Random temporary IPv6 for every container

[stoically]

The idea is pretty simple, and the proof of concept code shows this works: Since RIPE recommends /48 or /56 subnets for customers of ISPs which provide IPv6, there is (or should be) plenty of IPv6 available - and indeed, I do have a /56 subnet as well. So why not use a different IPv6 for every Temporary Container? My router assigns me a /64 subnet by default, which equals 18,446,744,073,709,551,616 IPv6 addresses - that should be enough even for heavy TC users.

It should be noted that this does not have the same effect as using Tor or a VPN, since trackers could easily track full subnets instead of just single IPv6 addresses. This is especially problematic given that RIPE recommends to assign static instead of dynamic subnet prefixes. But still better than a single IPv4/6.

How it works

• A native Rust binary (ipcontext) orchestrates IPv6 creation on a local interface. This requires Linux to work, but the binary could be hosted on a RaspberryPi or similar
• TC registers a socks5 proxy handler and routes requests to ipcontext with information about which container the requests belong to
• ipcontext then decides based on the container id which outgoing IP to use. This is either the regular IPv4 or a random IPv6
• To prevent leaking, TC will by default only allow IPv4 requests in an IPv4 tab, and only IPv6 requests in a IPv6 tab
• A DNS lookup for the tab domain decides whether a tab is IPv4 or IPv6
• If you want to give it a try, you can check out the very much work in progress PR: https://github.com/stoically/temporary-containers/pull/416

Comparison

• Tor Browser: Obviously superior (in general) due to onion routing, but has different trade-offs. If you ask me, we should embed onion routing + mixnets at the core of the internet, like in TCP, BGP or whatever
• IPv6 privacy extensions: System-wide, not per browser or per tab