Why doesn’t every computer have a hardware based static ipv32 address, along with a private key to prove it is the sole owner of the address?
Intel tried this on the Pentium 3, we all hated it so they stopped.
https://en.m.wikipedia.org/wiki/Pentium_III#Controversy_about_privacy_issues
This is the kind of answer I was looking for, thank you!
You seem to have be missing a fundamental thing about tech but I can’t pin down what it is. So I will respond to your edits.
but I can’t buy a static address that will persist across networks endpoint changes
You can. It’s called Provider Independent Space and it a pain to go with as an individual.
Yes, it would be a privacy nightmare, I want to know why it didnt turn out that way
Because people smarter than you, I, and everyone else in this post said 'Yes EUI-64 is a good idea in principe but the problems on a privacy perspective outweigh the advantages. So let’s build a system called MAC randomisation so people can get multiple address to access the internet with. ’
The good news is you can turn off MAC randomisation.AFAIK IP addresses (even static public ones) are not equivlent to phone numbers. I don’t get a new phone number every time I connect to a new cell tower
In some parts of the world or before 2000 if you changed mobile providers, say from Vodafone to Telstra you had to get a new number. Since that change number routing has become a nightmare and it makes the BGPv4 table look sane in comparison.
Even if a static IP is assigned to a device, my understanding is that connecting the device to a new uncontrolled WiFi, especially a router with a NAT, will make it so that people who try to connect to the static IP will simply fail.
This is a complex one due to NAT in the ipv4 space. NAT exists purely to allow devices to have the same private IPv4 address and hide behind a public v4 address.
No, MAC addresses are not equivalent phone numbers. 1. Phone numbers have one unique owner, MAC addresses can have many owners because they can be changed at any time to any thing on most laptops. 2. A message can’t be sent directly to a MAC address in the same way as a phone number
- MAC do have unique owner blocks. Cisco somewhat owned the 0000.0C block.
- Yes you can. That is literally how it works down the TCP/IP stack.
Yes, IMEI is unique, but my laptop doesn’t have one and even if it did its not the same as an eSim or sim card. We can send a message to an activated Sim, we can’t send a message to an IMEI or serial number
If your laptop has a regular Sim slot it will have an IMEI. True we can’t send messages via IMEI or serial because those systems were never designed for message routing.
- No, MAC addresses are not equivalent phone numbers. I can’t edit my phone number for free in 30sec to whatever I want, and I can’t send a message to a MAC address.
You sure about that?
Okay, then change your number to 911 and I’ll call it to check. The quote says “to wantever I want”. You can set your MAC address to anything, including other peoples MAC address. You can’t set your phone number to someone else’s phone number and just get all their calls
Try to change your ip to a taken one. What’s your point?
The IP doesn’t persist across network hops and the MAC address isnt unique. A phone number is both.
Static ips persist.
MAC addresses can be banned
Phone numbers can’t roam
Phone numbers aren’t unique (area code)
Wrong on all fronts.
That would be a privacy nightmare.
Yep. See EUI-64 IPv6 addressing.
They do, it’s called an IP address.
Phones get numbers assigned to them by a cell service provider, in order to communicate on their network, which is basically the exact process for computers and IP addresses.
If you’re asking about the equivalent of like a SIM card, in the computer/internet world, that’s handled at higher layers, by digital certificates. And again, the process is almost exactly the same, except they don’t (usually) get put on physical chips.
IP address is really the best comparison here. Some computers share an IP just like entire call centers may share the same phone number. And neither IP addresses and packets nor phone numbers are properly authenticated without additional enforcement systems.
Internal networks exist for computers and phones. It’s a nice parallel.
No, computers can’t share IPs
They can share the same router and therefore have the same public IP.
Yes, but no. The public IP is that of the router, which NATs packets to each host, each of which must have a unique private IP. The public IP does not reference or identity hosts behind the router.
A phone number does not uniquely identify a phone either.
Sure they can. If you put a network behind a router they will share an egress/ingress IP. And there are certain high availability setups where computers share IPs in the same subnet for hot/standby failover.
Yes, but no. The public IP is that of the router, which NATs packets to each host, each of which must have a unique private IP. The public IP does not reference or identity hosts behind the router. And that’s not how HA works. Only one host is assigned the active IP at one time.
When you do call routing with a PBX each phone has an unique extension, equivalent to the private IP of each host.
Oh, and there’s also anycast, which is literally multiple active devices sharing an IP.
You’d have to know more about BGP to know any cast doesn’t function as you think it does
Ah, I see we are resorting to ad hominem attacks now.
So computers can share IP’s then right? By your example they are sharing their public IP. From the perspective of the server you are connecting to, all the machines on your LAN have the same IP. Same way multiple physical phones can be connected to a single landline, all those phones share the same number.
No, not the same
Except you can spoof an IP address or get another one from the ISP just by asking. You can spoof a MAC address too.
Intel introduced unique processor id’s back in the late 90s.
Phone numbers can be spoofed, and SIM cards can be cloned. The analogy stands.
Cell phones don’t get a new number every time they switch cell towers, so why do laptops.
Its not like I can write down the IP address of my friends laptop so I can send it a message once he gets to a new city.
Its not like I can write down the IP address of my friends laptop so I can send it a message once he gets to a new city.
With static IPs that’s possible, but you already do that when you email them already.
Laptops don’t get a new IP address every time they switch from one AP to another in the same network either. Your cell phone will get a new IP address if it switches to a different cell network.
I can get VOIP calls behind a NAT without cell service. I’m asking how is that possible. Is the router somehow part of the same AP as cell service?
Whoa, that’s a sizeable edit to the post! Regardless the answer is pretty straightforward: your VOIP client (either the device if you have one or the software) is connected to a VOIP service which acts like a gateway for your client. Since the client initiated the connection to the gateway and is keeping it alive, you don’t need to make any network changes. Once the connection is established, standard SIP call flows (you can Google that for flow diagrams) are followed.
So no, you router is not part of the cell service. The VOIP provider is part of a phone service that receives calls and routes them for you, just like the cell towers are part of a telephony provider that routes calls through the appropriate tower.
Finally :D thank you so much!
So basically VOIP is “cheating” because its not actually handled by the network directly, the phone company pays for always-online servers, and phone(s) reach out to those server every time they change networks, in order for servers to be able to route calls to them.
Which also means! it is possible to do the same thing for computers, but it requires having
- A static IP
- An always online server
- The device needs a daemon that tries to connect to an always online server, and authenticates itself
- That server needs to manually reroute traffic (through a VPN or some other means) from the static IP address to the device, wherever it might be
Which also explains why general network providers wouldn’t want to create the infrastructure. Even if universal addresses were given to each device, which simplifies DHCP and address-leasing, and shortens time it takes to handshake with the network, all of that is less of a cost than the infrastructure needed track of devices as they change networks. (And that’s on top of ISP’s being slow to change from the legacy approach of local networks and desktops).
^ which is more the conversation I wanted to have but didnt really get with this post.
Thats a sizable edit!
Yeah 😅 I didnt want it to be this complicated of a question, but I didnt see how else to explain that current addressing systems don’t meet the same need as a phone number.
- A static IP is actually not necessary, but what you need is a consistent identifier. For the server, that’s typically a DNS address, but for clients and peer to peer networks there’s other ways to identify devices, usually tied to an account or some other key kept on the device.
- For centralised communications yes, you would need an always online server. For decentralised networks, you just need a sufficient amount of online peers, but each individual peer does not need to be always online.
- Pretty much, yes. Even push notifications on cell phones work this way.
- Route, yes. Manually. VPN is usually not necessary. In modern web-based services this is typically done with websockets, which are client-initiated (so the client address can change), and which allow two-way communication and typically only require a keepalive packet from the client every minute or so.
There’s other reasons why universal addressing is not done - privacy, network segmentation, resiliency, security, etc. And while IPv6 proponents do like to claim that local networks wouldn’t be strictly necessary (which is technically true), local networks will still be wanted by many. Tying this back to phone numbers - phone numbers work because there’s an implicit trust in the telcos, and conversely there’s built in central control. It also helps that it’s only a very domain specific implementation - phone communication specifications don’t change very often. On computer networks, a lot of work has been done to reduce the reliance on a central trust authority. Nowadays, DNS and SSL registries are pretty much the last bastion of such an authority, with a lot of research and work having gone into being able to safely communicate through untrusted layers: GPG, TOR, IPFS, TLS, etc.
Well, phone numbers do get re-assigned too.
Lack of demand.
Phones having unique unalterable numbers was never an intentional feature desired by users, just a limitation of the available technology.
Computer network cards do have such a number, their MAC address, but modern ones can scramble it to avoid being tracked, without any loss of ability to be reached by everyone you want to be reached by.
What makes you think all phones have unique numbers? Some have no direct dial numbers.
As for each device getting a unique IP address this is somewhat in the spec for EUI-64 IPv6 address. Your IP is based on your interfaces MAC address but this becomes a privacy nightmare.
If the MAC address’s of the wifi chip in your phone is 1122.3344.5566 your IPv6 address at home can be 2001:0db8:0000:00000:1122:33ff:fe44:5566 but when at work your address may be 2001:db8:1000:0000:1122:33ff:fe44:5566. No matter where you connect to the last 4 sections of the address is the same and companies will use that as one of the data points of your digital profile.
I meant “in the same way that phone numbers are unique to phones (not perfectly unique, some phones have dual Sim, some have no sim, sometimes a Sim changes numbers after contacting the provider, etc)”
Its just typing all that^ in a title is kinda long.
EUI-64 IPv6 (and why its not a reality) though is kinda what I’m curious about. But not really because, even under that spec, its still not static like a phone number. I want to know why networks were not created in a way where I can send a message to a laptop regardless of what WiFi its connected to (assuming it is connected and online).
IMEI numbers for phones are more unique than phone numbers.
Notwithstanding the instant privacy nightmare this would create, essentially abolishing online anonymity overnight, this is kinda-sorta what MAC addresses are already. As to why MAC addresses can be spoofed so easily without any real impact on anything, refer to my first statement.
I haven’t read all of the replies to see if somebody else had said this, but it’s because the Internet was designed to be completely decentralized, whereas the phone system requires your line or device to be registered with the network operator(s). Any device that can get a valid Internet address for the local network can communicate with the whole Internet, but a phone will only work if it’s explicitly known by the phone service provider, and that information shared to all providers.
We could set up a system, layered on top of the Internet, by which each computer could register itself in a central directory each time it connects, and thus be reachable at the same address no matter where it connects, even on a NAT connection. In fact, it’s easy to do with a VPN and Dynamic DNS (both of which require the cooperation some centralized authority). It’s just not universal, because, well, what’s the utility of doing so?
Because
- When the internet was rolling out, a decentralized, open, best-effort solution of TCP/IP thankfully won over telephone companies’ centralized system
- IPv6 is still not universal for some damn reason
- Onion addresses solve these problems but good luck getting everyone aboard with Tor
- You always trade anonymity for reachability, and with the amount of threats, NAT and firewalls have been put up to make it harder for unsolicited requests to reach you by default
It’s called a MAC address.
The problem with it is mostly routing.
The osi model has 7 layers of connection to form a proper internet connection.
The MAC address exists but doesn’t leave the physical network. The MAC address is used to physically connect your computer to the router, and it defines your piece of hardware.
The IP address can change, because your computer can connect to different networks.
If you tried to route everything with a MAC address, (which isn’t possible, but for arguments sake we will pretend it is) the problem is that when you take your phone with its MAC address off your wifi and on to your work wifi, Where would the registry be? How would the Internet know how to find your phone? Do you just log into one giant global registry so that everyone can find your phone when they are trying to communicate with it? That would be a giant fucking database and everyone would always be trying to use it.
Routing is a big and complex problem, and these things didn’t work with ipv4
They do work better with IPv6. IPv6 adresses don’t need to change like ipv4 for a bunch of reasons.
From a philosophical level, the Internet was designed for people to be anonymous and make relatively anonymous connections. You wanted to be flexible enough that you can just be assigned a new number and work with that new number quickly.
This is a really simple explanation, and I got some basic facts wrong just for ease of understanding, but the principals are correct.
I cant edit my phone number, but I can edit my MAC address. They’re categorically different.
How would the internet know how to find your phone?
The same way phone calls try to find my phone when its powered off. Attempt, and then fail under a timeout.
Where would the registery be?
Same place as the phone number registry. Or the domain name registry.
That would be one giant database
Yep the domain name registry and cell phone registry very much are.
The domain registry is NOT, and it’s categorised by various tld’s the scope of the routing is MUCH higher traffic.
Your cell phone is run by a provider and has maybe 0.0000001% as much lookups as routing would have.
These things are all done in various tree light structures to try and eliminate central points of failure . The Internet was designed to try and resist failure, and you are creating some central failure points.
Even if you created several of them, synchronisation issues would be Basically impossible to fix or take up unbelievable amounts of bandwidth
This I’m interested in, because its at the edge/limits of my knowledge when it comes to domains and cellular networking.
Are you saying if cell phones had a larger address space, let’s say 32 digits base 10, and every device was given a cell phone number, it would overwhelm the existing infrastructure?
My understanding with phones is that you phone your own provider, who then looks up the provider of the number you’re calling based on country code, provider or area code prefixes. Providers will “peer” with each other to route calls over the most cost efficient path. So the other sides provider is responsible for getting it to the right destination phone within thier own customer network. Theres no authentication from the sending party on a protocol level, this is why scammers can spoof as any phone number.
I believe that IP routing does something similar, the IP data is handed over to possibly multiple providers until it reaches its destination provider. The blocks of ip addresses are published as linked to an Autonomous System and each autonomous system has an owner/provider. The source is not authenticated at a protocol level which is why we need client and server certificates.
In DNS you go to the root TLD servers and ask what IP the .com resolver is. The .com resolver has a list of mappings of authoritative name servers to domains. So example.com may have an authoritative NS of 1.2.3.4 who you can go to and ask what IP test.example.com is hosted on. The authoritative name server is the source of truth for that domain and other servers cache it to prevent overloading and increase speed. You may check with the authoritative NS if you want, but it may be slower to respond than your local NS. Again DNS is not authenticated at the protocol level so we need server certificates to prove that the device behind the IP serving you is allowed to serve you test.example.com.
It’s not just the address space, but also the sheer number of lookups.
DNS has authoritative name servers based on tld, and then domain, and then maybe subdomain.
When you’re dealing with IP addresses, there is no such tree that I lookup, I just fire it into the abyss and let the routing hardware do the lookups. I know who my gateway is to the internet, but I usually don’t keep the routing information.
My ISP’s routing hardware then says “this IP was last found somewhere in Europe so I’ll fire it at my European connection and hope they get it right.”
Losses are expected.
IPv6 CAN route with larger address tables, but the “fire and forget” method still exists.
There’s also a method to scream at all my peers “do you know where 5.5.5.5 is, because I don’t know” I’ll remember their answer for a bit because that’s useful, but I’ll eventually forget it because I expect it to move. I expect this ip movement because I’m fault tolerant. I might not find the fastest way there, but I’ll find it.
Philosophically, the internet is designed to be fault tolerant and pseudo anonymous. So if 5.5.5.5 is somewhere in Spain and my Spain peer dies, I recognise that the packets are failing and then I start blasting them at England, because my British connection knows all about the Spanish villa and can pass along my messages. I don’t really care where Spain is, I care about who can get my message there and that’s it. It’s too onerous to always keep track of where everyone is, and MOST people on the internet I don’t actually know about because they’re behind a Nat gateway and I don’t care about them. This makes it so I only have to care about edge devices and greatly simplifies my list.
So for example, your laptop isn’t actually on the internet. Your modem/router is, but your laptop doesn’t exist to the internet. When I want to send you a packet, I just send it to your router and let the router handle it. I don’t even know that your laptop exists, and I don’t care.
Well your router will send the data to your laptop instead of your phone because the Nat is keeping track of who requested it and your phone didn’t ask for it. This causes problems because it means that from outside your network, I can’t just connect and send data inside your network unless someone asked for it. So I can’t just call your cell phone unless it reaches out first because I don’t know that your cell phone exists, and even if I did, the router would block it. This is why port forwarding exists, it allows you to have your laptop get ALL data sent to the router on port 12345. I still don’t know about your laptop, but I know that there’s a server on your IP address on port 12345 that I can connect to and request/send data to. Keeping track of all of this just so that I always know where your laptop is requires a fair bit of coordination at many layers.
Ideally it has a domain at a registrar that I can ask about where it currently is. The routing is still “fire and forget “ because it simplifies my list of “where every IP is” and even then, I only know about the laptop’s edge connection to the internet and let that edge take care of where to actually send the data so I don’t have to think about it.
In IPv6, Nat works a little different, but it’s still close.
I’m honestly not sure how many mistakes I made, I just kinda brain dumped info, so let me know which pieces don’t make sense.
If I’m understanding correctly, you’re saying that right now the network doesn’t have an exhaustive table of IP addresses to physical locations. It has a cache, and a hierarchy, and the path to a location of the IP is fluid.
But a system where every device could be directly contacted/identified like a Sim card, would effectively require a complete table of “what network is device ABC at”. A table that is updated every time the device changes network connections. It would be like trying to change domain name to point to a different IP address.
The problem is, updating a domain to point to a new IP takes hours or days not seconds, so doing that every time a phone changes WiFi is not practical.
Is that a good summary?
If you tried to route everything with a MAC address, (which isn’t possible, but for arguments sake we will pretend it is) the problem is that when you take your phone with its MAC address off your wifi and on to your work wifi, Where would the registry be? How would the Internet know how to find your phone? Do you just log into one giant global registry so that everyone can find your phone when they are trying to communicate with it? That would be a giant fucking database and everyone would always be trying to use it.
This is a solved issue called EUI-64 IPv6 addressing. It is a privacy nightmare.
Yeah I addressed that IPv6 CAN do it, but you’re right.
Philosophically, I don’t want people or companies following me around that much, hence the “private MAC addresses” that came out a few years ago
I hate to break it to you but MAC randomisation has been around since 2007. Fuck we are getting old.
Shut your filthy mouth! 😝
And before that, a bad firmware flash could garble the MAC.
And before that, a bad firmware flash could garble the MAC.
That’s what the serial numbers on the parts themselves are.
MAC’s used to be static, but then hackers found ways to spoof it. Now manufacturers don’t care to make them static anymore.
Get a laptop with a SIM and you will have an IMEI and phone number, plus 5G.
Android defaults to lying about your Mac address, which can be frustrating if you want to manage your home network.
Really? So I don’t have to worry about them recording my MAC address when I torrent on mcdonalds wifi?
Google will know. They gather all WiFi and Bluetooth data in the name of location services.