[talent_deprived]

> it's an absolute pain in the ass for bidirectional communication

You're right and that's what I love about NAT, IPv6 in contrast is a hacker/spy tracking digital superhighway right through my front door and straight into my devices.

[supriyo-biswas]

You could assign your devices IPs from fc00::/7 range otherwise known as "Unique local unicast"[1], which is the IPv6 version of 10/8, 192.168/16 and the like.

[1] https://en.wikipedia.org/wiki/Unique_local_address

[sgjohnson]

> IPv6 in contrast is a hacker/spy tracking digital superhighway right through my front door and straight into my devices.

I'm fairly confident that nobody is ever going to scan a single /64 of IPv6 addresses within our lifetimes.

In comparison, scanning the ENTIRE IPv4 internet on a single port can be done by anybody at all and it's going to take about 40 minutes.

[organsnyder]

That's only true if you don't have a firewall, or yours is misconfigured. "Only allow related" as a default incoming rule works just fine for IPv6.

[overgard]

I'd rather just use a proper firewall I think. One thing that's super annoying about NAT is how hard it makes it to host your own server. I remember setting up FTP on my router at one point, but it was so annoying and flaky that I ended up not using it. But I can't say I'd be that afraid of having an SFTP server on the internet with a strong password and every non-relevant port firewalled. The whole NAT thing doesn't make it any more secure, it's just way more annoying to setup

[kstrauser]

Not one bit of that is true or accurate.

[talent_deprived]

Actually, it is, try the test for yourself in your home over a 30 day period. Drop IPv6 at the router and in your main PC and devices by disabling it. At the end of that 30 days, it will become clear that Ad companies were using IPv6 to track people in the household when Ads for things completely unrelated to their interests and related to the other members of the household start showing on each others PC's and devices.

[kstrauser]

That's impossible if the devices have privacy extensions enabled, which is the default on all major OSes. My house has a /64 IPv6 prefix. Inside that, the computer I'm writing this on has 8 temporary IPv6 addresses it's using at this moment. An ad company can no more track my individual computer inside my house than it could your computer inside yours. The only difference is that your network is a black box behind public IP 1.2.3.4, and mine is a black box behind public prefix abcd:ef01:2345:6789::/64. (Well, I use IPv4, too, but for the sake of this discussion...)

[talent_deprived]

> That's impossible if the devices have privacy extensions enabled

Wrong. Try what I said. It was recent enough the results are reproducible.

> An ad company can no more track my individual computer inside my house than it could your computer inside yours.

Yes, they can and my testing showed me, they do:

https://johannaullrich.eu/assets/papers/ullrich2015_raid.pdf

[kstrauser]

> Wrong. Try what I said. It was recent enough the results are reproducible.

Nope. What really happened is that an ad company might have started collecting information about your IPv6 prefix, precisely like they might store information about your IPv4 address. That's all the information they can reconstruct about the hosts inside your LAN.

The paper you linked showed that if a host uses the method for generating pseudorandom addresses described in RFC 4941 instead of using completely random one, and if the attacker has a complete history of your generated pseudorandom addresses, and if the attacker has successfully defeated MD5 on a practical time scale, then it's possible that they could guess your future pseudorandom address.

In practice, most OSes generate truly random addresses, and an advertiser doesn't have your complete history of generated addresses, and the advertiser wouldn't spend all those resources to track you specifically anyway. In other words, that 8 year old paper isn't relevant to the situation today.