New IP sign in warning wrong/confusing when using IPv6

Today, I got the “Your gitlab.com account was signed in to from a new location” mail, despite this being the very same Internet connection I’ve used to sign in to gitlab.com from since 2014.

I’ve included a screenshot to illustrate the problem:

As you can see in the screenshot, the IPv6 address ending in :e22c was the current IPv6 address of my iMac at the time, but as also appears, it has six other IPv6 addresses associated, and appears to be rotating the “current” (ie. not deprecated) address frequently. Since I have a (fixed) /48 IPv6 prefix from my ISP, there’s plenty of address space in my LAN, and macOS appears to be using it to rotate said IPs.

So two problems with this e-mail:

• The wording expects me to be able to recognize my IPv6 address. Given the length of the address, I don’t expect many users would be able to recognize theirs. Most people probably don’t even know how they’d find their current IPv6 address.
• Given that it’s common practise for ISPs to assign a large IPv6 range (/48, /56 or /64 are common, see this RIPE recommendation, every location (home, work, airport, whatever) would have at least 2^64 possible IPv6 addresses. So a change in IPv6 does not mean a change in location. They might even start getting these mails every time they log in.

This is a minor annoyance for me, but it will likely lead to confusion among users who do not understand the finer points of IPv6. So for this feature to be useful, you should probably ignore the last 64 bits of any IPv6 address.