I don't know networking all that well. In my mind, I have 50 devices connected to my router behind NAT. My Mac, My Apple TV, my iPhone, My PC, My Linux Box, My partner's versions of all of those. My video games. Etc
From outside there's 1 IP address. With IPv6, every device would get it's own address outside. Why do I want that? That sounds less private to me. Am I mis-understanding something? Lots of traffic on one IP address sounds more obfuscated than all separate.
With IPv6, every device has multiple IP addresses. One or more addresses that are rotated* to prevent you from being tracked easily, and one that's derived from your device's MAC address so you can make your devices easily accessible from WAN by opening ports in your firewall if you want to.
You could disable the rotating addresses, or disable MAC-based ones by using DHCP, but there's usually no point.
As for why you would want something like that: a whole bunch of software and hardware breaks because of NAT. Consumer NAT has some monkey patching inside of it rewriting some protocols to make them work again (which also allowed random websites to open arbitrary ports to arbitrary addresses in some Linux routers a while back, because NAT overrules firewall settings to work) but there are still limitations.
For instance, if you're having issues with your Nintendo Switch, Nintendo will tell you to forward every single port to your Switch (https://en-americas-support.nintendo.com/app/answers/detail/..., hope that IP address doesn't get reassigned to an unpatched device later). Multiple Xbox consoles behind the same NAT requires tricking them into super-restricted-NAT mode to work, or enabling UPnP which allows devices to open ports in your firewall without any authentication.
NAT just kind of sucks. IPv6 wasn't ready for deployment when NAT gained popularity, but all of the reasonable problems have been solved over a decade ago.
*=default rotation happens daily, but your OS may allow you to pick a shorter duration. I've found out the hard way that setting this to five minutes will fill up Linux' route table real fast after a few days.
No, it doesn't. At least the last time I checked unless you go out of your way to implement a non-standard configuration IPv6 is a disaster for personal privacy for the typical multi-user household.
Then again, the "typical" multi-user household is likely logged in to most things via SSO with Google or Facebook and probably has approximately zero fingerprinting mitigations in use so perhaps it isn't worth worrying about?
If you aren't the typical household then given 2^64 addresses and a Linux box serving as a router you've got quite a few options available. Including various creative reinventions of NAT that don't break basic functionality.
> IPv6 is a disaster for personal privacy for the typical multi-user household
Why? With privacy extensions (which are normally enabled for user devices), then all someone can do is look at the prefix. This is identical to looking at the IPv4 address in a NAT setup, and it hasn't been that much of a privacy disaster.
> This is identical to looking at the IPv4 address in a NAT setup
It is not identical unless the OS uses a new IP for every new outbound connection. I believe that would qualify as a (very) nonstandard configuration.
> it hasn't been that much of a privacy disaster.
Indeed, it was tongue in cheek which is why I went on to point out SSO. The reality is most people aren't willing to sacrifice convenience to retain even a shred of privacy.
If you are one of the few who care then you can implement one of the many possible non-standard solutions.
Even disregarding fingerprinting, a single household doesn't have enough traffic from separate devices/users to the same servers to really matter from a privacy standpoint.
If my PC uses the same IP as my partner's to talk to Google, it hardly matters for our privacy if they mix up the attribution of traffic between the two of us.
Speak for yourself. I also don't want it to be readily apparent how many different devices I have, or when I'm using which one, or how many people are in the household, or when who is home.
Granted any service that I consistently interact with is likely to be able to figure out at least some of that information if they put in some effort. But I don't want to be freely providing a complete picture for zero effort.
Creepy data aggregator stories pop up on the HN front page regularly so hopefully I don't need to explain why I feel this way.
Yeah, I mean, I share those concerns in general, but my efforts are mostly centered around aggressive ad/tracker-blocking (moderate DNS-level blocking at the network level, more aggressive at the device level + browser-level blocking) and the avoidance of non-privacy-focused services, e.g. avoiding the popular social networks entirely, and using privacy-supporting pay-for services.
Using the same IP for all of my devices, for me, generally falls into the same bucket of anti-fingerprinting techniques that are used by the Tor Browser like letterboxed resolution that I don't find practical for general use. If I want to actually prevent fingerprinting by IP, resolution, etc. then I'll actually use the Tor Browser.
It depends what you're trying to defend against. The rotation hinders associating an address with a particular device. If someone looks at the network prefix to see if people are in the same household, then that's exactly the same as looking at the IPv4 address to determine the same thing.
> From outside there's 1 IP address. With IPv6, every device would get it's own address outside. Why do I want that? That sounds less private to me. Am I mis-understanding something? Lots of traffic on one IP address sounds more obfuscated than all separate.
Having recently enabled IPv6 for my home network, the "why" was that a) IPv6 to IPv6 connections are nominally more efficient than those that have to traverse NAT and b) it enables connectivity to/from IPv6-only internet devices.
The privacy upsides of a single IPv4 IP for a household are, to me, more marginal than the above benefits.
