Update December 20, 2023: We have released eBlockerOS 3 with IPv6 support today. The following article is therefore obsolete.
In this blog post, we highlight the current progress of the IPv6 implementation for eBlockerOS, as of early March 2023. We particularly want to ensure transparency and also like to explain why IPv6 is only relevant for very few users.
Background to IPv4 and IPv6
Today’s home networks are mostly operated on the basis of Internet Protocol v4 (IPv4), the standard on which the entire Internet was created. The disadvantage of IPv4 is the limited address space, which does not allow every single Internet device to have its own public IP address. However, this problem is effectively countered by NAT (Network Address Translation), in which not every single device, but only every home network receives a public IP address. This IP address is not fixed and permanent, however, but is assigned dynamically by the provider from a pool of addresses.
The devices within the home network are assigned private IP addresses that cannot be reached from the Internet and are not routed. The home network router uses NAT to translate the private IP addresses to the router’s public IP address. This means that all devices in a home network appear with the same public IP address. The advantage for privacy: It is impossible to determine from the public IP address – for example from a log file of a web server – from which device (and thus from which person) within a home network the request was made.
New version 6 of the Internet Protocol
The next generation of the Internet Protocol is IPv6, where more addresses are available. This means that every device can have its own public IP address. The disadvantage for privacy is that every access to a web server can be clearly assigned to a device or person.
The so-called privacy extensions for IPv6 ensure that this assignment only exists for a few hours. Nevertheless, according to a study, a single device without privacy extensions in the home network can lead to the IPv6 address assigned by the provider being tracked by large service providers in the long term.
Why eBlockerOS receives IPv6 support
Modern operating systems and routers partly already make use of the new IPv6 protocol. Until now, eBlockerOS only supports IPv4 and cannot analyze and block IPv6 packets. Therefore, the eBlocker protection only unfolds for devices that exclusively use IPv4. Therefore, we currently recommend to disable IPv6 on the router or the device you want to protect. To avoid this in future and to enable eBlocker to support IPv6 networks natively, we implement IPv6 support. This is especially important for new eBlockerOS users, whose routers have restricted configurability and do not allow to disable IPv6.
Existing eBlockerOS users who have disabled IPv6 on the router will not experience any advantage by IPv6.
On the contrary: As described above, every home network device is identifiable from the outside, if Tor or a VPN is not permanently used.
Status of the IPv6 implementation for eBlockerOS
The IPv6 implementation is very extensive, because almost all services of eBlockerOS have to be adapted. However, it is not done with a simple exchange of programming libraries, because IPv6 has a lot of special features, which need to be adapted for routing as well as for the user interface of eBlockerOS. In fact, practically the whole eBlockerOS programming code has to be analyzed, supplemented or adapted and tested. A gigantic project, which will soon come to an end.
What we have already adapted
We are implementing successively per single eBlocker feature or the corresponding programming code. The following features already work with IPv6:
Routing & Automatic configuration
eBlockerOS makes itself known as gateway in the home network, so that all devices send the IP packets to eBlocker. Unlike with IPv4, we do not use “hacker methods” like IP spoofing for this, but rely exclusively on IPv6 standards. Whether these standard methods work in every single case, with every router and with every network topology, can only be judged after a test with very many users. In our test scenario, this works smoothly.
Tracker & Ad Blocking
The following core features work smoothly after initial tests:
- Domain Blocker
- Pattern Blocker
- DNS Firewall
Currently it is not possible to enter individual / private domain names pointing to an IPv6 address on the DNS server.
IP anonymization via VPN
IPv6 via VPN works well if the VPN provider supports IPv6.
If the VPN provider does not support IPv6, eBlocker will block connections to servers over IPv6. The browser or the operating system of the device will then automatically try to address the respective server via IPv4. We have successfully tested this behavior with Android, iOS and macOS. Under Windows, the problem occurs that the operating system sends the IPv6 traffic directly to the router instead of the eBlocker after some connection attempts. Thus, the IPv6 traffic would no longer be protected by the VPN. Windows users would therefore have to either disable IPv6 in the system settings or use a VPN provider that supports IPv6.
IP anonymization via Tor
The Tor version currently used by eBlocker does not support IPv6 yet. Therefore eBlocker has to block connections from devices that should use Tor to servers over IPv6. Again, the problem described above occurs on Windows.
eBlocker Mobile
IPv6 is not implemented yet. The home network can only be reached via IPv4.
IPv6 specifics
eBlockerOS already supports so called privacy extensions of IPv6 (see above). This prevents that a home network device permanently gets the same IP address and thus can be tracked permanently based on the IP address.
Todos and bugs
There are still several parts of the programming code that have not yet been adapted to IPv6 and need to be analyzed and adjusted. These still show error messages at the moment and can be identified. The fixing of these errors has priority at the moment.
Finally, all user interfaces must be modified so that IPv6 addresses can be displayed and configured in addition to IPv4 addresses.
Before the first release, the user documentation, the installation guide and eventually new help texts within eBlockerOS still need to be added.
Next steps
As soon as the rest of the programming code has been changed, we plan to test a first version in the circle of eBlocker supporters. Depending on the bugs we will be able to estimate when we can expect a final version. To what extent the final version will have restrictions, e.g. regarding Tor or eBlocker Mobile, we can announce more precisely at that time.
The security of our users has the highest priority for us next to the stability of eBlockerOS. We ask for your understanding not to make a “quick fix” and to release eBlockerOS 3 with IPv6 only after all tests have passed positively.
Acknowledgement for sponsorship
We would like to take the opportunity to thank the German DEVK insurances for their support in improving the security and privacy of all Internet users. Without their financial contribution we would never have been able to tackle the IPv6 mammoth project. With voluntary work alone, there is simply not enough manpower available for such an extensive undertaking. Hence, we have used the DEVK funds especially to finance the development. However, these funds are now used up and progress is accordingly slower.
If you would like to see more speed in the IPv6 implementation, we would appreciate your donation or participation in the team.
Additions to the status
This article has the status 08. March 2023. We will add and update it in the course of the next weeks depending on the progress.
Update 26. April 2023: updated sections IP anonymization via VPN/Tor.
Update December 20, 2023: We have released eBlockerOS 3 with IPv6 support today. This article is article is outdated.