Enabling IPv6 privacy addresses
One security annoyance with IPv6, especially its stateless autoconfig feature, is that the default IPv6 address contains your compter’s MAC (physical Ethernet) address. This makes it far too easy to track you on the Internet. IPv4 NAT, for all its evils, at least protected your unique identity behind your firewall.
Fortunately IPv6 has a slick feature, called Privacy Addressing, that fixes this. Your computer generates random host address parts, changing them periodically. Old random addresses hand around as long as you have a session open using them, but new sessions use the latest randomly-generated IPv6 address. The feature takes care to check for collisions, automatically forcing a retry should one occur (two in a row is statistically very unlikely).
You turn the feature on using the sysctl command:
$ sudo sysctl -w net.inet6.ip6.use_tempaddr=1
I haven’t quite figured out what the timer is on this. It seems to be an hour or so between IP address changes. I’ll play around with it, or go read the Darwin code to see what’s going on under the covers. For machines that don’t have to be servers, however, this looks like a very handy feature!