Privacy addressing is a system for making it harder to track an IP address to a device.
Without privacy addresses
Without privacy addressing the normal way a device gets an IP address (with the current version of IP, which is IP version 6) is that it uses 64 bits of network address and 64 bits based on its MAC address.
The MAC address is a unique address tied to the devices interface hardware. However, it is important to realise that this is for the protocol to make Ethernet work, and is not intended as an identification. MAC addresses can be spoofed or changed.
This may sound somewhat technical, but the upshot of this, in simple terms, is that if I use my iPhone at home and access a web site, and then later use it in a coffee shop in Bracknell and access the same web site, and then later use it in my mate's house in Gloucester and access the same web site - then the web site logs will show that the same device was used (from the MAC address in my IP) and be able to profile where I am going and when.
What is a privacy address
A privacy address is where the device assigns an extra address in the same network but with a random part rather than using the device MAC address. It then uses that address when you access things on the Internet, like web sites.
This means that the web site logs show a totally different address for each place the device is used.
It also can change the address over time, so even using the same device from the same place, it may appear from a different IP address 10 minutes later.
Why do they exist?
The old way of working (IPv4) would often use NAT (Network Address Translation) which meant that the IP address seen by a web site was the same for everyone on a network (e.g. in a home or an office, etc). There was no part of the IP address that related to the device or that could be tracked from one place to another.
With IPv6 people wanted to retain this same level of obscurity and anonymity. NAT was always a bodge and against the basic design of IP, but this obscurity feature was a hurdle for people adopting IPv6, hence privacy addressing (another bodge).
The old system also meant that it was hard to tell how many devices were on a network as they all appeared with one IP. With IPv6 and no privacy addressing, an ISP could easily see how many separate apple devices you have, and so on.
What is wrong with privacy addresses?
The are several problems. One of which is a false sense of security. A web site can track a device by cookies, or browser fingerprinting. But if you are talking about a common web site you use like FaceBook or Twitter they probably even have some sort of login and even location services telling them where you are exactly anyway.
There are however various problems for system administrators. Even in our small company it is useful for devices to have a consistent IP address. That can then be given a name in reverse DNS and show in logs. These can be spoofed, just like MAC addresses, so I am not talking about security (not on its own), but for logging and so on. Basically it is handy to be able to track things to a device - the same as what the government what to do, but in an office and with the agreement of the users.
There are also some rather technical issues that have happened on large networks where the constantly changing addresses and use of multicast actually cause serious problems with the network.
The RFC says you should be able to turn the feature off, but many devices don't let you!
What did FireBrick do?
We added a feature a little while ago to undo privacy addressing by mapping the IP address used back to one based on the MAC.
Why? For a start, for the convenience of my devices having a consistent IP address. But we also did this as an experiment, and to highlight the false sense of security that privacy addresses offers. After all, the coffee shop you are using could be doing this!
Anyway, the experiment is over and the feature is being removed from the next release.
What about the future of privacy?
Well, I expect there to be calls now to have devices randomise their MAC addresses. It is technically possible, and if done right it could just work. It would help maintain some level of privacy that cannot be thwarted by features such as the one we put in the FireBrick. I will be surprised if Android can't do this already, and it will be interesting if Apple follow. Apple already do this for probe packets on WiFi to avoid the tracking of apple devices, so I expect they will soon for normal traffic. That will also have the advantage of thwarting any device level tracking for the old IP protocol (IPv4).
Some will say this is irrelevant as it is only IPv6, and mostly people still use IPv4 - but bear in mind that if you are accessing FaceBook, and you have IPv6, that is what will be used. It is only a matter of time before IPv6 finally hits the mainstream ISPs and at that point the very traffic that the government would like to track will be IPv6.