The idea is pretty simple, and the proof of concept code shows this works: Since RIPE recommends /48 or /56 subnets for customers of ISPs which provide IPv6, there is (or should be) plenty of IPv6 available - and indeed, I do have a /56 subnet as well. So why not use a different IPv6 for every Temporary Container? My router assigns me a /64 subnet by default, which equals 18,446,744,073,709,551,616 IPv6 addresses - that should be enough even for heavy TC users.
It should be noted that this does not have the same effect as using Tor or a VPN, since trackers could easily track full subnets instead of just single IPv6 addresses. This is especially problematic given that RIPE recommends to assign static instead of dynamic subnet prefixes. But still better than a single IPv4/6.
How it works
A native Rust binary (ipcontext) orchestrates IPv6 creation on a local interface. This requires Linux to work, but the binary could be hosted on a RaspberryPi or similar
TC registers a socks5 proxy handler and routes requests to ipcontext with information about which container the requests belong to
ipcontext then decides based on the container id which outgoing IP to use. This is either the regular IPv4 or a random IPv6
To prevent leaking, TC will by default only allow IPv4 requests in an IPv4 tab, and only IPv6 requests in a IPv6 tab
A DNS lookup for the tab domain decides whether a tab is IPv4 or IPv6
Tor Browser: Obviously superior (in general) due to onion routing, but has different trade-offs. If you ask me, we should embed onion routing + mixnets at the core of the internet, like in TCP, BGP or whatever
IPv6 privacy extensions: System-wide, not per browser or per tab
The idea is pretty simple, and the proof of concept code shows this works: Since RIPE recommends
/48
or/56
subnets for customers of ISPs which provide IPv6, there is (or should be) plenty of IPv6 available - and indeed, I do have a/56
subnet as well. So why not use a different IPv6 for every Temporary Container? My router assigns me a/64
subnet by default, which equals18,446,744,073,709,551,616
IPv6 addresses - that should be enough even for heavy TC users.It should be noted that this does not have the same effect as using Tor or a VPN, since trackers could easily track full subnets instead of just single IPv6 addresses. This is especially problematic given that RIPE recommends to assign static instead of dynamic subnet prefixes. But still better than a single IPv4/6.
How it works
Comparison