[password4321]

> IP based exclusion should not be considered a security measure

Apologies in advance if I'm missing something obvious here, but are you saying an IP allow list is not a standard security practice? If so I'd appreciate further explanation.

[abujazar]

It's useful when the client always has its own static IP that _doesn't change_ between sessions. In this case, where the public facing IP may be shared by thousands of users, it provides no real security. All you'd have to do to gain access would be getting the client IP and finding some way of getting on the same network. Which in many cases could be as easy as subscribing to the same cell network or other ISP, or connecting to the guest wifi network of an office building.

[password4321]

Thanks for filling in the details. I agree that an IP allow list works best for users who are alone on an IP that doesn't change often, which is the case for a majority of home internet users but not when they're away from home.

[yccs27]

Unfortunately there's an increasing number of home internet connections behind CGNat, as IPv4 adresses run out (and IPv6 doesn't gain momentum, heaven knows why)

[abujazar]

I guess it's partially because ISPs are perfectly happy selling crippled internet connectivity as the base service and charging hefty premiums for "luxuries" like static IPs. It has also become common to only offer static IPs to business customers.

[ianburrell]

IPv4 addresses have run out, everything has been allocated, and they are now being traded.

IPv6 is slowly growing in popularity. Google stats are close to 50%. If your ISP has IPv6, you might be accessing Hacker News with IPv6 since they added support recently.