| ▲ | bornfreddy 2 days ago |
| > Having a public address doesn't worry me. At home I have a firewall at the edge. It is set to block everything incoming. Concern is privacy, not security. Publicly addressable machine is a bit worse for security (IoT anyone?), but it is a lot worse for privacy. |
|
| ▲ | everdrive 2 days ago | parent | next [-] |
| I'm not confused about the NAT / firewall distinction, but it might be nice if my ISP didn't have a constant, precise idea of exactly how many connected devices I owned. Can that be _inferred_ with IPv4? Yes, but it's fuzzier. |
| |
| ▲ | doubled112 2 days ago | parent | next [-] | | Is this solved by the device having between 1 and X randomly generated IPv6 addresses? Some of my devices have 1, some 2, and some even more. Takes some precision out, at least. | |
| ▲ | wredcoll 2 days ago | parent | prev | next [-] | | Aren't your home addresses assigned by your local router? | | |
| ▲ | iso1631 2 days ago | parent [-] | | the ISP can see 58 different ipv6 addresses sending packets in the last hour With ipv4 it can see one ipv4 address Now sure that 58 could all be on one device with 58 different IPs and using a different one for each connection In reality that's not the case. | | |
| ▲ | XorNot 2 days ago | parent [-] | | Okay but why does this matter? They're your ISP they also have your address, credit card number and a technician has been in your home and also supplied the router in the common case. The theoretical vague problem here is being used to defend a status quo which has led to complete centralization of Internet traffic because of the difficulty of P2P connectivity due to NAT. | | |
| ▲ | iso1631 a day ago | parent [-] | | No device on my ipv6 vlans can establish P2P tunnels outside with random clients. Firewalls and good old monetisation prevented your p2p connectivity utopia, not nat. |
|
|
| |
| ▲ | vel0city 2 days ago | parent | prev [-] | | The ISP still doesn't know how many devices are connected, because a lot of those devices are using randomized and rotating IPs for their outbound connections. |
|
|
| ▲ | Guvante 2 days ago | parent | prev | next [-] |
| You already have a public IP address the only difference is if you have a rotating IP address which is orthogonal to IPv6. The only difference is most ISPs rotate IPv4 but not IPv6. Heck IPv6 allows more rotation of IPs since it has larger address spaces. |
| |
| ▲ | bombcar 2 days ago | parent [-] | | IPv6 can "leak" MAC addresses of connected devices "behind the firewall" if you don't have the privacy extensions / random addresses in use. There are a number of footguns for privacy with IPv6 that you need to know enough to avoid. | | |
| ▲ | craftkiller 2 days ago | parent | next [-] | | Privacy extensions are enabled by default on OSX, windows, android, and iOS: https://ipv6.net/guide/mastering-ipv6-a-complete-guide-chapt... On Linux, I think the defaults are left up to the distros so there is a chance of a privacy footgun there. Hopefully most distros follow the example set by Apple and Microsoft (a sentence I never thought I would write...) | | |
| ▲ | bombcar 2 days ago | parent [-] | | They are now - I'm not sure when they implemented them but I know Windows at least would do some really stupid stuff very early on. | | |
| ▲ | Guvante 2 days ago | parent [-] | | Aren't we talking about now? No one is saying we should have activated IPv6 in its first iteration. |
|
| |
| ▲ | zekica 2 days ago | parent | prev [-] | | All desktop/mobile OSes today use "Stable privacy addresses" for inbound traffic (only if you are hosting something long-term) and "Temporary addresses" for outbound traffic and P2P (video/voice calls, muliplayer games...) that change quickly (old ones are still assigned to not break long-lived connections but are not used for new ones). |
|
|
|
| ▲ | justsomehnguy 2 days ago | parent | prev [-] |
| With SLAAC and a random IPv6 you would get at least the same level of privacy. One public IPv4 isn't different from /48 IPv6 network. |
