Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
ghusto an hour ago

I hear this as a cited as a benefit of IPv6 a lot. Honest question: Isn't this at least a privacy issue, at most a security issue? SLAAC seems like what we already have with extra, breakable steps, which doesn't effectively address the privacy issue anyway.

TheDong an hour ago | parent | next [-]

Where's the privacy issue?

That the server can figure out that two computers in the same house are different since your laptop and phone no longer share the same ipv4 address but instead have two ipv6 address?

Your phone and laptop can just have multiple ipv6 addresses and rotate through them regularly... as apple does by default https://support.apple.com/en-ca/guide/security/seccb625dcd9/...

Security? NAT is not a firewall, you need a firewall, and switching to IPv6 does not remove your firewall.

Before IPv6: The server gets "1.2.3.4:56789" for your device. After IPv6: the server gets "1:2:3:4::56" or whatever for your device. In either case, if the server makes a connection to 1.2.3.4:56789 or 1:2:3:4::56, your router sees the packet and firewalls the connection. Cool.

Want to give me a concrete example of where IPv6 is hurting my privacy or security, because I've been using it for over a decade with zero mishaps, zero privacy issues, zero security issues (to my knowledge at least)

inigyou an hour ago | parent [-]

They used to recommend using the MAC address. This was ok 30 years ago when a computer sat in an office on a desk but it makes it very easy to fingerprint a moving computer as it moves across different networks.

Using a random address (Privacy Extensions) solves this problem though, but do we expect everyone to know what that is and check it's enabled? Mine wasn't enabled by default (on Linux) and I only noticed when a bittorrent site warned me.

throw0101a an hour ago | parent [-]

As mentioned by GP, Apple enables privacy extensions on all their OSes:

* https://support.apple.com/en-ca/guide/security/seccb625dcd9/...

As does Windows (since Vista), and Android (8+).

So why are we still talking about this?

TeMPOraL an hour ago | parent | prev [-]

Everything useful is a security issue. Security is a trade-off, not a positive stat you maximize. Every security tightening removes some utility from a system; the hope is that this disproportionally disrupts the "bad actors" over "good ones".

(All of that hinges on the key question that people seldom ask: what is being protected, and from who. The "two-tier" Internet is, in a way, pointing out a case where regular users are seen as threat actors.)