-Oakenpants]

OMG .. someone willing to have a discussion and help me out.

The pref definitely needed some info updating. And I agree with you re this is better controlled at a network level (or even OS). I don't think the IP range (eg ISP providing v6) is too much of a FP should sites use that, as other factors come into play as well (router capabilities?). Plus if you're already doing this at a network/OS level it makes no difference.

As a fallback, it can be handy:

• remember how lulsec was caught, VPN fell over and one of the guys leaked his real IP on IRC (I think that's right from memory)
• some apps, eg torrenting, include options to stop traffic in the app if the VPN falls over

Re-opening.

• add a line that if you wish to disable IPv6 properly, do it at a network/OS level
• ? make pref inactive (which is what we were at for 4 years, and no-one really said anything in all that time)

Class, discuss!

[grauenwolfe]

I think that's probably because most of the collaborators disable IPv6 at the OS level anyway, so we don't really care.

Ditto.

Respectfully, what are you looking for help with exactly? There's no need for a thesis, I thought you were only waiting until you personally collected enough information for you to be convinced 100% in your decision. I think just adding the prefs to the .js is all that needs to be done.

/* 0701: disable IPv6`
 * IPv6 can be abused, especially regarding MAC addresses. They also do not play nice
 * with VPNs. That's even assuming your ISP and/or router and/or website can hande it
 * [TEST] http://testmyipv6.com/
 * [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/437#issuecomment-403740626
 * [2] https://www.internetsociety.org/tag/ipv6-security/ (see Myths 2,4,5,6) ***/
user_pref("network.dns.disableIPv6", true);

What you've proposed looks great so Just Commit It and Forget It. (little Ron Popeil reference for everyone)

[Thorin-Oakenpants]

what are you looking for help with exactly

I started this issue because several people ^{see [1][2][3][4][5] & [6]} mentioned that they thought it IPv6 should be disabled (in comments in other threads). They didn't exactly specify the pref, just IPv6 in general (well, one guy did! you know who you are!) I've never really really dived into it, but always maintained (from my extensive knowledge) that, as the original js said:

If you want to mask your IP address, this is not the way to do it.

Which was a bit naff, because I meant IPv6, not IP in general. Anyway, I still think a line should be added re network/OS level. And I'm not 100% sure if it should be active or inactive now. I wonder what TBB does with it.

^[6] And then all those people stayed silent in this thread :woman_shrugging:

[Thorin-Oakenpants]

psst: added http://ipv6leak.com/ to wiki test pages

[crssi]

@ArchangeGabriel IPv6 has several serious flaws, security and privacy, out of the box by design.

If we focus just to privacy, there is a MAC address leaking, which can be remediated by correctly configured DHCP... but do you trust every wifi spot/lan you use or might use? I do not.

Also, if you would like to get rid of IPv6 system wide, its not, at least for Windows, trivial as just uncheck IPv6 under protocols by GUI, but needs to be correctly done over registry. See https://support.microsoft.com/en-us/help/929852/guidance-for-configuring-ipv6-in-windows-for-advanced-users.

Then there might still be need to have IPv6 enabled corporate wide for some services/applications to work, and in this case I would rather have some protection in Firefox.

I am still voting to have this pref set to true and enabled as we do have now and if it doesn't comply with your usage, then override it, but for most I am sure its just super fine.

user_pref("network.dns.disableIPv6", true);

[claustromaniac]

For what it's worth, I would leave it active and add something like this...

This pref is best used as a fallback. You should not rely on it, and disable IPv6 for the entire system in addition.

[ArchangeGabriel]

Sorry, I’ve missed comment notifications before the closing one… I’ll keep IPv6 on my side anyway since I know how to work with it. So keep it disabled if you want, that’s your choice. ;)

Just answering two points:

If we focus just to privacy, there is a MAC address leaking, which can be remediated by correctly configured DHCP... but do you trust every wifi spot/lan you use or might use? I do not.

I trust IPv6 to be client-side configured rather than DHCP in 99% of cases for one thing, and I trust my random mac address at each connection. ;)

Also, if you would like to get rid of IPv6 system wide, its not, at least for Windows, trivial as just uncheck IPv6 under protocols by GUI, but needs to be correctly done over registry. See https://support.microsoft.com/en-us/help/929852/guidance-for-configuring-ipv6-in-windows-for-advanced-users.

If you would like to protect your privacy, you shouldn’t use Windows to begin with… But that’s another topic. ;) If you’re looking for a nice Linux distro when it comes to privacy, there is Tails.