I use Tor Browser on Whonix. Why I see IPv6 (something like 3221:23f9:c:67h:0:0:0:3
) on whatismyip.com?
Is that website can see my MAC Address?
I use Tor Browser on Whonix. Why I see IPv6 (something like 3221:23f9:c:67h:0:0:0:3
) on whatismyip.com?
Is that website can see my MAC Address?
As indicated on the IPv6 roadmap of the Tor project, tor has had support for exit nodes contacting destinations over IPv6 since 2.4.8-alpha. The closest stable release I could find that followed is 2.4.19 from the end of 2013. I don't know exactly which nodes need to support it for a connection to be established over IPv6, but by now, every node in your chain should have at least that version. So all you're seeing is your exit node contacting whatismyip.com over IPv6, and whatismyip answering with the exit node's IPv6 address (the address format seems to confirm this is a manually chosen address as it ends in 0:0:0:3).
If you still have the exact IP, you can check it was indeed an exit node on that day using exonerator.
By the way, IPv6 implementations do not necessarily leak the MAC address by default thanks to RFC4941, which, in addition to a MAC address based IP, assigns a randomly chosen temporary address on every interface, which changes regularly and is used by default for outgoing connections. On Linux this can be controlled using net.ipv6.conf.all.use_tempaddr
net.ipv6.conf.default.use_tempaddr
. Many distributions don't enable it by default, saying it can cause problems for unaware users, and I'm having trouble finding out what the default value is for whonix, but as a privacy oriented distro, I would hope it is activated... Of course, manually assigned IPv6 addresses also don't have to leak the Mac address.
The IPv6 EUI-64 format address is obtained through the 48-bit MAC address. The MAC address is first separated into two 24-bits, with one being OUI (Organizationally Unique Identifier) and the other being NIC specific. The 16-bit 0xFFFE is then inserted between these two 24-bits for the 64-bit EUI address. - Source
The inverse, Convert from MAC to IPv6, explans:
- take the mac address: 52:74:f2:b1:a8:7f
- throw ff:fe in the middle: 52:74:f2:ff:fe:b1:a8:7f
- reformat to IPv6 notation 5274:f2ff:feb1:a87f
- convert the first octet from hexadecimal to binary: 52 -> 01010010
- invert the bit at index 6 (counting from 0): 01010010 -> 01010000
- convert octet back to hexadecimal: 01010000 -> 50
- replace first octet with newly calculated one: 5074:f2ff:feb1:a87f
- prepend the link-local prefix: fe80::5074:f2ff:feb1:a87f
So yes, you can identify your MAC address via an IPv6 address. However, this will be your software MAC address, so if your MAC address was spoofed, your hardware MAC address will not be shown. For IPv6 testing consider, Test your IPv6.