[Cryptography] Fast handling of IP Address changes for HTTPS
John Denker
jsd at av8n.com
Mon Jan 1 14:08:44 EST 2018
On 12/31/2017 05:03 PM, Christian Huitema wrote in part:
> static IP addresses are convenient when you want to run a server at
> home, but there is a downside. The static IP address is a pretty good
> unique identifier. It will be present in every web transaction, every
> email trace, every VOIP connection. Some of us consider that a huge
> privacy issue, and actually prefer services in which the ISP regularly
> renumbers the connection. Not that changing IP address is sufficient to
> keep your browsing private, but it is a necessary first step.
If you are running a server (at home or otherwise),
then in many cases the static IP is a feature not
a bug.
If you want people to be able to find your server,
then you have to have a DNS entry that points to
it ... and the DNS name has to be reasonably stable
over time.
-- If reverse-DNS is working, every script kiddie
can reverse your IP to find the DNS name, archive
the name, and use that to identify you forever.
-- Even if you think you have turned off reverse
DNS, if you utter the server name in public,
the big data companies will do a forward DNS
lookup, match your IP address (whether static
or not) and boom, all your traffic is identified.
-- et cetera.
If you are serious about hiding, you need something
/at least/ as complicated as TOR (and I'm not 100%
sure how much I trust TOR). Rotating your IP address
is barely even security theater.
===============
The same issue arises with mobile phones, only
much worse.
===============
The word "supercookie" is sometimes applied to this
problem.
If you want to have a server and some measure of
anonymity at the same time, that's called "dark
web" and requires advanced, specialized techniques.
More information about the cryptography
mailing list