[tilwidnk]

> Can you explain this more? Why are you so tied to ipv4?

For me, IPv4 doesn't break the privacy barrier, IPv6 blasts a huge hole straight into each and every household, office and IoT device on the planet. No, privacy fixes put into IPv6 do not work.

[dns_snek]

You're not completely wrong, but that ship has sailed a long time ago: https://amiunique.org

Until browser fingerprinting is addressed, there will be no real privacy.

[lolinder]

Can you explain this more? I realize that one IP address per device poses a major problem for privacy, but I thought we somewhat mitigated that by dynamically reassigning IPs.

What exactly is the problem with the privacy fixes that were put into IPv6? Why don't they work?

[kccqzy]

I'm guessing that the GP is talking about the fact that if there were two persons in a household using the Internet at the same time, with IPv4 they would connect from the same IP address (though of course with different port numbers), but with IPv6 they would likely connect from distinct IP addresses, and usually only sharing a /64 prefix.

You are correct that this isn't a big issue. SLAAC addresses are generally changed fairly frequently by the OS. As for stateful DHCPv6, well I turn it off for both this reason and the fact that Android doesn't support it.

[jeroenhd]

IPv6 privacy extensions are only switched around once a day or so in most default configurations.

You can change that, of course, and switch addresses every minute if you want to, but I do find the default a little high.

[lolinder]

Once a day is still way more frequent than most routers switch IPv4 addresses, so I'm not sure that the net result is any worse.

[jeroenhd]

The difference is that the average household shares multiple devices behind that single IP address, whereas IPv6 addresses are unique to the device you're using.

Identification to the level of IPv4 can still be done with IPv6 by using the /64 where you would previously take the /32, but with IPv6 you also get identifiers from within the network as well.

With how much IPv6 space is available, I'm not sure why SLAAC-based networks don't just assign different IP addresses to different use cases. I can see this becoming a problem on large company networks, but in home networks you could generate a random IPv6 address every hour for every website you visit and still never run out of address space.

Operating systems aren't exactly geared up for per-application outgoing IP addresses, and perhaps handling tens of thousands of IP addresses will bog down the kernel somehow, but in terms of privacy protection we could be doing a lot more than what IPv6 Privacy Extensions are doing right now.