Surprising Privacy Dangers of IPv6!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

if you didn't know this the internet runs mostly using ipv4 Internet Protocol version 4 but nowadays this has changed with the implementation of ipv6 in most of our devices Internet Protocol version 6 is this new it is but it isn't most routers now support a dual stack technology which means it supports both ipv4 and ipv6 are your devices currently using ipv4 or ipv6 what is ipv6 exactly and does it have anything to do with your privacy and security you will discover some surprises if you stay tuned because apparently many of you are already being sucked by your eyes being carrier by the use of ipv6 and now I'll give you advice at the end of the video to prevent yourself from being sucked [Music] before I start I want to quickly mention that I'm on the library platform it'll be our Y and you'll see a link to it in the description I'm gonna top 50 of all creators on library and from now on I will publish my videos on library up to a day ahead so this will be seen on library first so a cool platform and uncensored also as many of you know I create products to help you with privacy like bytes VPN D Google blacks phones and racks routers so make sure to check all that in the store on braxton me which is also my app check the video description for links this week I opened up the European server subbytes VPN so if you're in Europe you can now make use of bytes VPN and the Brock's router there your support is appreciated and your purchases and support on patreon sustains this channel and allows me to concentrate on doing research for all of you thank you ok back to our topic which is how you might be stalked by your eyes be with ipv6 this past week I had an internet issue and I had to get service from a spectrum technician this was the reason I wasn't able to do a live stream I'll get back to this discussion with the spectrum tech in a moment and why this led to an illuminating fact about ipv6 also this past week I've been doing a lot of tech support for people using my Brax robber in almost every case where the router didn't work was because the user hooked up the Brax router to a modem router combo from the isp Brax router didn't work because the isp is now default the router to use ipv6 instead of ipv4 Brax router does not work in ipv6 mode ipv6 devices do something called stateless address auto-configuration where it can come up with its own IP address which later on you will discover is quite dangerous specifically my Brax router blocks ipv6 intentionally and i'll try to explain this later on this combo of brak router versus ipv6 is a no-go so the fix is to turn ipv6 off from the router in general though what I was surprised about was the number of people now be forced to use routers with ipv6 last year I encountered this issue only a couple of times this year practically every incident of Brax router not working was because the user had a modem with ipv6 enabled this should be a clue that ipv6 use is growing and that is being pushed heavily by ISPs I asked the spectrum tech why they are now installing routers with a default to ipv6 and he used a sales pitch that they're running out of ipv4 addresses and ipv6 gives them more addresses to use so as far as he's concerned this is a good thing though obviously it introduces some incompatibilities and more tech support for them the problem guys is that you're made to think that you're gaining something by installing ipv6 on your network without actually understanding what's going on using ipv6 on your network will cause serious effects on your privacy and security I came across many comments on the internet where young people actually switch their routers from using ipv4 to ipv6 intentionally these hardcore techies are actually excited by the switch to ipv6 wow I'm so techy I transitioned to ipv6 I'm not sure what these people were thinking they're going to gain by using ipv6 well I'm here to tell you that if you switch to ipv6 you definitely gain nothing it's not gonna run faster you will not suddenly gain access to parts of the Internet that were previously hidden ipv6 is not made to do something for you ipv6 was designed to do something for the ISP what it will gain you is complexity in new ways for hackers to enter your system ipv6 and of the average consumer as pushed by your DSL provider is dangerous and you do not want it at least not yet without some appliance that can mitigate the risks someday maybe I'll design that appliance but at the moment only corporations have ipv6 tools and even their tools are currently very limited if you think you're not on ipv6 you are actually wrong ipv6 is all over it is just masked by translators to ipv4 in essence at the moment ipv6 is coexisting with ipv4 and often without you knowing it so our current environment is actually ipv6 ready our phone and computers have been accepting ipv6 for a long time but since ipv6 is not completely implemented what we're seeing is called dual stack technology ipv6 and ipv4 we see some sections of the internet using ipv6 typically inside an isp and then that data is forwarded to the rest of the internet using ipv4 either using specialized hardware or software tunnels called Torito tunnels sometimes you will also find that your phones and computers have both an ipv4 address and an ipv6 address the ipv6 addresses are very long and are made up of eight sets of four hexadecimal digits or hex tents first let's look at the format of an Internet Protocol or IP address using ipv4 the old way ipv4 in hex is just 40 gets translated to decimal options as 255 dot 255 dot 255 dot 255 minus a few digits because you can't use 0 in some spots ipv6 is much larger as you can see here you have up to 64 K choices for each position for each of the eight positions here's another way of looking at it the format for ipv4 is 2 to the 32nd power or a 32-bit identifier which allows for little over 4 billion unique device addresses ipv6 IP addresses are 128-bit addresses their address space is 2 to the 128th power or approx times 10 to the 38th power that's 38 zeros in there yes we are basically running out of ipv4 addresses make sense since we definitely have more than 4 billion devices here's a reality check for you each device can have multiple IP addresses there's one for each network interface a phone as bluetooth cell data Wi-Fi and even possibly a wired internet each of those is a network interface or network connection each household could have 30 devices and 50 IP addresses but don't panic the reality is that each household only uses one internet routable IP address the rest are reusable IP addresses used in a local network by something called math or network address translation that is very important in this discussion so we will spend some time explaining this when your router interfaces with the ISP modem it receives one public IP address this is the one address that is visible on the Internet whenever anyone in your household does you are all using the same IP address if one kid in your household downloads copyrighted content illegally the ISP can point it to the IP address and the parent or account holder then gets the DMCA legal action threat inside your household your computers are given a local version of the IP address there's a reserved range in ipv4 for this purpose so typically if you look at your home computer you will find an IP address in the 192.168 that x x range or 10 dot X dot X dot X range this means these are not truly Internet addresses they're just used for local routing and it's controlled by your router now how do all these devices talk on the internet with a single IP address each of the devices are tracked in a routing table so that whenever your computer talks in the Internet the router notes the state of your device to see if you initiated a connection on the outside Internet and it's so it will allow a response to get back to the computer so this routing tables allow each computer to open a temporary gate to go to the Internet the router knows which device expects a response via a particular gate in networking parlance this is called a port this process of automatic routing from the Internet address to a specific computer using a local IP address is called NAT or network address translation this is built into every router because of NAT we've been able to preserve IP addresses since the only thing that needs a public IP address in your house will be the router let me go back to NAT again for a moment so homes typically use routers that are set to do not automatically one side effect of that is that since the IP address is in your household our private IP addresses your devices are not visible on the internet so the secondary effect of NAT is that you get an automatic firewall some people for example ask me about the intel management engine or ime thread in theory someone could control every intel computer in the world through ime but because most of us use NAT at home our computers are automatically firewall you can't be attacked by an IME from the outside if you have a surveillance camera at your house without doing any kind of setup no outside party can see your camera unless you allow your router to punch a hole in the router firewall this hole in the firewall is called port forwarding unless of course you use ring cameras which establish a connection by sending your videos externally to the internet but except for spy products like ring or Alexa echo you have to take some specific steps to implement port forwarding or punching a hole in the fire so without doing any port forwarding especially if you know nothing about it then your network is automatically locked down from the internet so by default all homes have built-in firewalls the router is the firewall this is the default behavior of a router so in the past if the spectrum tech installs an ipv4 router and modem then you have an automatic firewall and your computers are safe from outside control it is that single IP address that identifies all the traffic in your house now today this is changing the smart people at spectrum and other eye speeds like AT&T and so on now say we will install a modem and router at your house if you don't use our devices you get no tech support your choice so most of you say hmm I'm not a techie so I guess I will use their modem and router and pay the monthly fee of 10 to 20 dollars a month the problem is that now they are installing these devices with ipv6 enabled by default what's the problem with installing ipv6 first of all by default ipv6 does not use NAT in other words ipv6 eliminates the default firewall ipv6 doesn't need that in fact each device on your house gets its own internet routable IP address each device can be directly reached to from the internet and it will be up to each device to defend itself with its own firewall Internet activity can then be recorded at the device level not just the entire household what can one do with surveilling ipv6 traffic obviously they can track location specifically to device they can track advertising by device and this is more granular than just having the router IP address they will know specifically which model and what each device is specifically doing at any moment in other words pretty precise device fingerprinting if you're not a computer expert your device firewall is likely not set up to defend directly against a hacker you're basically as open as you are when you use the Internet at Starbucks someone can do man-in-the-middle attacks see your individual traffic and communicate with your device's directly and your surveillance cameras those are now accessible on the Internet and that may be already true today when I bv6 now in a corporate environment some smart IT guy will plan on using a corporate firewall like checkpoint to block all this traffic and actually implement an ipv6 of NAT intentionally the ipv6 version is called nat64 but in a home environment you don't have devices that do not 64 let me tell you another deadly feature of ipv6 which no one makes you where do you know how an ipv6 address is constructed it is actually very specific and can pinpoint you very precisely in no time here's a sample ipv6 address again you see it's made up of eight sets of digits this can also be represented in this shortened form where I remove the zeros now this is actually made up of two parts if you split it in half there's a prefix and there's an interface ID the first part which is the prefix is pointed to your specific router the second part is the network interface on the device itself now just so we're clear the first part is a location identifier so I broke out each one of these items as abcdefgh a is the IANA assigned prefix B is the region C is the ISP D is the local network this is a more accurate representation of location that what currently exists this can be used to quickly pinpoint specific neighborhoods but even worse what is in the second half in EFG H well by default that is based on your device MAC address in other words that is practically the serial number of your device talked about device fingerprinting it's built into the IP address this is called eui-64 and it's used for auto configuration of an IP address using logic called stateless address auto-configuration or slack now an expert in ipv6 can modify this default to use random identifiers but the home user will not know how to do that in fact I'm pretty handy on a computer and I don't even know where to configure this choice in Windows Android Linux iOS or Mac OS and it is hidden from you in iOS this gets more messy since ipv6 is not completely implemented on the internet and devices still have to go to ipv4 addresses each ISP is creating local addresses for in their networks using ipv6 you will see this use extensively on phones local non-routable addresses use the identifiers fe80 plus the interface ID or your MAC address when you see an address that starts with fe80 then it is actually a local link address it is not made to go to the Internet but it can be used within the ISP network in ipv4 the local network stops and your local router but in ipv6 it is not bound by the same rule so the ISP can see it so now previously on track devices are known to the ISP with a MAC address at each interface level just so you understand this more clearly typically your phone will have multiple interfaces one for Wi-Fi one from cell data what for Bluetooth even though currently these addresses are not routable outside of the phone carrier your ISP now is a tracking tool that's even more precise than IMEI or MZ on your mobile phone again though ipv6 is not completely implemented by your ISP just ipv6 eui-64 auto-configuration addresses will use your MAC address and I see it very clearly on my Android by the way it's not exactly the MAC address they adjust get seven ipv6 it's a big hacking risk I v6 is fairly new and implementation though it was designed in the 90s and it's been used for at least 15 years to some degree but it is so complex and convoluted that many avenues of hacking attacks can be found if some hacker just focuses on ipv6 for the moment we have the temporary advantage that not too many people understand ipv6 and many software tools and security tools are not yet equipped to completely use ipv6 for example you can in theory find out all the devices in the network using something called neighbor discovery and D you can crash systems and do denial of service by sending incompatible headers in ipv6 which is now unlimited and so on implementation of ipv6 is not consistent from the bison device plus because of dual stack implementations more bugs arise since a device has to handle both ipv4 and ipv6 to summarize for a typical household concern about privacy and security unless and until some home appliance can be made available that can firewall your house with an ipv6 version of nat64 then you want NAT for privacy and security this means you don't want your isp installing any kind of router that forces ipv6 and with no automatic NAT you don't want all devices in your household to be directly visible on the internet you do not want your MAC addresses to be part of the IP address you don't want an IP address that can be pre identified to belong to a neighbourhood instantly you don't want an IP address that you cannot spoof with a VPN neither do you want governments and organizations to enforce the use of fixed IP addresses so we will be once again be chipped so for the short term I'll give you this quick advice if you're using a modem router combo from your ISP dump the router just use the modem only attach your own router you can get a Netgear nighthawk router for 50 dollars for example set your own router to disable ipv6 then it will by default use network address translation or NAT maybe I'll make a quick video on how to set up a basic router just for defense or you can find some quick videos on that on YouTube I'm sure or watch Linus tech tips he has a video like that add another layer of protection watch my Brax router video where I installed a VPN router after the first router this will move your traffic to a VPN and you can make it come out in LA New York Amsterdam Paris or wherever make that single ipv4 address of your router be unimportant by not allowing your ISP to see unencrypted data flow and it will block ipv6 make sure your phone's connect to a VPN at home like using a VPN router and use a VPN when you're on the road to stop this ipv6 phone tracking a VPN will block the ipv6 leak it's crazy that there are so many threats around us just when we think we have some solution there's always something new that we have to fight maybe job security for me but it's a sad state of affairs I have more coming there are other hidden threats that I'm discovering they are scary as hat just like ipv6 so if you want to find out more make sure to subscribe to this channel and hit that notification bell my regular release schedule for videos is Thursday mornings for YouTube and library on late Wednesdays I do live streams for Q&A on Fridays at 8 p.m. Pacific time thank you for watching and thank you for your support [Music]

Info

Channel: Rob Braxman Tech

Views: 15,566

Rating: undefined out of 5

Keywords: Internet Privacy, internet privacy guy, ipv6, ipv6 dangers, ipv6 security flaws, ipv6 unsafe, ipv6 vs ipv4, ipv6 tutorial, ipv6 privacy, ipv6 addressing, teredo tunnels, ipv6 dual stack, ipv6 location tracking, ipv6 mac address tracking, ipv6 privacy threats, ipv6 nat, ipv6 no nat, ipv6 not for you, internet protocol, internet protocol version 6, ipv6 routing protocols, ipv6 security features, ipv6 vs ipv4 diferencias, ipv6 nat64

Id: Vt4Jl4t43ug

Channel Id: undefined

Length: 22min 56sec (1376 seconds)

Published: Thu Jul 16 2020