Skip to end of metadata
Go to start of metadata

Symptom:

By default, the MacOS X network stack for IPv6 does only configure static IPv6 addresses build from the network prefix and the hardware address of the network card (MAC-Address).

Problem:

This IPv6 addresses are stable and will not change over time as long as the network card is not replaced. This can lead to privacy issues, as the static IPv6 address can be tracked by outside parties (external websites).

Solution

The IPv6 standards define an algorithm to generate temporary random IPv6 addresses that are less traceable over time. This is documented in RFC 4941 "Privacy Extensions for Stateless Address Autoconfiguration in IPv6".

In MacOS X, privacy extensions for IPv6 are disabled by default. To enable them, edit the file "/etc/sysctl.conf" (as superuser "root", create the file if it does not exist) and add this line
net.inet6.ip6.use_tempaddr=1
and reboot your Mac.

On the next reboot, you should see new IPv6 addresses marked as "temporary" bound to your IPv6 enabled network interfaces: