> My ISP can quickly deanonymize me, but at this point in time they don't unless they get a government request
http://www.bbc.co.uk/news/technology-16721338 - something I remember from recent-ish history. That data is, of course, still passed to O2's partner organisations (which don't seem to actually be listed anywhere), and you have no control over it.
> I find it disingenuous that you completely dismiss the societal cost (privacy)
I don't. I think there's other, significantly better solutions for it. I don't think NAT provides reasonable privacy in and of itself.
> the engineering costs
In practice, the fact that it's been spread out over 20 years so far is because that's how long it takes to get round to replacing an entire nation-wide deployment of carrier-grade infrastructure at all unless there's other reasons to do so. Smaller/regional ISPs have been on IPv6 for years now, partially because buying enough IPv4 space would be prohibitively expensive and partially because there's no reason not to. The technical details of IPv6 support were resolved in pretty much all networking kit a long, long time ago - it's a marginal cost at this point. The rest of it is primarily planning, testing, and replacing ancient consumer routers.
> the ONLY case that has been made is "we're running out of IPv4" which is not wrong, but far from dire as I can still get 100 IPv4 addresses for $50, which is the same price I've paid for it 10 years ago
And yet I can't get a real IP address for most of the things I'd like to. My ISP tries its hardest not to sell IPv4 addresses to anyone (it can't buy them quickly enough, and buying them is a huge resource drain - they lose money on every address sold, which is then made back up in subscription costs), let alone "home" users. On the other hand, it literally gives out static IPv6 ranges if you ask nicely.
> That data is, of course, still passed to O2's partner organisations (which don't seem to actually be listed anywhere), and you have no control over it.
Verizon was also doing this for mobile customers in the US, perhaps still do. I vote with my wallet against these ISPs. You did have some control over it, for example, by using HTTPS. But IPv6 prefixes are so plentiful, that they are assigned one-per-customer which makes correlating logs incredibly trivial; Even things like this O2/Verizon still required some per-ISP effort; no such thing with IPv6; no need to inject headers. The prefix is your undeletable cookie.
> I don't. I think there's other, significantly better solutions for it. I don't think NAT provides reasonable privacy in and of itself.
It's not the NAT that affords privacy - it's the size of the address space which does have enough IP addresses, but not so many that an ISP can avoid reassigning them.
The NAT only affords as much privacy as suffix randomization (as has been noted in this thread), which is "very little" to "not at all".
What are those other "significantly better" solutions you are aware of ? I've been looking for them, and found none.
> And yet I can't get a real IP address for most of the things I'd like to.
Likely because you are on a residential ISP and it's not their business (my ISP will gladly sell me one if I switch to the "business class" service, which is exactly the same except it costs about twice as much; I'd pay more to NOT have a fixed IP address).
Get an Amazon free tier and tunnel through it. Or pay $2 for a lowly VPS to tunnel through.
I don't think your wish to experiment is somehow more important than my wish for privacy. Neither of us get to actually vote (except with our wallet), though.
> It's not the NAT that affords privacy - it's the size of the address space which does have enough IP addresses, but not so many that an ISP can avoid reassigning them.
Again, we live in a world where CGNAT is a thing. My own ISP puts all IPv4 connections through CGNAT by default unless you explicitly opt out. Many smaller ISPs do the same - one of the new gigabit broadband services in my country will not allocate IPv4 addresses to customers, instead going for CGNAT and requiring an additional payment of £5 a month for an IPv4 address.
Mobile ISPs all implement CGNAT on IPv4 at this point - if they attempted to buy enough address space for every active mobile phone to have an IP, there'd be a serious problem.
Every single user on each of these networks does not have a routable IPv4 address. You cannot make a direct connection to these devices. IPv6 solves that problem.
> What are those other "significantly better" solutions you are aware of?
Tor. Future protocols should integrate HORNET or similar. If you really want a NAT without onion routing, use a VPN that'll do it.
> Likely because you are on a residential ISP
That's literally the point here. There's a differentiation between a "residential ISP" which can only ever consume and never participate as an equal part of the network, and a "business ISP" which is significantly more expensive because it comes with an SLA that I don't need or want.
IPv6 allows me to be an equal part of the network at the same cost as my current broadband service. I can run a website off my raspberry pi without paying anyone a penny. I can SSH/remote desktop into my home machine without having to create a "jump server". I can participate in peer-to-peer networks without depending on the hope that some other people on the network have machines that I can directly connect to, so that nobody else has to directly connect to me.
Ok, just to clear up the confusion (because not all posts in this thread use the same terminology):
Home NAT, which is equivalent to suffix randomization, does NOT afford any privacy.
Carrier Grade NAT, which would be equivalent to prefix randomization (if such a thing existed) DOES afford some privacy, provided that care is taken not to leak other data (through cookies, browser fingerprinting, stylometrics, etc).
I am not currently at home behind a CGNAT, because my ISP is apparently IPv4 rich, but they are planning to switch at some point. I am behind a CGNAT on my mobile. I have no problem doing peer to peer on either using a STUN server I run on a $2 VPS that comes with an IPV4 address. I also tunnel ssh to my home through it when I want to.
The same ISP, if I request an IPv6, will give me the prefix it assigned to me the day I signed up. That's how they roll (They actually play it as a feature - "you pay for a fixed IPv4, but you get a fixed IPv6 for free! without even asking!")
IPv6 allows you to play "equal part" - it's routable, yes, but if everyone was equal we would have mob rule by DDoS attacks way worse than we do now (perhaps everyone is equal and we will have them .... if that's the case, it will stop being the case after a few high profile attacks as such).
Also, 99.9% of the people do not know how to secure their networks or devices. If everything was routable, as you seem to desire, I think we'd be worse off. As it is, the local home NATs provide a bit of security (which no one would have designed - we got lucky they were there because of address scarcity) and the CGNATs/random V4 assignment provide a bit of privacy (which got lip service, but would not have been as effective if not for address scarcity).
My threat model includes "$company can track my whereabouts online regardless of what I do about it". Your threat model seems to be "I can't route to my server without another hop". It's not that one is valid and on is invalid - it's just that they are incompatible with each other.
> "Because the default wi-fi password formats are known, it's not difficult to crack them," said Mr Munro.
> Once an attacker has access to your wi-fi network, they can seek out further vulnerabilities.
I'm well aware of it, but that just means all those amazing peer to peer protocols[0] that are waiting to be implemented were hyperbole, doesn't it? You know, "default deny" and stuff. Oh sure, there will be a protocol, probably called "Universal hole-Punch aNd-get Pwned" or some acronym thereof, to relax that "default deny".
http://www.bbc.co.uk/news/technology-16721338 - something I remember from recent-ish history. That data is, of course, still passed to O2's partner organisations (which don't seem to actually be listed anywhere), and you have no control over it.
> I find it disingenuous that you completely dismiss the societal cost (privacy)
I don't. I think there's other, significantly better solutions for it. I don't think NAT provides reasonable privacy in and of itself.
> the engineering costs
In practice, the fact that it's been spread out over 20 years so far is because that's how long it takes to get round to replacing an entire nation-wide deployment of carrier-grade infrastructure at all unless there's other reasons to do so. Smaller/regional ISPs have been on IPv6 for years now, partially because buying enough IPv4 space would be prohibitively expensive and partially because there's no reason not to. The technical details of IPv6 support were resolved in pretty much all networking kit a long, long time ago - it's a marginal cost at this point. The rest of it is primarily planning, testing, and replacing ancient consumer routers.
> the ONLY case that has been made is "we're running out of IPv4" which is not wrong, but far from dire as I can still get 100 IPv4 addresses for $50, which is the same price I've paid for it 10 years ago
And yet I can't get a real IP address for most of the things I'd like to. My ISP tries its hardest not to sell IPv4 addresses to anyone (it can't buy them quickly enough, and buying them is a huge resource drain - they lose money on every address sold, which is then made back up in subscription costs), let alone "home" users. On the other hand, it literally gives out static IPv6 ranges if you ask nicely.