One man's "meaningful information" is another mans "privacy leak." If I visit foobar.com and they can find out from my ipv6 address what make and model of motherboard I am running, is that really a good thing? There is a reason why MAC addresses were not included in ipv4.
The ipv6 designers seem to have hated the idea of network address translation (NAT). But a lot of people have come to depend on it for security. For example, with ipv4 my wireless router only exposes one IP address to the world, no matter how many devices are behind it. But with ipv6 in its default mode, all the devices are exposed. So if I visit evildude.com on my laptop, they will know my ipv6 address. This will then map back directly to the device (no NAT), and they can port scan me and try to do bad things to any ports I have open. You can fix this with firewalls or just with NAT, but you lose a lot of the supposed benefits of ipv6 by doing so.
I think there's a strong argument to be made that point-to-point communication is more useful for evil than for good. Most of the time when you're doing something legitimate you don't mind going through a gateway. For example, I don't need to talk to my bank's backend servers directly... I can just use their public IP address and let their load-balancer send me to some open server. But if I'm a hacker, maybe I want to target something deep inside the internal network, and ipv6 makes that easier.
> I think there's a strong argument to be made that point-to-point communication is more useful for evil than for good.
It's not true in meatspace. It's also not true in cyberspace.
> ...they can port scan me and try to do bad things to any ports I have open.
It's software that's behind those ports, and software that's the target of attack. :)
> For example, I don't need to talk to my bank's backend servers directly... I can just use their public IP address and let their load-balancer send me to some open server. But if I'm a hacker, maybe I want to target something deep inside the internal network, and ipv6 makes that easier.
...IPv6 still supports stateful and stateless firewalls. Those haven't gone away, yanno? What's more, ULA space exists for a couple of reasons. If you really want to give something a non-publically-routable IP address, creating a ULA prefix and going to town is the preferred way of doing this.
Can we please kill off this old, tired fallacy that NAT provides security? NAT is not the firewall, and nobody has ever suggest removing firewalls from home routers.
> all the devices are exposed
Please tell us which shipping IPlv6 home routers with the firewall disabled, so we can avoid their terrible products.
> So if I visit evildude.com on my laptop, they will know my ipv6 address
You must be really annoyed that you have to give Amazon a valid shipping address when you want them to ship you something. When you want to ask a remote computer to send you some data, you are going to have to tell them where to send it. If you don't want that to be your local address, use some sort of proxy (e.g. Tor).
> (no NAT), and they can port scan me
Again, stop conflating NAT with the firewall. They are totally separate features. If you only have a NAT and not firewall, you can still be port scanned if the router uses static NAT, and sometimes you can source-route packets addressed to an internal address, which most NAT-without-firewall routers will happily route to the internal network.... because you left out the part that filters packets.
Why bother? IPv4 NAT "works" right now, right? So there should be no harm in using it even if NAT provides no actual security benefits? While that's a popular belief, it isn't actually true. NAT has been and continues to be incredibly damaging to not only network-software, but also damages our freedom.
When considering how technology affects the freedom and security of the people that use it, getting rid of NAT is probably right next to "encrypt everything" as the most important change we need to make to the internet (we should have done it a decade ago). We are missing a huge amount of software that wasn't even started because you have to assume everybody on IPv4 is using a "party-line" that cannot accept incoming calls. Over two decades of network software was left unwritten.
Instead software was forced to rely on central servers with real IPv4 addresses. You see to have a lot of concerns about privacy - which is good - but advocating for an IPv6 version of NAT is the same as arguing that services should remain centralized. You are arguing that we should remove the most important feature of IP networking: that any network address can be a server, giving everybody the ability to publish without needing permission[1] from a central authority.
Unfortunately, this is an uphill fight, because far too much of the tech industry is currently finding the role of "central authority" to be very profitable[2], and so we have a lot of people that see NAT's limitations as a good thing.
The ipv6 designers seem to have hated the idea of network address translation (NAT). But a lot of people have come to depend on it for security. For example, with ipv4 my wireless router only exposes one IP address to the world, no matter how many devices are behind it. But with ipv6 in its default mode, all the devices are exposed. So if I visit evildude.com on my laptop, they will know my ipv6 address. This will then map back directly to the device (no NAT), and they can port scan me and try to do bad things to any ports I have open. You can fix this with firewalls or just with NAT, but you lose a lot of the supposed benefits of ipv6 by doing so.
I think there's a strong argument to be made that point-to-point communication is more useful for evil than for good. Most of the time when you're doing something legitimate you don't mind going through a gateway. For example, I don't need to talk to my bank's backend servers directly... I can just use their public IP address and let their load-balancer send me to some open server. But if I'm a hacker, maybe I want to target something deep inside the internal network, and ipv6 makes that easier.