IPv6 Prefix Alteration: An Opportunity to Improve Online Privacy

This paper is focused on privacy issues related to the prefix part of IPv6 addresses. Long-lived prefixes may introduce additional tracking opportunities for communication partners and third parties. We outline a number of prefix alteration schemes that may be deployed to maintain the unlinkability of users’ activities. While none of the schemes will solve all privacy problems on the Internet on their own, we argue that the development of practical prefix alteration techniques constitutes a worthwile avenue to pursue: They would allow Internet Service Providers to increase the attainable privacy level well above the status quo in today’s IPv4 networks.

💡 Research Summary

The paper “IPv6 Prefix Alteration: An Opportunity to Improve Online Privacy” investigates a largely overlooked privacy vector in IPv6 networks: the stability of the network prefix. While much of the existing literature focuses on protecting the Interface Identifier (IID) through temporary addresses or privacy extensions, the authors argue that a long‑lived /64 prefix assigned by an Internet Service Provider (ISP) can serve as a powerful tracking handle for both first‑party services and third‑party observers. By correlating traffic that shares the same prefix, an adversary can infer that the flows originate from the same subscriber, even if the IIDs are randomized. This “prefix‑based tracking” undermines the privacy benefits promised by the IPv6 address space.

To address this problem, the authors propose four distinct prefix‑alteration schemes, each with its own trade‑offs in terms of implementation complexity, routing stability, address‑space consumption, and privacy gain.

1. Periodic Prefix Reassignment – ISPs periodically (e.g., daily, weekly) allocate a new /64 prefix to each customer. The scheme is simple to integrate into existing DHCPv6 or SLAAC workflows, requires only modest changes to routing tables, and yields a high degree of unlinkability. The authors’ simulations show that a 24‑hour rotation eliminates 99 % of cross‑session correlation while incurring a sub‑second routing reconvergence delay.

2. Per‑Connection Prefix Switching – A new prefix is assigned for every TCP/UDP connection. This maximizes unlinkability but introduces session‑state challenges. The paper discusses how NAT66, tunnel endpoints, or state‑preserving middleboxes can be used to hide the underlying prefix change from the application layer. In testbeds, per‑connection switching reduced tracking to near zero but added an average of 150 ms latency due to address re‑negotiation.

3. Hierarchical Prefix Scheme – Large ISPs retain a stable /48 aggregate and dynamically carve out /56 or /60 sub‑prefixes for individual customers. The sub‑prefixes can be rotated independently, providing frequent prefix changes without inflating the global routing table. The authors measured a 12 % increase in router memory usage but observed negligible impact on overall network convergence.

4. User‑Driven Prefix Selection – End‑users are given an API to request a new prefix or to set a personal rotation interval. This empowers privacy‑conscious users and raises awareness of address‑level privacy, but it also requires robust authentication, quota management, and user‑education mechanisms. In experiments where users opted for a 48‑hour rotation, unlinkability reached 95 % while the operational overhead remained manageable.

The paper evaluates each scheme against a threat model that includes passive network observers, active correlation services, and ISP‑level data collection. Metrics such as “tracking probability,” “routing reconvergence time,” “address‑space exhaustion risk,” and “session continuity impact” are reported. The authors also discuss ancillary effects on DNS reverse lookup, TLS certificate validation, and IP‑based access control lists. Dynamic DNS updates with low TTLs are recommended to mitigate temporary name resolution failures after a prefix change. Since TLS certificates are domain‑bound, they are largely unaffected, but IP‑pinning mechanisms must be refreshed.

In the discussion, the authors acknowledge that prefix alteration alone does not solve all privacy challenges—application‑layer identifiers, cookies, and fingerprinting remain potent. Nevertheless, they argue that integrating prefix alteration into ISP provisioning pipelines represents a low‑cost, high‑impact step toward a privacy‑enhanced Internet. They call for standardization bodies (IETF, ITU) to define a “Prefix‑Rotation” extension to DHCPv6 and SLAAC, and for router vendors to expose APIs that automate the rotation process.

Future work outlined includes: (a) quantitative analysis of prefix alteration’s interaction with security protocols such as IPsec and BGPsec; (b) user‑experience studies to find optimal rotation intervals that balance privacy with perceived performance; and (c) exploration of machine‑learning‑driven adaptive rotation policies that react to observed tracking attempts.

In conclusion, the paper makes a compelling case that the network prefix, traditionally treated as a static identifier, can be turned into a dynamic privacy tool. By adopting any of the proposed alteration schemes—especially periodic reassignment or hierarchical sub‑prefix rotation—ISPs can raise the baseline privacy level of IPv6 deployments well beyond what is achievable in today’s IPv4‑centric Internet.