Tracking of internet users on the basis of their IP address seems to have some traction theses days (cf. for exemple the HADOPI law), at least in France.
With the coming exhaustion of IPv4 adresses, Internet Service Providers are putting together “transition” (permanent ?) mechanisms to make IPv6 works (when such a service do exist), with as little disturbance as possible for the existing users.
Part of these mechanisms may be to NAT IPv6 addresses distributed to their users to IPv4 adresses to keep the existing IPv4 services working. In order to do this, the ISPs will have to get the already distributed addresses back to feed the NAT mechanism.
The result: an IPv4 address will be used in succession by various users at different moments. The IP address (v4) alone won’t be enough to identify the user any more, only a set of dozens of clients.
Of course, there is a solution: to identify the user, the source port will have to be noted together with the IP address. This implies the ISP will store this information, a heavy and costly process, since the NAT associations are changed much more often than the IP addresses.
Simple technical difficulty or yet another risk of error ?
Timing can also be called into question: putting an authority like HADOPI in motion can take years, while the IP address exhaustion is predicted around 2012, forcing ISP into quick action.