I agree with the statement that NAT provides no privacy benefits, but there are security benefits to NAT. As Robert Graham says, "NAT is a firewall. It's the most common firewall. It's the best firewall."
If all you rely on is NAT, and you turn the firewall on your router off, it is possible for outside attackers to send unexpected packets to through the NAT device and right to your endpoints.
The targets are limited to the entries contained within the NAT translation tables, but that's still a pretty leaky "firewall".
NAT is just not a firewall, all it does is translate addresses, or in the case of PAT, Ports+Addresses. It does not filter the packets it receives, it just translates them.
I have seen some that don't. Back in early days of residential ISPs to offer IPv6. But, that's a thing of the past - and the same mistakes happened on the early IPv4 routers when dialup was disappearing, and DSL/Cable was kicking off.
Having IPv6 will be exactly as secure as IPv4+NAT by default on any CPE. And, just as with NAT+v4, it's possible to open your machines to the world if you have no idea what you're doing.
(This is actually pretty common for gamers who set the "DMZ host" router feature to aim at their desktop and flick off the firewall!)
Newer devices might support the Port Control Protocol, so applications can ask for the port to be forwarded on ipv4 and allowed in the firewall for ipv6
Which does not solve the common case when you want to pass unfiltered ingress trafic to few specific hosts and have the default reject unknown ingress behavior for all other LAN hosts. Just give me the ability to set my own firewall rules when I need to instead of drop-all/drop-ingress/accept-all combo-box with confusing label.
If all you rely on is NAT, and you turn the firewall on your router off, it is possible for outside attackers to send unexpected packets to through the NAT device and right to your endpoints.
The targets are limited to the entries contained within the NAT translation tables, but that's still a pretty leaky "firewall".
NAT is just not a firewall, all it does is translate addresses, or in the case of PAT, Ports+Addresses. It does not filter the packets it receives, it just translates them.