Thread 107056255

>>107056255 (OP)

it literally reads in my isp site or site forums no service in ipv6

>>107056255 (OP)
FUCK BLOODY YOU

>>107056255 (OP)
explain why it's bad

>>107056789
>worse privacy
>worse security
>more bugs
>addresses too long

ipv6 gives me the ick

>>107056789
The spec is so retarded that ISPs aren't forced to assign static prefixes like intended or even the correct subnet size leading to shit like having to use NAT66 or other manmade horrors beyond comprehension at which point IPv6 as a technology is not only worthless but any discussion around it is also worthless since it failed at the one thing it set out to do, eliminate (CG)NAT.

Holy shit this solved my network problem thanks sir pls take my upvote!

>>107056873
>customer states unstable network connection
>network card hardware settings > force connection speed to 100M for gigabit or 10M for 100M
Here's another tip they don't want you to know

>>107056817
>>worse privacy
it is more private.

>>worse security
they are the same.

>>more bugs
what? it's a protocol.

>>addresses too long
i agree but it should not matter when you have dns and mdns.

>>107056854
>even the correct subnet size
there is no standard for subnet size.
usually it's /64 or /56 for residential plans, and /48 for business plans.

>NAT66
that is not even part of the spec, it's some dumbfuckery cisco made up because they want to keep doing the same retarded shit they did wirh ipv4.

immolate yourselves you fucking faggots

never gonna use ipv6 y'all seethies seething
you gonna send the UN into my network and force it LMAO

>>107057048
>it is more private.
It's built for tracking, with a unique IP for every device.

>they are the same.
In theory, maybe. in practice, security issues still pop up from time to time.

>what? it's a protocol.
Again, theory vs practice. Buggy implementations are quite common.

Security and bugs will maybe improve over time, but privacy will always be worse compared to NAT IPv4.

>>107057156
>t's built for tracking, with a unique IP for every device.
just like ipv4 was you stupid fucking cunt

>>107057048
Ah the cope brigade has arrived.
>there is no standard for subnet size.
Technically true and false. There was initially a set default of /48 in RFC3177 which later got fucked by RFC6177. Then there's also RIPE690 which is another can of worms. That's the spec but how any of this helps someone that in reality only gets a single /64 with a constantly changing prefix assigned when that goes against literally all assumptions the IPv6 spec and especially the recommendations make is still something left for the gods to figure out I guess.
>that is not even part of the spec
Yeah it's only implemented, used and supported in the real world by Cisco, Juniper, Forinet, PAN, Checkpoint, Huawei.. You know totally irrelevant nobodies.
>bb-b-b--bbut the IETF recommends against that!
And no one gives a shit, just like the RIPE690 toilet paper that says you shouldn't assign changing IPv6 prefixes to anyone which is exactly why we're in this mess of NAT66/NPTv6 in the first place. Also saying it's not part of the spec is once again only technically true if you completely ignore RFC6296 but I'm sure you will go on about how that's technically only experimental and discouraged but once again no one that matters gives an imaginary fuck. The spec to most network engineers is worth less than toilet paper since you can at least use that to wipe your ass.
Now go ahead and tell my why it's totally better to just ignore this all and instead use ULAs- oh wait those are also considered discouraged now and should only be used for site-local connections not as a crutch to fix the fuckup that are IPv6 prefixes.

>>107057156
>It's built for tracking, with a unique IP for every device.
Actually, 1 public address unironically gives out more information than a bunch of them because you can tell that there is more than 1 device accessing the same site, for instance, 1 device is signed in and 1 device is logged out on the same network and they are both connected to the same site, you can easily tell which one is which based on the session.

>security issues still pop up from time to time.
>Buggy implementations are quite common.
The same applies to IPv4 and it's not the fault of the protocol but its implementation.

>>107057231
You joke but one day will be a reality with Sunset4.

>>107057232
Damn, struck a nerve?

>>107058017
>Damn, struck a nerve?
Took you two hours to come up with that one huh?

>>107057187
>was

>>107058035
I browse more than one thread, also I reply whenever I want, fag.

>>107058126
Damn, struck a nerve?

>>107056255 (OP)
Hardly any sites need it, and for Win7 fags, this is mandatory.

>>107058017
>Sunset4
I know you're an IPv6 third worlder so you're used to all your devices being on the public internet, but there's no way a sunset can reach private networks, which you have with IPv4.

>>107058234
I know of only one site that's IPv6 exclusive, a website literally just made to test if IPv6 works.
Meanwhile github, gmail and god knows how many more are still IPv6 only.

>>107058234
>know you're an IPv6 third worlder
Nope, eurochad here.

>there's no way a sunset can reach private networks
True but what would be the point of running IPv4 internally if your public addresses are IPv6 only?
IPv6 is easier and simpler even in local networks.

Damn, who is ddosing 4chan? Captcha took 20 seconds to popup.

>>107056255 (OP)
why can't they just add another two bytes and make that ipv7?

like this: 142.124.36.25.214.78?

>>107058360
>IPv6 is easier and simpler even in local networks
My ISP assigns me a single /64 and the prefix changes randomly every 12-48 hours. Yes seriously my IPv6 prefix changes more often than my IPv4 CGNAT address with forced 24 hour disconnects.
My existing network is already segmented into various subnets. Now here's my problem: How do I deal with access rules and filtering when the prefix changes every five minutes?
Link local addresses which don't allow for internet access or cross segment communication? Then why should I bother with IPv6 at all.
ULAs allow cross segment talk but don't allow internet access? Again why fucking bother with the additional workaround that would require for example:
NPTv6?
>easier and simpler
Yeah you can fuck right off and while you're at it stop lying.

>>107058371
actually ipv6 should have been 6 bytes and ipv8 should be 8 bytes because ipv4 is 4 bytes

this is what i would do if i was the president

>>107058418
>How do I deal with access rules and filtering when the prefix changes every five minutes?
Your ISP is retarded, normal behaviour should be a static subnet, ideally more than /64. Ask you ISP IT support team for that.
My ISP gives me a static /56, so it also gives me room to properly subnet my network into many more /64 subnets.
What do you need to filter? Your firewall should be able to handle that.
Your IP addresses are assigned manually? or with SLAAC or even DHCPv6?

>Yeah you can fuck right off and while you're at it stop lying.
It's true, modern IPv4 is a clusterfuck of stateful protocols that eats compute resources from routers and firewalls.
IPv6 when implemented correctly is much simpler to manage, and is lightweight on resources.

>>107057231
I wish I was based enough to be able to do this. IPv4 is so fucking stupid when you actually "know" what they're keeping from you.

IPv6 as a standard is DOA because they didn't allocate enough bits for proper future compatibility

Obviously 32 bit addresses is criminally undersized; they needed to go larger for the next spec. The problem is that back in the 90s they didn't have the foresight to today, so they only went with 128bits not realizing how much the internet would grow. To be fair, I'm sure it made sense to stick with only 16 bytes because of networking and hardware limitations at the time. However in the long run they pretty much stifled any adoption because they were too stingy with the bits allocation.
They should've jumped straight to 256 or even 512bits if they wanted to make a standard that would suit the internet of the 21st century.

>>107059023
>they didn't allocate enough bits
kek
no the issue is slaac niggerfaggotry where we decided that somehow every subnet should be a sparse /64 where devices to get to randomly pick and choose their ips, """for security"""

>>107059023
There are more IPv6 addresses than grain of sand in the entire world, quit your bullshit.

>>107058017
>Actually, 1 public address unironically gives out more information than a bunch of them because you can tell that there is more than 1 device accessing the same site, for instance, 1 device is signed in and 1 device is logged out on the same network and they are both connected to the same site, you can easily tell which one is which based on the session.
You have completely failed to explain how using 1 public address across several devices "gives out more information" than having a separate address for each device. At worst, it gives out an equal amount of information, but not more

>>107057048
>>worse security
>they are the same.
It makes every device reachable. That is a humongous security downgrade.

>>107059262
Have you ever heard of this thing called a firewall? You know, the thing that comes by default with practically every router and device in existence? You are aware that NAT isn’t the only way to stop people reaching random devices in your network?

A default deny incoming firewall will serve the same function as a NAT, with the advantage of not needing reverse proxies or scuffed port-forwarding shit (I don’t even know if this is doable with CGNAT at all, I’ve never had to deal with it).

This is even assuming that an attacker can find your internal IP addresses. Scanning a /56 prefix that an ISP should give out requires checking 4,722,366,482,869,645,213,696 addresses, and even the shittier /64s some retarded ISPs give out have 18,446,744,073,709,551,616 to check. Given that most devices will periodically shift their IPv6 address, an attacker will have had to
1. Be connected to by the device they’re targeting
2. Stage an attack before it changes its IP
3. Hope you don’t have even the most basic firewall that prevents random incoming connections to devices behind it

This “I need NAT to secure my network, because I’m too crippled with AIDs to turn on a firewall and add a default drop rule” is pushed all over the place. IPv6 has more issues in shitty hardware support than this. Hell, if you are that retarded, just run IPv6 NAT.

>>107058418
Yeah, your ISP is retarded, or your router is doing something weird. It might be worth checking to see there isn’t some autorotation thing happening. Maybe get in touch with customer support? There is an issue that a lot of sys admin types treat IPv6 like NATted IPv4, and doing so removes basically all of its upsides and turns it into a more annoying version of IPv4.

>>107057156
>It's built for tracking, with a unique IP for every device.
https://en.wikipedia.org/wiki/IPv6_address#Temporary_addresses

>>107059771
So you're ok with anyone being able to do nmap on the entire internet and poke around any device that isn't behind a properly configured firewall. Big numbers won't protect you from the billion device botnets that would result if this became the default protocol.

>>107057231
Go ahead, I dare all and anyone chilling/evangelizing IPV6 to disable IPV4 themselves and report back. I disabled IPV6 and I can do anything just fine..

https://jamesmcm.github.io/blog/no-ipv4/

>>107058360
>True but what would be the point of running IPv4 internally if your public addresses are IPv6 only?
Because a sizeable portion of the control systems for everything in any aspect of manufacturing are legacy piles of shit that don't support ipv6. I literally can't switch to purely ipv6, and as such there's next to zero reason to even bother having ipv6 internally at work at all because it's just a secondary network that could fuck up other devices. We only have ipv6 for the office section. All floor equipment is ipv4 exclusively. We looked into isolating old machines on a separate vlan, and might do that in a few years, but the wifi stuff locked on ipv4 makes that a mess too. Technically you could divide between 2.4 and 5Ghz, but there's headaches with that too.

>Just upgrade the equipment then
That would cost hundreds of thousands of dollars, realistically millions just on labor and equipment, and would be guaranteed to leave some random machine down for an extended period of time because upgrades like that never work perfectly out of the box the first time around, meaning even more costs. I have to keep a stockpile of IDE disk on modules around to replace drives. Think about that. People keep harping on about ipv6 and I'm still dealing with shit that daisy chains devices together with serial ports.

>IPv6 is easier and simpler even in local networks.
categorically untrue. A rhesus monkey can remember a handful of ipv4 details for SME environments. Even if the shit supported ipv6, manually entering in those enormous addresses is error prone. IPv4 has cruft, but saying that ipv6 is easier to manage in a real world environment is fucking delusional.

>>107058676
>Your ISP is retarded, normal behaviour should be a static subnet, ideally more than /64.
Why would an ISP do this when they could charge you for it by saying you have to upgrade to their business package and pay an additional fee on top of that for statics? Many ISPs don't even have ipv6 yet.

>>107060494
>https://en.wikipedia.org/wiki/IPv6_address#Temporary_addresses
Need to restart the computer for the address to change.

Nice try glowie.

>>107056255 (OP)
t. gookmoot

IPv6 is dead. It's a meme technology dreamed up by deranged academia-tier faggots with zero concept of how the IT world actually works. If there was any demand to use IPv6 by my clients, I would actively sabotage it. But guess what - nobody gives a fuck about IPv6. Resident lintroons and hobbyists can seethe all they want - IPv6 will never be a real protocol. Me and everyone else who actually works in IT takes care of that.

>>107060664
> The plan was simple: set up WireGuard on the VPS (installing wireguard-tools), and then use the IPv6 address as the endpoint in the client-side on my machine.
No wonder we're stuck with IPv4.

So what's the deal with IPv6 not working well with VPN's? I read about it before but it didn't really make sense to me.

Sort of offtopic but does anyone have recommended books, etc. for learning networking?
I'm comfortable with Linux and programming but I know very little about networking/sysadmin.

IPV6 is comfy AF your all just retarded. Infinite IPs, globally routable. Jewtube blocks only your /128? Oh no what ever will i do?

I'm so glad my ISP gives me a new prefix every 24 hours/reconnect, otherwise how else would I ban evade?

>>107057232
Is this why I can't block IPv6 ranges? I use cymru to get the prefix and put it on a deny block on nginx but they jump one prefix higher somehow which I've never seen happen with IPv4.

>>107059783
>>107058676
>Your ISP is retarded
great and how does that help him? if you ever wondered why people at best just stop listening when you start going on about ipv6 it's shit like this.
>ask for help
>well your isp is retarded and it shouldn't be done that way
>YEAH BUT IT IS DONE THAT WAY!?
>well IPv4 sucks use IPv6

>>107059187
The signed in device access site.tld/myposts, site.tld/settings, the logged out device access site.tld/publicposts, the site owner can see that those pages are being accessed by different sessions but by the same ip address so it does know that the ip is natted and that it probably is the same person or a close relative.

>>107059771
Well said.

>>107060586
The default configuration on every firewall is to drop incoming packets. You have to actively change the configuration and remove that firewall rule to be vulnerable, and you kind of deserve to get attacked if you touch things you don't know about desu.

>>107060666
Check out 464XLAT or other ip encapsulation methods.

>Just upgrade the equipment then
You have equipment that is older than 25 years? Every single device that I own supports it and I too have some ancient devices.

>manually entering in those enormous addresses is error prone.
Never type addresses manually, use real DNS, an internal DNS server or multicast DNS.
Multicast DNS (mDNS) is the easiest one as it does not require a central point of failure and it respect your internal firewall rules, just use <hostname>.local and make sure to assign a host name to the internal devices you plan to contact.

>they could charge you for it by saying you have to upgrade to their business package and pay an additional fee on top of that for statics?
I don't have to deal with this jewry because ISPs are normal here. I'm sorry for you.

>>107060809
A temporary address lasts from a few hours to a few days, and it changes automatically.

>>107061837
You have to increase the subnet size, if you block a /64, then move by 4 and block a /60 (don't blanket ban every /60 as you will block legit users, increase it only for that IPv6 range), if it still gives you problems, you keep increasing by 4 up to a /48.

>>107062255
Ask the ISP support team or change the ISP and pick a non retarded one, ez.

>>107058017
>The same applies to IPv4
Over a decade ago I saw this video demonstrating how an IPv6 Router Advertisement attack could be used to very quickly knock an IPv6 computer off the network while overwhelming it's CPU & making it unusable until the attacker stops.

The guy's channel had a few other videos showing the same attack working on Windows, Mac, Linux & smartphone victims. He was trying to draw attention to this being a large oversight in IPv6 & raising awareness for vendors to patch it.

Even today, when looking into IPv6 RA attacks, it looks like it's still a known issue that isn't totally corrected (it's not seen as very urgent because the attacker would have to be on the same LAN as the victim machine).

Back in the day, I looked into this type of attack and asked myself "Is there anything I actually need that requires the use of IPv6? I'll just turn it off until I find something that actually requires it's use"

Here was the video if you were curious:
https://www.youtube.com/watch?v=hLVnSR-smoU

>>107061380
From the /hsg/ thread.

>>107060666
>You have equipment that is older than 25 years? Every single device that I own supports it and I too have some ancient devices.
It's always amusing how these threads bring out the people that have never worked with shit in actual industry. I don't mean that to offend you, but 25 years is nothing. I have shit from the early 80s on the floor. We don't have any dos or 3.1 machines anymore, but they are not that uncommon.

You're also assuming new equipment actually follows specs. Industrial equipment frequently violates specs to make servicing it harder. More than half the control software produced in the last 10 years will not support ipv6 and requires being connected to ipv4 addresses. It's much easier to just have an ipv4 network than to worry about frankenmonstering hybrid stuff together.

>Never type addresses manually, use real DNS, an internal DNS server or multicast DNS.
Again, you haven't worked with industrial equipment. Much of it needs to be configured manually. DNS? At least a quarter of our stationary machines are running software that doesn't even know what DNS is. You have to manually enter the machine's IP and whatever it's talking to by entering some secret combination of buttons onto the controller to bring up the configuration options. The alternative is powering down the computer, pulling the drive, mounting it on a different system and going hunting for a text file that has those options, which I've done before. One of our machines actually sort of requires that because it's configuration is stored in an sqllite database and you can't change some of the settings correctly on the machine itself. You're "supposed" to have a tech come out and he'll have a laptop with a special piece of software that can tweak things, but it's like 15 grand for that "service".

Industrial is hell. I still have pre wifi-n devices that I must support until early next year.

>>107062396
>The default configuration on every firewall is to drop incoming packets. You have to actively change the configuration and remove that firewall rule to be vulnerable, and you kind of deserve to get attacked if you touch things you don't know about desu.

You're the kind of faggot that wants passkeys for consumer use huh.

>>107061513
Hey So basically I'm just not gonna use the ipv6. I Know..... UGH I know... It's just that I'm not gonna use it is all HAHAHAHAHRHAHAHA HARAHARHARH

>>107065259
(you replied to the wrong anon)
You are right about one thing, I have limited experience with sysadmin stuff as I'm a webdev.
Though I follow some sysadmins on YouTube and one of them, Apalrd, has some pretty good explanations on IPv6 related fields.
I have been doing my best to ensure a good IPv6 experience for the websites I manage.

>>107065263
Passkeys are great though, easy to manage for normies and same level of security of SSH keys. The only downside is that there is still no standard to export/import them yet, but I've read that the FIDO alliance is working on it.

>>107066283
please saar hold up phone to pc, yes very good. Please use only TPM not 3rd party HSM as Microsoft intended.

>I also want a completely unique identifier tied to my spyware device so that all of my online activity is even easier to index

>>107066323
You do not know how passkeys and WebAuthn work, do some research instead of believe every crap you read on social media.
There is no central entity, there in no spyware, it is simply an authentication method.
FAGMAN offering passkeys services does not mean that it is spyware.
They all use Linux and BSD does that mean that those OSes are spyware? Give me a break.

>>107056255 (OP)
based
it's just a doxxservice masquerading as a protocol

CGNAT = Privacy
no CGNAT = No privacy

you VILL use the doxxable ipv6 prefix so jannies can permarangeban you

>>107066473
I know exactly how they work. Key generation isn't exactly new technology. Having them tied to a physical device like a phone and being made mandatory means it's an identifier tied to your real identity unless you get a second burner device and pay for it anonymously.

Passkeys themselves are great, sure, in fact give everyone their own key pair to easily use so nobody can read shit not meant for them.

You can correlate all sorts of data now to ID someone, if that identifier is the same across multiple platforms, maybe it becomes easier?

They'd never do that though :) Obviously they'd generate a fresh key every time, and never ever ever use an identifier tied to the device to better serve you advertisements.

How about you go be disingenuous somewhere else?

>>107066552
>give everyone their own key pair to easily use so nobody can read shit not meant for them.
What you are describing is encrypted communication, passkeys are not a communication method, they are an authentication method.

>if that identifier is the same across multiple platforms, maybe it becomes easier?
It isn't and it never will be.

>never ever ever use an identifier tied to the device to better serve you advertisements.
This already exists since telemetry was invented, which is about 20 years old.

Anon, the thing you should be scared about is OpenID4VC, telemetry or advertisement ID are just a minor thing.
OpenID for Verifiable Credentials (OpenID4VC) is a set of standard APIs that big government is planning to enforce to introduce a digital wallet so it can easily identify people online.

>Massive Address Space:
Every device gets its own globally unique IPv6 address. There’s no need for NAT; everyone can, in theory, have a direct, routable address. Because there are so many addresses, there’s no visible pattern like “same first three numbers” to rely on for identification.
>Prefix Delegation:
Networks still have prefixes (e.g. 2001:db8:abcd::/64), and all devices on the same local subnet will share that prefix.
However, in practice you rarely see full IPv6 addresses exposed together, and many networks (especially ISPs) rotate or delegate prefixes dynamically. So even if you compare addresses, it’s often impossible to say with confidence that two hosts are on the same LAN or under the same ISP router.
>Privacy Extensions:
Most modern systems generate temporary IPv6 addresses that change periodically to prevent device tracking. These are called SLAAC privacy addresses. So even if two devices are on the same subnet, their changing interface identifiers obscure continuity.
>NAT vs. Transparency:
IPv4’s NAT forces devices behind one public IP, making network grouping obvious from outside. IPv6 eliminates NAT, so each device’s address stands alone; the shared network boundary becomes invisible unless you can see the routing tables or prefix delegations directly.

So:
>Within a local IPv6 network, you can tell devices are on the same subnet by the shared /64 prefix, but that’s only visible locally or to a network administrator.
>From the outside, unlike IPv4, you generally cannot tell whether a set of IPv6 addresses are from the same local network or not, unless the ISP happens to give away a prefix pattern that reveals it.

>>107058122
yes, ipv4 was built for tracking retard

>>107058636
You got my vote

>>107056789
jews

>>107056789
explain why it's good first.

IPv4 is just nonsense
IPv6 is good but the problem is that the addresses are too long to memorize

>>107066873
I'm gonna guess this means you would have an IPv6 address for weeks at a time, while IPv4 generally change on reset. Not really a good idea from the perspective of getting banned on 4chan.

>>107057048
>it is more private.
based retard. the privacy extensions do NOT do what you think they do. you are such a brainlet.

https://dl.acm.org/doi/10.1145/3544912.3544915
I wish you could Thanos snap all idiots

>>107067046
IPv6 address lifetimes depend on how the ISP handles prefix delegation and how your device uses SLAAC or DHCPv6. The global prefix your router gets might persist for days or weeks, but your interface identifier (the host part) often rotates every few hours because of privacy extensions. So from the outside, it’s not as static as it looks; you might appear to change addresses regularly even if your prefix stays the same for a while.

>>107067046
Stop being a ban-evading nigger then

>>107066779
>passkeys are not a communication method, they are an authentication method.
What the fuck do you think they use for authentication? What do you think a SSH key is?

>>107064855
that is not a real book anon

>>107057231
>>IPv4: Disabled
I thought 4chan doesn't support ipv6?

>>107066545
This site doesn't even support ipv6

>>107067047
Have you read the abstract you just posted?
It does exactly what it's supposed to do.
The alternative would be to use DHCPv6 instead of SLAAC + privacy extension. Works the same.

>>107067221
I know that passkeys is just a fancy word for public-key cryptography. Read the thread again.

>>107067345
Yes it does. The only thing that is IPv4-only is posting.

no opinions on ipv6 allowed to be posted until after reading https://datatracker.ietf.org/doc/html/rfc9099

>>107056255 (OP)
Based. Worst rollout of any new technology ever

>>107067342
>>107067345
Newfags don't read the blotter...
06/06/14 - http://blog.4chan.org/post/87993160342/ipv6-support-for-4chan

>>107057232
ESL or drunk or both from diction alone
>toilet paper toilet paper toilet paper
You flunked English and have psychological problems

>>107059187
NTA but i can see the point he’s trying to make.
>Hmm i think anon is john doe who lives with 3 other people, two females and one other male.
>Well would you look at that, all the device activity from this IP address points to those same individuals.
>Hmmm looks like one of the devices has stopped being used. they didn’t switch to a new device either. Someone seems left the household entirely.
>This anon is using the internet entirely from one device, kek must be a lonely little guy, roll out the adverts from the “living alone” consumer category.
NAT could very easily be used for stuff like that.

If everyone is independently IP’d then they’re harder to correlate or profile.

>>107059023
>Heh, you think that 4,294,967,296 addresses isn't enough? Well what if 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses isn't enough either?

# CONFIG_IPV6 is not set

they should just have made ipv5 with an extra octet added to ipv4.. you multiply existing address space by 256 and keep original shit working. Whenever you get an exhaustion, add another version/octet

i cannot get ipv6 to work at all and i dont know why not even ai can help me. i fail every ipv6 test site

>>107058371
why can't they just add another two bytes
>>107069685
>they should just have made ipv5 with an extra octet added to ipv4
What exactly does this accomplish, though? If you invent IPv4v2 and start assigning addresses using it, those devices still can't talk to anything else that hasn't been upgraded. If we're going to have spent, once everything is said and done, half a century migrating to a new version of the Internet Protocol, we might as well not half-ass it.

>>107056255 (OP)
Is that Le epic Jeet meme?

>>107066873
>Most modern systems generate temporary IPv6 addresses that change periodically to prevent device tracking. These are called SLAAC privacy addresses. So even if two devices are on the same subnet, their changing interface identifiers obscure continuity.
I tested this theory. The "temporary" address stayed the same for days and it only changed after restarting the computer. Even if it changed more often it would only make it slightly less bad.

>From the outside, unlike IPv4, you generally cannot tell whether a set of IPv6 addresses are from the same local network or not,
Wrong.

>unless the ISP happens to give away a prefix pattern that reveals it.
That's exactly what happens. You can't always know whether an IPS gives /64 or /56 or whatever, but it's not hard to acquire that information.

IPv6 is objectively worse for privacy compared to IPv4, because it allows easier tracking of every device.

REMINDER: indians make these threads because of ipv4 exhaustion.

>>107056789
here is why ipv6 is bad: cant block ICMP anymore without breaking shit, there can be dual stack leaks in some tunneling scenarios, extension headers and fragmentation can fuck up IDS/IPS, globally routable IoT (inbound) networking is now defaulted due to available addressing without NAT traversal techniques on outbound stateful flows which makes C&C for IoT home networks extremely viable, no NAT cloaking , stable prefix assignment blocks for entire homes adds object permanence, etc.

more metadata = less privacy, simple as

also nat is an (unintended) security feature

>>107066888
i assume you're talking about source routing. so was IPv6 with RH0. it was billed as being helpful for routing but with options rejected at PE handoffs in early implementations it still didnt affect anything.

>>107059771
>default incoming firewall will serve the same function as NAT
midwit take

>>107069817
i fixed it but now i ave to figure out why my firewall logs are spamming