←back to thread

The IPv6 Transition

(www.potaroo.net)
215 points todsacerdoti | 1 comments | 20 Oct 24 05:54 UTC | HN request time: 0s | source
Show context
kalleboo ◴[20 Oct 24 07:22 UTC] No.41893589[source]
The internet stopped being a network of peers where everyone needed an address and is now a split into producers (a handful of large companies) and consumers (everyone else).

The consumers are not expected to need a public address where they can be reached - in fact, having a public address is actually a security and privacy risk.

replies(3): >>41893910 #>>41898097 #>>41898172 #
bigstrat2003 ◴[20 Oct 24 20:04 UTC] No.41898097[source]
> in fact, having a public address is actually a security and privacy risk.

I strongly disagree with this. Privacy (not that it's a big deal imo) is well handled by the temporary address extension, and security is not an issue if you run a firewall. And you should be running a firewall even if you use v4, because NAT is not an acceptable security measure.

replies(1): >>41898489 #
FridgeSeal ◴[20 Oct 24 21:09 UTC] No.41898489[source]
Whilst I agree with you, I rather depressingly suspect a lot of people equate NAT with “security”.
replies(2): >>41899377 #>>41901876 #
PhilipRoman ◴[21 Oct 24 08:21 UTC] No.41901876{3}[source]
Security - not really, but to be honest CG-NAT is kind of nice for privacy. I don't have to worry about leaking a (by default) permanent identifier. Once/if I go full ipv6, I'll probably start using a VPN full time.
replies(2): >>41902544 #>>41902648 #
abhinavk ◴[21 Oct 24 10:32 UTC] No.41902648{4}[source]
The IP that you use to connect outside is separate and not permanent by default. AFAIK both Windows 11 and Linux generate a new one every day.
replies(1): >>41903083 #
1. PhilipRoman ◴[21 Oct 24 11:45 UTC] No.41903083{5}[source]
AFAIK it is within the same /64, which for all tracking purposes means "the same ip". The CG-NAT ip on the other hand is not even unique at any particular moment, let alone permanently. Kind of like having your own free residential VPN.