←back to thread

The IPv6 Transition

(www.potaroo.net)
215 points todsacerdoti | 5 comments | 20 Oct 24 05:54 UTC | HN request time: 0.416s | source
Show context
kalleboo ◴[20 Oct 24 07:22 UTC] No.41893589[source]
The internet stopped being a network of peers where everyone needed an address and is now a split into producers (a handful of large companies) and consumers (everyone else).

The consumers are not expected to need a public address where they can be reached - in fact, having a public address is actually a security and privacy risk.

replies(3): >>41893910 #>>41898097 #>>41898172 #
bigstrat2003 ◴[20 Oct 24 20:04 UTC] No.41898097[source]
> in fact, having a public address is actually a security and privacy risk.

I strongly disagree with this. Privacy (not that it's a big deal imo) is well handled by the temporary address extension, and security is not an issue if you run a firewall. And you should be running a firewall even if you use v4, because NAT is not an acceptable security measure.

replies(1): >>41898489 #
FridgeSeal ◴[20 Oct 24 21:09 UTC] No.41898489[source]
Whilst I agree with you, I rather depressingly suspect a lot of people equate NAT with “security”.
replies(2): >>41899377 #>>41901876 #
1. PhilipRoman ◴[21 Oct 24 08:21 UTC] No.41901876[source]
Security - not really, but to be honest CG-NAT is kind of nice for privacy. I don't have to worry about leaking a (by default) permanent identifier. Once/if I go full ipv6, I'll probably start using a VPN full time.
replies(2): >>41902544 #>>41902648 #
2. orangeboats ◴[21 Oct 24 10:13 UTC] No.41902544[source]
Conversely, CGNAT also means that if someone in your neighbourhood decided to be a malicious actor, you will likely be affected too.
replies(1): >>41903353 #
3. abhinavk ◴[21 Oct 24 10:32 UTC] No.41902648[source]
The IP that you use to connect outside is separate and not permanent by default. AFAIK both Windows 11 and Linux generate a new one every day.
replies(1): >>41903083 #
4. PhilipRoman ◴[21 Oct 24 11:45 UTC] No.41903083[source]
AFAIK it is within the same /64, which for all tracking purposes means "the same ip". The CG-NAT ip on the other hand is not even unique at any particular moment, let alone permanently. Kind of like having your own free residential VPN.
5. alwayslikethis ◴[21 Oct 24 12:19 UTC] No.41903353[source]
For law enforcement purposes most CGNAT operators should keep a log of who had what address at what time. You can still get blocked by websites until you get a new address, though.