←back to thread

The IPv6 Transition

(www.potaroo.net)
215 points todsacerdoti | 1 comments | 20 Oct 24 05:54 UTC | HN request time: 0s | source
Show context
kalleboo ◴[20 Oct 24 07:22 UTC] No.41893589[source]
The internet stopped being a network of peers where everyone needed an address and is now a split into producers (a handful of large companies) and consumers (everyone else).

The consumers are not expected to need a public address where they can be reached - in fact, having a public address is actually a security and privacy risk.

replies(3): >>41893910 #>>41898097 #>>41898172 #
bigstrat2003 ◴[20 Oct 24 20:04 UTC] No.41898097[source]
> in fact, having a public address is actually a security and privacy risk.

I strongly disagree with this. Privacy (not that it's a big deal imo) is well handled by the temporary address extension, and security is not an issue if you run a firewall. And you should be running a firewall even if you use v4, because NAT is not an acceptable security measure.

replies(1): >>41898489 #
FridgeSeal ◴[20 Oct 24 21:09 UTC] No.41898489[source]
Whilst I agree with you, I rather depressingly suspect a lot of people equate NAT with “security”.
replies(2): >>41899377 #>>41901876 #
PhilipRoman ◴[21 Oct 24 08:21 UTC] No.41901876{3}[source]
Security - not really, but to be honest CG-NAT is kind of nice for privacy. I don't have to worry about leaking a (by default) permanent identifier. Once/if I go full ipv6, I'll probably start using a VPN full time.
replies(2): >>41902544 #>>41902648 #
orangeboats ◴[21 Oct 24 10:13 UTC] No.41902544{4}[source]
Conversely, CGNAT also means that if someone in your neighbourhood decided to be a malicious actor, you will likely be affected too.
replies(1): >>41903353 #
1. alwayslikethis ◴[21 Oct 24 12:19 UTC] No.41903353{5}[source]
For law enforcement purposes most CGNAT operators should keep a log of who had what address at what time. You can still get blocked by websites until you get a new address, though.