>At many higher education institutions, we have policies that we need to know who is using any given IP address at any point in time.
If this was to control access, couldn't you just make a separate /64 for unmanaged computers and filter based on that? I can see how you might want to know who has what address to prevent abuse. However, even if this was off by default, couldn't someone just take note of what block you are using, and either add a static address (accidentally using the same address as someone else would be unlikely) in that block or turn on privacy addresses and get around that?
>Privacy addresses make this much, much harder. Yes, we can disable them on managed machines, but not all machines on our network are managed. For example, student laptops on wireless networks. So, the default setting matters. Microsoft enables privacy addresses by default on Vista and 7, and it is already creating problems for us.
So any slightly devious student could turn on privacy addresses on their machine and circumvent your policies?
>Frankly, privacy addresses do very little to enhance privacy and create significant headaches for network administrators.
Is letting the world know your MAC address not a big deal? I'm not fully aware of the dangers/non-dangers of letting whoever you connect to know your MAC address. I do know it can be used to track your computer as it goes between networks and that websites could use it for tracking between visits. Maybe you could explain why privacy addresses do very little to enhance privacy?
I just don't see how changing the default will do anything when the user could just change it back if they wanted to.
>At many higher education institutions, we have policies that we need to know who is using any given IP address at any point in time.
If this was to control access, couldn't you just make a separate /64 for unmanaged computers and filter based on that? I can see how you might want to know who has what address to prevent abuse. However, even if this was off by default, couldn't someone just take note of what block you are using, and either add a static address (accidentally using the same address as someone else would be unlikely) in that block or turn on privacy addresses and get around that?
>Privacy addresses make this much, much harder. Yes, we can disable them on managed machines, but not all machines on our network are managed. For example, student laptops on wireless networks. So, the default setting matters. Microsoft enables privacy addresses by default on Vista and 7, and it is already creating problems for us.
So any slightly devious student could turn on privacy addresses on their machine and circumvent your policies?
>Frankly, privacy addresses do very little to enhance privacy and create significant headaches for network administrators.
Is letting the world know your MAC address not a big deal? I'm not fully aware of the dangers/non-dangers of letting whoever you connect to know your MAC address. I do know it can be used to track your computer as it goes between networks and that websites could use it for tracking between visits. Maybe you could explain why privacy addresses do very little to enhance privacy?
I just don't see how changing the default will do anything when the user could just change it back if they wanted to.