alt Hacker NewsWhere's the privacy issue?
That the server can figure out that two computers in the same house are different since your laptop and phone no longer share the same ipv4 address but instead have two ipv6 address?
Your phone and laptop can just have multiple ipv6 addresses and rotate through them regularly... as apple does by default https://support.apple.com/en-ca/guide/security/seccb625dcd9/...
Security? NAT is not a firewall, you need a firewall, and switching to IPv6 does not remove your firewall.
Before IPv6: The server gets "1.2.3.4:56789" for your device. After IPv6: the server gets "1:2:3:4::56" or whatever for your device. In either case, if the server makes a connection to 1.2.3.4:56789 or 1:2:3:4::56, your router sees the packet and firewalls the connection. Cool.
Want to give me a concrete example of where IPv6 is hurting my privacy or security, because I've been using it for over a decade with zero mishaps, zero privacy issues, zero security issues (to my knowledge at least)
Replies
They used to recommend using the MAC address. This was ok 30 years ago when a computer sat in an office on a desk but it makes it very easy to fingerprint a moving computer as it moves across different networks.
Using a random address (Privacy Extensions) solves this problem though, but do we expect everyone to know what that is and check it's enabled? Mine wasn't enabled by default (on Linux) and I only noticed when a bittorrent site warned me.
> NAT is not a firewall,
I've only read that on HN, I've never heard this anywhere else. Since it's been a good 20+ years since my CCNA (and haven't needed to renew it since), could you please offer a real-world example where NAT is not a firewall w/ practical examples relating to 99.9% of cases of home use? I just can't get why people say this a lot here.
NAT works and passes the grandma test. If grandma buys a crappy vulnerable 40$ printer and plugs it in, even if it accepts unauthenticated stuff on every local port, you will not be able to connect to it behind NAT. So what's the difference? The only way I could think this can apply is if the ISP is compromised or criminally mismanaged, in which case you probably already have bigger problems.