When you look at IPv6 address NAS4Free assigns to your interface, you’ll notice the last 64 bits are always the same. FreeBSD (a baseline OS for NAS4Free and FreeNAS) generates them based on your interface MAC address (aka EUI-64). While this might be perfectly fine for the purpose of global IPv6 connectivity, it does leak your MAC address to the Internet.
While support for privacy extension is present, unlike some other operating systems, NAS4Free doesn’t have it turned on by default. However, changing this is very easy. Just go to
rc.conf and add
ipv6_privacy=YES, followed by reboot.
You’ll notice your interface now has two global IPv6 addresses. One is still MAC-based (you can recognize it by
ff:fe in the middle of last 64 bits) while the other has last 64 bits completely randomized. For all outgoing connections NAS4Free will now use that randomized IP. Furthermore, NAS4Free will generate a completely new IPv6 address every 24 hours and gradually deprecate the old one.
While this doesn’t do anything to hide your Internet activity (remember, your /64 prefix is assigned by ISP), it does make correlation of your activity by ad companies just a wee bit harder.
PS: You can also obtain the exactly same results by setting two
PPS: If you want to generate new address more (or less) often, check
net.inet6.ip6.tempvltime system variables.
[2018-06-05: This code has been added into NAS4Free code base. Available as of 22.214.171.124 (revision 5606).]