publicly addressable does not mean publicly routable… your router would still not arbitrarily connect untrusted external devices to internal hosts
NAT has the property of a firewall only as an implementation detail. replacing NAT with an IPv6 firewall in the router is an upgrade in every conceivable way
My comment wasn’t even ipv6 specific, quite the opposite. The comment I was replying to also wasn’t, and the implication that things would be better if everyone had a fixed IP(v4) was actually the specific privacy nightmare scenario I wanted to emphasize. That is the literal worst case of all.
Things can be mitigated somewhat with IPv6, but also only to a degree. Here you’d (usually) have a static prefix and not IP. You then need to use the randomized suffix generation (on a host level, or in DHCPv6 if you’re using that), and not all OS so this by default, but I think Windows does these days. Advertising data collectors, which means basically every web site, could just assume that your prefix is stable and the information they gain if they happen to be correct it’s… uncomfortable.
publicly addressable does not mean publicly routable… your router would still not arbitrarily connect untrusted external devices to internal hosts
NAT has the property of a firewall only as an implementation detail. replacing NAT with an IPv6 firewall in the router is an upgrade in every conceivable way
I’m aware of that, and didn’t say otherwise?
My comment wasn’t even ipv6 specific, quite the opposite. The comment I was replying to also wasn’t, and the implication that things would be better if everyone had a fixed IP(v4) was actually the specific privacy nightmare scenario I wanted to emphasize. That is the literal worst case of all.
Things can be mitigated somewhat with IPv6, but also only to a degree. Here you’d (usually) have a static prefix and not IP. You then need to use the randomized suffix generation (on a host level, or in DHCPv6 if you’re using that), and not all OS so this by default, but I think Windows does these days. Advertising data collectors, which means basically every web site, could just assume that your prefix is stable and the information they gain if they happen to be correct it’s… uncomfortable.
ah! sorry i misread/misunderstood privacy to mean security in your comment :)