I trust we will get a quick "hum" to the proposition that "truncating" the
v4addr to a /25 does not, in a dhcp, or in a static address regime, offer
a great deal of "privacy enhancement", given the effectiveness of profiling
and the sparsity of "like browsing sequences" at any collection moment.
I mention this because the P3P spec (section 5.3.6.2, "ipaddrs") argues (wrt
/25 and endpoint identifiers) that:
... By collecting only a subset of the
address information, the site visitor is given some measure of
anonymity. It is certainly not the intent of this specification
to claim that these "stripped" IP addresses or hostnames are
impossible to associate with an individual user, but rather that
it is significantly more difficult to do so. ...
[Similarly, the P3P Spec allows "stripping" of a FQDN to be a data collecting
site's "privacy enhancement", where "stripping" means dropping the leftmost
label.]
Endpoint identifiers (e.g., ipv4 addrs, leased or not) tend to identify
natural persons, even if only for the lease period, and the Economist's
author could have presented the data protection legal framework, or the
P3P technical framework, without attempting a (bogus) case that endpoints
and privacy are irreconcilable, or taking a wild swing at v6 addrs.
I'd the impresion that Sean didn't include the para in which the author
endorsed NATs as privacy enhancement technology (cannonical rant here).
Cheers,
Eric