Messing Around with IPv6 Temporary Addresses in Windows

Yesterday I wanted to mess around with IPv6 Temporary addresses on my computer. Let me start with an overview of IPv6 Temporary addresses.

IPv6 Temporary Addresses are a feature designed to enhance privacy for devices using the IPv6 protocol. In the IPv6 addressing scheme, devices typically have both a permanent (static) address and one or more temporary addresses.

The primary motivation for temporary addresses is to reduce the potential for tracking and profiling of devices based on their IPv6 addresses. IPv6 Temporary Addresses are commonly used for outbound connections, such as when a device initiates communication with a remote server. Here’s how they work:

• Stable (Permanent) Address:

• • Every IPv6-enabled device is assigned a stable or permanent address. This address is typically derived from the device’s MAC (Media Access Control) address or assigned manually, and it remains relatively constant over time.
    
    
• Temporary Address:

• • In addition to the stable address, devices can generate temporary addresses for outgoing connections. These addresses are often based on the device’s stable address but include additional randomness. This randomization helps enhance privacy by making it more difficult for observers to track a device over time based on its IPv6 address.
    
    
• Privacy Extensions:

• • Privacy extensions are commonly used to implement temporary addresses. The most common method is called “Privacy Extensions for Stateless Address Autoconfiguration in IPv6,” defined in RFC 4941. This RFC suggests a method for generating temporary addresses that change periodically, making it more challenging for third parties to track devices.
    
    
• Address Lifetimes:

• • Temporary addresses are assigned a limited lifetime. They expire after a certain period, and the device generates a new temporary address. This process helps mitigate the risk of long-term tracking.

IPv6 Temporary Addresses are particularly relevant for mobile devices that frequently connect to different networks. By regularly changing temporary addresses, devices can reduce the likelihood of being tracked based on their IPv6 addresses. However, it’s worth noting that not all devices or network configurations use IPv6 Temporary Addresses, and their adoption depends on various factors, including operating system settings and network configurations.

To view your IPv6 addresses in Windows, open up a Command Line or Powershell, and enter:

ipconfig

You should get something like the following, although your output will depend on what interfaces exist on your system as well as whether you actually have Global Unicast IPv6 addressing in play (meaning your service/company supports IPv6):

I have trimmed the screenshot to just show the interface I am using – my Ethernet interface, and I have blurred a portion of my prefix.  For some readers, you will be looking at your Wi-Fi interface, perhaps.  The point is that we see three IPv6 addresses in my example that begin with a “2”.  These are my Global Unicast Addresses.  If you do not have any IPv6 addresses that begin with a “2” then it is not likely that you have an IPv6 service.

OK – back to temporary addresses – so we see in my case I have a temporary address, some of you may have multiple.  Some of you may not have any.

Having Temporary addresses is highly recommended and should be on by default.  You can check this by issuing the following command:

netsh interface ipv6 set privacy ?

 

netsh interface set interface name="interfacename" admin=disabled
netsh interface set interface name="interfacename" admin=enabled

netsh interface set interface name=Ethernet admin=disabled
netsh interface set interface name=Ethernet admin=enabled