> There’s no way in which IPv6 is less private than IPv4
With IPv4 behind CGNAT you share an address with hundreds of other users. This won't protect you against a targeted subpoena, but tracking companies typically don't have this kind of power, so they have to resort to other fingerprinting options.
On the other hand, an IPv6 address is effectively a unique, and somewhat persistent, tracking ID, 48/56/64-bit long (ISP dependent), concatenated with some random garbage. And of course every advertiser, every tracking company and their dog know which part is random garbage; you are not going to fool anyone by rotating it with privacy extensions.
CGNAT is nowhere near the common case yet. And frankly, I’m horrified that anyone’s describing it as a good thing. CGNAT is the devil, even if it accidentally has one not-terrible feature, and especially when ISPs realize that they can sell those NAT logs to companies who still want to track end users.
For tracking purposes, an IPv6 address is 48 bits long. That’s what identifies a customer premise router, exactly like a IPv4 /32 identifies one. The remaining 80 random bits might as well be treated like longer source port numbers: they identify one particular connection but aren’t persistent and can’t map back to a particular device behind that router afterward.
>CGNAT is nowhere near the common case yet. And frankly, I’m horrified that anyone’s describing it as a good thing.
For some reason, "CGNAT == privacy" is a very common sentiment on Hacker News. Yeah, Hacker News. It's bewildering, and after my last comment [0] talking about it, I have kinda already given up trying to convince people that CGNAT is devilish and not at all a privacy protector.
Without NAT my computer isn't on the internet, because my ISP only affords me one IP which my router uses. If it's not on the internet, and adversary can't send my computer any packets.
With NAT, an adversary can't send my computer any packets either unless I explicitly set up port mappings.
So, if you can't send my computer any packets, how is it not providing security?
Of course, it doesn't provide full security like a firewall can do, since there's ways to punch holes in the NAT from the inside. But it seems just as incorrect to fully dismiss "NAT == security".
NAT provides some functional security. It is not a replacement for a proper firewall.
My question with all of the lovely IoT devices that rely on that same mechanism is. Why would you even care about connection from outside? Shouldn't you also be secure against inside? Trusting on NAT alone is idiotic and foolish. If you want to protect a port do it properly in the first place. No excuses.
> Why would you even care about connection from outside?
Because if those nice IoT devices were reachable from the internet they could be compromised easily due to their likely shitty firmware with backdoors and hardcoded passwords.
> Trusting on NAT alone is idiotic and foolish.
Sure, but that's a far cry from saying NAT provides no security.
When I was on CGNAT, sure I shared an IP address with hundreds of others, but the specific ports I was assigned on that IP were deterministic, and you can be sure the advertising companies were taking advantage of that.
I guess this will just mean even more mandatory apps with hardware-backed backdoor crap like SafetyNet et al., in the hopeless witch hunt for emulators.
And of course, installing a custom ROM or otherwise degoogling will be considered criminal-like behavior not long from now.
Look at the payment card industry: the whole system is fundamentally broken by design and has zero meaningful privacy and security since its inception, yet it somehow survives, decade by decade, with more and more layers of bureaucratic band-aid.
> Look at the payment card industry: the whole system is fundamentally broken by design
Quite the contrary: The parts of it that are broken are broken due to industry inertia and backwards compatibility considerations.
Payment cards have had the capability for strong cardholder authentication both online (3DS) and at the POS (chip/EMV and PIN) for almost two decades now.
There just isn't political/regulatory will to enforce their use in the US, and nobody will move first without being forced (since it's game-theoretical/economic suicide to be the first mover). In the EU, both are now largely mandatory.
Although I went ahead and got a PIN for my US credit card after I had an issue, I don't know the last time I've had to use it in Europe. I do sometimes scrawl a not really signature now and then.
That still usually won't make it PIN-preferring. US credit cards request a signature by default; if you request a PIN, that's usually only ever used for cash advances, but not for payments, even in Europe.
In other words, it's effectively impossible to get a PIN-preferring, i.e. more secure, credit card in the US...
I wasn't clear. Right, you never use a PIN for a credit card payment in the US. You're sometimes required to "sign" but basically that can be an X these days if you like. Mine is an even lazier scrawl than my illegible signature.
My comment was that I have been asked to enter a PIN in Europe which is why I requested one. But I've never used it since.
You're covered for fraud by the credit card bank so, as a consumer, I don't really care about the level of security.
While crypto might not be the ideal solution, it's hard to not notice that modern AML/KYC banking laws are rapidly degrading into complete bullshit, and it is nice to have a workaround.
I've just read an article how Russian emigrants around the world (that's up to several million people, more than some European countries) are struggling with opening and maintaining bank accounts, and have to resort to all kinds of workarounds, crypto and Binance included.
You might not have any sympathy for them, especially in current circumstances, but they did nothing wrong, and won't cease to exist just because of your lack of sympathy.
Where I live now, there is a growing number of street currency exchange shops which will gladly and openly accept your USDT and hand over cash in either local currency or USD $100 bills; no documents ever asked, of course.
That kind of infrastructure did not exist a mere couple years ago.
You might think, why don't just ban it all, but, I'll say it again, the problem with this line of thinking is that if you, as the government, declare large enough numbers of mostly innocent people criminal or "undesirable", they won't magically vanish into thin air overnight;
to the contrary, you've just made life harder for your own law enforcement, as real criminals will now have a much larger crowd to blend in.
For many countries where it is difficult to legally buy or transfer USD at international market rates (either because of sanctions or capital controls), there is a thriving USD/USDT/BTC black market, involving, in extreme cases, the majority of population; see Argentina or Venezuela for example.
Labeling all of them as "criminals" achieves you nothing.
I have a Lithuanian friend (not even Russian, or Russian heritage) who has a same name as a sanctioned person in Russia. He has never been able to make an international wire transfer. Banks bounce his transaction back based on a name check.
While I'm definitely a "crypto skeptic", I think it's probably going to persist in this niche of "US-equivalent hawala banking for people who aren't allowed the stability of the US dollar".
People worried about US hyperinflation are nuts. People worried about Argentine hyperinflation have a reasonable point.
A big problem with everything is that digital money has no scale. It's reasonable to want to stop people transacting billions of dollars for Russian weapons and it's not reasonable to pursue every last Russian national. But in an electronic system "one" and "one billion" fit in the same field.
This comment was marked [dead] when I read it. I vouched it back into visibility. I wish people would respond with a comment if they disagree, rather than reporting it.
Meta-comment aside, there’s another population segment who suffer from overbearing AML/KYC regulations - homeless people. Many homeless people do not have any form of ID and hence cannot open a bank account. What option do they have? I would argue for low value accounts, say <$5000 annual transaction volume, AML/KYC enforcement should not be required. $5000 is such a small amount in the grand scheme of money laundering that the government should really focus on the bigger fish. Splitting your laundered money into many bank accounts would, or could, fall under existing structuring laws and would be easily detectable by any bank.
I haven’t even mentioned that in many countries, such as the US, you have absolutely no guaranteed right to banking access. Your access to banking can be shut off overnight by any one of the various middle men involved. Until these things are solved, and legal persons can be guaranteed access to banking then crypto is necessary.
I preferred to register a throwaway for obvious privacy reasons, immediately got shadowbanned, and while I refrained from posting the actual article link [1] that I mentioned, that did not really help.
1. Everyone should have access to banking, and a $5k nominal/year in most of the G7 economies[0] is small enough it shouldn't attract attention.
2. If you don't require proof of ID, you can't stop people signing up for as many small accounts as they want to.
3. Homeless people may not have any formal proof of ID (either because it's too expensive, or as a direct consequence of why they're homeless in the first place[1]).
You can try to get around #3 with biometrics. But even with AI assistance, the goal here is to prove a person isn't already on the system — which is much harder than merely showing they're the same person as on the ID card they have with them, for reasons which are basically a generalisation of the Birthday problem[2].
[0] one of the G7 is the EU, the worst of the EU is Bulgaria at €12400 GDP (nominal) per capita, Wikipedia reports that "More than a fifth of the labour force work for a minimum wage of $1.16 per hour.[203]" but that citation (which follows) is from 2012 and this is where I stopped going down the rabbit hole: https://web.archive.org/web/20121224023912/http://epp.eurost...
[1] off the top of my head: because they ran away from home as a minor and didn't take sufficient documentation with them; or because they had an untreated mental health problem; or because they're an unregistered migrant; or because they were born in the country but out of the system.
You’ve struck on an interesting problem in decentralized systems, Sybil attacks [0]. How do you prevent someone from registering multiple accounts and pretending to be multiple people? In Bitcoin, and other cryptos, the problem is ignored because it doesn’t matter at the address level since you have the same amount of bitcoin no matter how many addresses it’s split between. However, in other systems within the crypto-ecosystem it may be desirable to establish a 1:1 human:account ratio. This is exactly what Sam Altman was/is trying to solve with his WorldCoin thing which also uses biometrics (I’d personally not sign up for WorldCoin and advise against it for others). Largely it remains an unsolved problem AFAIK.
Jumping back to banking the homeless, I mentioned in the previous comment that if criminals tried to use these small accounts to launder money it should be relatively easily detectable by the banks. I would add that I don’t think it’s a problem if a given homeless person opens N of these accounts for small values of N since that would still be a small total cashflow volume. The main things I’m interested in with such a scheme would be allowing homeless people to have somewhere to store what little money they have without risk of having it robbed from them [1], allowing them to have a normal way to get paid from any job they might work, and allowing them to purchase things online (perhaps delivered to an Amazon locker or other pickup location). I’m not saying this idea is perfect, it certainly isn’t, but my point in the previous comment was that there are people who are underserved by the existing banking infrastructure.
1: They could authenticate with an account number or card and a PIN at an ATM. Here opening multiple accounts would be an advantage for the security conscious because they could open a duress account and put a fraction of their money in it to withdraw if they were ever forced to by a robber.
> This comment was marked [dead] when I read it. I vouched it back into visibility. I wish people would respond with a comment if they disagree, rather than reporting it.
Comments from brand new accounts (as in this case) are marked dead by default as a spam prevention measure, I believe.
I’m new to HN, could I check how does this report/vouching thing work?
If someone is new and their comments get reported (because people disagree? or must there be a violation of the site guidelines), then the comment would be marked as dead and thus hidden?
Who can vouch for these users then? Is there an upvote/downvote mechanism too that’s not visible to me because I’m a new user?
> it's hard to not notice that modern AML/KYC banking laws are rapidly degrading into complete bullshit
They were always bullshit from day one. AML/KYC is literally the financial arm of warrantless global mass surveillance. To me it's comical when I see HN defending unlimited strong cryptography and yet drawing the line at untraceable financial transactions. They are one and the same.
There is a difference between "evil" and "ineffective", and while I agree with the more controversial "evil" part, my point was to emphasize the "ineffective" part of it.
I won't go into further details even under anonymous account, but I have some first-hand experience dealing with compliance from various financial institutions, I have a general idea of what they ask, what they do NOT ask, and all of this feels much like IP address logging or so-called "chain analysis": it may work against unprepared people (mostly those who "have nothing to hide"), but is almost trivially bypassable by any semi-motivated attacker.
Mostly it's because incentives are completely off. These people are not the police; their top priority is to cover their asses with enough paperwork, not actively engage in yet another anti-whatever crusade.
> AML/KYC banking laws are rapidly degrading into complete bullshit
It did not. That was their purpose all along but it's nicer to say we are implementing AML instead of we are sanctioning these guys or we are restricting outflows.
Crypto did not boom because it is mathematically revolutionary (it is, but most people don't really understand it). It boomed because there is a market for it.
The only reason it got big enough to be boom-eligible was that geeks, nerds, and cypherpunks (in particular) understood how mathematically revolutionary it was.
With IPv4 behind CGNAT you share an address with hundreds of other users. This won't protect you against a targeted subpoena, but tracking companies typically don't have this kind of power, so they have to resort to other fingerprinting options.
On the other hand, an IPv6 address is effectively a unique, and somewhat persistent, tracking ID, 48/56/64-bit long (ISP dependent), concatenated with some random garbage. And of course every advertiser, every tracking company and their dog know which part is random garbage; you are not going to fool anyone by rotating it with privacy extensions.