Am I overly optimistic about ipv6?

It was eye opening to me when I first got a real firewall (pfSense, ca. 2014) and realized just how often I was being probed and how many random connection attempts there were.

I knew it was a possibility, but I didn’t realize how incessant it was. The log entries show a never ending stream of attempted attacks and port scans.

I wish I had that level of discipline.

The smart phones just make life so much easier.

I do the next best thing. Whenever I get a new phone, I go through every single setting in the settings menus and disable almost everything that can be disabled. It it says AI, Sync or cloud or anything like that (or sounds like it might be using code words to refer to that) it gets disabled.

Then I make it connect to my own VPN, one of the many VM’s (well, this one is actually an LXC container, but close enough) that run on my server. All traffic goes through my home network.

My home network then has a piHole instance (that runs in another LXC container on the server) with serious rule sets for blocking out as much nonsense as possible at the DNS level.

And then after that, all local network traffic exits via a trusted 3rd party VPN (Mullvad, as from what I can tell, they are the real deal and actually practice what they preach when it comes to privacy)

And if this breaks a site (or app) then so be it. I guess I’m just not using that site or app.

I use Firefox, but I have gone through every single setting to try to cut out as much of the spyware crap and abilities as possible. I also use mobile Firefox on my phone, instead of the built in garbage.

I know some stuff still slips by, and I hate that, but I hope that I am at least limiting it as much as I possibly can.

I also do my best to be as unattractive to advertisers as possible. When the random ad that I don’t succeed in blocking pops up, I usually play a game of “can I successfully avoid even noticing what this ad is for?” Often I am successful.

For the ads I do see, and know what they are for, I consider having seen them to be an insult with some brand trying to corrupt and influence me. I don’t keep an active boycott list (that would be a little much) but I do try to do casually give brands for which I see ads as little of my money as humanly possible.

It’s not that I am against advertising per se (though there are exceptions, as some ads can be manipulative) but I want to disincentivize them having any interest at all in my data. I want them to view me as a drain on their advertising budget rather than as an opportunity, with the hope that I get targeted less.

I do - however - realize that ad blocking harms content creators. I tend to try to make up for this through small regular sustaining donations via Patreon to my favorite sites, if they are set up that way.

It is my dream that some day we can use the big regulatory sledgehammer to completely ban any and all collection, transaction in (buying selling) or use for any purpose (including both monetization, and non profit driven use) of any user data what so ever. The user data should exist on a site or server for the sole purpose of directly serving the user it describes, and should be illegal to use for any other purpose.

In other words, sure Facebook. If Sally wants to share a picture with uncle jack, you can store that picture on your servers, but only for the purpose of serving it to uncle Jack. It may not be used, shared or analyzed in any other way than that is consistent with Sally’s intent of sharing it with Uncle Jack. And you are responsible for keeping it secure such that no one else can access it for any unintended (by Sally) purpose either.

And I suggest violators go to Federal - pound me in the ass - prison, not just some corporate slap on the wrists.

Big social media giants will survive. If profiled data-based ads are no longer an option, then there will be a return to contextual ads that are innocuous from a spying perspective. Other consumer goods companies that build in spying into their products, and the data brokers that facilitate this - however - will be hurt, and I don’t have a problem with that. They deserve anything and every bad that can possibly happen to them.

I’d even take it further.

I propose that any content a user posts online can only be used for the purpose that user reasonably intended.

If I post a forum post helping someone restore booting ability to their PC, then that is the reason it was posted. It was not posted so it can be analyzed by others, monetized somehow, or used to train AI. That kind of scraping or otherwise unintended (by me) use should be illegal. At least without my express written consent (and no, not in a EULA that is required for me to sign up for a forum. it has to be a separate thing, that I can opt into.)

I propose every single person who ever goes on the internet have a perpetual license to every single bit of data they produce while they are online.

Sure, traditional fair use exceptions are fine (newsworthy content, parody/comedy, etc.) but not for profit uses (except maybe market research if you are a business looking to make your product better and want to learn what people are saying) and absolutely not for training some faceless corporations for profit AI.

I absolutely resent that AI companies are training on the open internet. I even resent that Reddit thinks they have the right to sell access to their users content. No. That should be the call of each and every individual user. They should have to contact and request permission of each user individually if they want to use their posts for anything at all.

Sam Altman seems to think this would kill the AI race. Heck, he thinks it would kill the AI race if he can’t just steal whatever copyrighted content he desires. (That man is the living anti-christ)

And quite frankly, I’m fine with that. We don’t need it.

AI has some pretty cool applications, but most of those are in small, highly targeted models trained on special purpose datasets fully owned by the company that is doing the training. And that’s probably the way AI should remain.

If there is any justice what so ever in the world, these large everything AI language models should probably die all together. And I hope they do.

Indeed.

Though to be fair, since spying is so much a part of every single product out there these days, a rant about spying is pretty much on topic for almost every topic of conversation

People just don’t realize just how pervasive it is, and just how much data they are collecting.

At this point (and pretty much any point in the last decade) the assumption has to be that if any product is capable of collecting and selling some aspect of data about you, it is collecting and selling that data. No exceptions. For 15 years now startups have been turned down for funding from venture capital funds because they don’t collect and monetize enough data. You literally cannot launch an electronic consumer product in the last 10 years without collecting and selling whatever you can. or at least it isn’t easy.

More people are starting to get it. The whole GM electronic systems built into their cars by default collecting your driving habits and selling to LexisNexis (the data broker that auto insurers use) seems to have finally opened some eyes. But it is too little too late.

Just as the big tech corps intended through their sleazy half truths and lying by omission over the last almost 20 years people are waking up to this disaster at a point where it is anywhere between very hard and impossible to stop it.

I think we should burn it all down and start over. I don’t care about the consequences.

Yup I have a monitor devoted to watching my network security logs.

Easier for whom? heh Life is pretty F’d up without one. Everything is some “App” bull_hit. Health care here isn’t accessible without various things that also mean giving up your privacy. Cellphone, allowing Crazy Egg and Google access to your heath records traffic…it’s Fing insane.

Waterfox fan here. Or “Torfox” as I call it. I have it setup for anything local is LOCAL. Anything else goes through TOR. It can be a PITA at times but meh…if these Aholes want my data and such cut me a cheque heh. I’d say I see zero ads, which is true while on webpages but Youtube is a gotcha. Since YT has improved their slave labor campaign i.e. not paying people for their work they now add their own sponsor crap so technically I see ads. Plus 99% of tech stuff is just an ad…cough I mean “review.”

Ads p1ss me off for a number of reasons but at the core is I don’t need to be sucked into thinking I NEED something. Nor do I need to feel like I’m a pleb or loser because I can’t buy whatever nVidia is shoveling every year. Even firing up a game BLAM ad nags for BUY OUR DLC…how about you go fu yourself…Having said that all Steams china networks are blocked locally and it’s not allowed online but some games like Arma have that garbage baked in. Online/offline…don’t matter it will nag you about all the DLC you don’t own and you’re not a cool kid.

Does it though? I mean yeah, I get it but does US blocking hurt them when YT has found every trick under the sun to not pay out anyhow?

Dare to dream…

Having a license doesn’t mean anything unless you have the cash/means to back it up in court. Companies steal it anyhow because the fine is less than they make from the theft…and they don’t nor ever will have to contend with the “pound me in the ass prison.” This is comically why I took all my writing and music offline.

Don’t get me started on Ai…that will go way off target. However I love the idea…it would be nice to have a little Ai/Robot friend but at present Ai is beyond useless. I’ve done some playing and no matter how many GPU’s or big the model is it always fails to do anything I ask. To bring that back on topic though that’s all we need is a DMZ IPv6 device with Ai “snitching” and sending anything it can hear or find at the behest of it’s manufacture on our networks.

Back to my now people are stupid enough to pay to be the product bit it kills me when people PAY to have crap like Alexa or home automation crap built out by a 3rd party. The caveat on topic is at least with it being behind a NAT and various other things you have some power. While you could in theory do this with IPv6 it defeats the purpose of a lot of the “advertised features” and we’re back to what you said about just slap on a fifth index to the address and keep network structures the same.

IPv6 isn’t that bad, really… ::dead:beef is my local IP address on the same subnet as my local one and abc:deaf:beef:1::dead:beef is the full address of the machine. As long as I remember that abc:deaf:beef is my network, IPv6 is actually simpler than IPv4 as you don’t need to bother about CIDR and the network vs host portion.

However, IPv6 has the same flaw as IPv4, in that it assume static, non-moving hosts. And that is unfortunately not the case anymore, most computers are in your pocket or backpack, these days. Which means… IPv6 got obsolete before it even took off, for the most part. Though we’re still trying to shoehorn it in, because it’s the best we got dammit

Again though, dragged their feet almost thirty years. Plenty of time to make something sensible. I know there are some good things about IPv6 but 20+ years ago there was a lot of focus on pass through. Making networks simpler for the pleb but that meant anything connected needed its own security. Yeah because we can trust the vendors to keep supporting devices long term and such…This was a big redflag to me. It was like Oprah saying YOU GET A DMZ AND YOU GET A DMZ AND YOU GET A…GIGANTIC EXPLOIT! heh

I’d rather type 10.10.10.20 or 192.168.0.90 over abc:deaf:beef:1::dead:beef ;p Which kinda comes back to the fifth index. Why do you need 1234:1234:1234:1234:1234:1234 when you could have plenty via 123.123.123.123.123.

Back to the “good.” I do remember a lot of talks about window frames and various back end stuff to improve speeds and make things more efficient but again, it never came to be. Sure you can set up IPv6 at home and there are a few ISP who actually rolled it out…but this has only fractured the net. Again 20+ years ago there was talk of a bridging system so legacy networks could work with IPv6 but from my understanding that would screw up SSL. But when this was all being designed http was the norm and only your bank had https setup heh. So yeah, dead before it started.

That said though I should probably bow out because honestly I stopped paying attention. This is an ancient topic and once it was obvious it wasn’t happening I just stopped keeping up with the details. Which is why I joked why worry about something that isn’t going to happen. Resurrect me when IPv8 rolls out ;')

Yikes.

I used to like Waterfox, but I guess you missed the memo on that one.

It was once a fork of Firefox designed for privacy by true privacy enthusiasts but it was quietly sold to a data collection company years ago now. it has pretty much been considered to be spyware every since.

They claim to have broken ties with System1 since then, but no one actually believes them.

That is true, which is why the regulation needs to be stronger than a traditional copyright.

I don’t have a problem with AI in and of itself. I don’t mind AI serving me with some tasks (though it is going o take a long time for me to trust its output). What I do have a problem with is being treated as an information source to train other peoples for profit AI systems, and the way AI analysis is unlocking even more privacy violations by being a tool for analyzing the previously unmanageable heaps of data being collected on people.

…not to mention the surveillance state aspects of it all, where a combination of face recognition and other trails we leave behind (toll payments, financial transactions, etc. etc.) are analyzed by AI in order to remove what little privacy we have left.

AI needs serious regulation to make sure it is only used for positive things, and toes not steal data for training, and is not used for mass surveillance.

Yeah. I mean, yes, you can still construct a firewall to control what enters and exists your network in a 1:1 ipv6 world (if you couldn’t ipv6 would be unusable) but I just really don’t like the way they do it, and it does make it a little bit more difficult to control.

Same.

I keep thinking that some day I am going to be forced to figure out IPV6.

At some point, the servers I need to access out there are going to shut down their IPV4 gateways or something and if I want to continue to use the internet I am going to have to give in and enable ipv6 on my network.

But it keeps not happening, and as long as it keeps not happening, I am perfectly happy with my network and firewall rules the way I have them set up.

The closest I got was a colocation provider who offered me a discount if I could only use IPV6 addresses instead of IPV4. I thought about it for a day or so, but ultimately decided against it.

I keep IPV6 disabled on every device I own where this is possible. My router/firewall doesn’t even have IPV6 enabled, and I block all IPV6 tunneling as much as I am able, just so nothing leaks through and circumvents my rules. My primary motivation is simply, I haven’t given myself enough time to learn how to design a secure network around IPV6 yet, and until I do I am just going to have to lock things down so I don’t regret it.

When it becomes pressing, and there is a good reason for me to change, I guess I will be forced to figure it out, but until then I have other priorities to deal with.

Indeed I did & that is extra worrisome given Firefox isn’t trust worthy and Waterfox is the only fork that has decent UI features. I guess this falls back into the everything is on fire “This is fine.”

I don’t have an issue per-se either but its output is such garbage you spend more time going over it and correcting things than had you just done it yourself in the first place.

That is a scary day. It sounds lame to keep harping on the it’s 20+ years now but it is and I’m old. The idea of learning networking all over again isn’t on my “OOH GOODIE” list. I’m fed up enough with syntax and function depreciation from the crap I still maintain I don’t need networking on top of it.

That’s a small part of the PITA whole for sure. Different rules, different syntaxes and having to deal with both at the same time. So yeah I also make sure IPv6 is disabled. Plus there is the fact nothing uses it heh. My ISP said they’d roll it out…like 20 years ago…hmm funny I’m still on IPv4 hah.

Now if you will excuse me I have a few more switches on my keyboard to replace and smash my head into a wall for a while trying to figure out what browser to use. I hate LibreWolf, IceCat never builds reliably…w3m it is…Sigh

Are you Fing kidding me…error: failed retrieving file ‘librewolf-138.0.1-1-x86_64.pkg.tar.zst’ from ALL MIRRORS : The requested URL returned error: 404 /me Runs from room screaming.

Back…phew -bin in the aur…now to find that util on github that unsucks the FF UI.

I guess my take on Firefox is, it’s not perfect, and it is pretty bad under the box, but as long as you are willing to spend the time to exhaustively go through the settings and disable the stuff that is problematic, it can be pretty good.

Of course, you never know when they are going to spring another privacy compromising surprise on you in an update

Sometimes it feels like playing whack-a-mole.

Yeah and Mozilla recently has done some sketchy things that raise the question, who is worse. The ones that bought Waterfox or Mozilla?

Years ago I had an encrypted messaging system I was working on. I ultimately shuttered it due to some of Googles BS threatening to nuke some of the tools it used. At the time though I had about every functional browser known to man installed for testing as it was a web system. For a long time after that I continued to use most of them. With 12 screens it was easy to have a browser on each along with all the other stuff on each screen. I like Mercury (another Firefox fork) but some of the security baked in broke too much for me. Waterfox was always the stand out as it seemed to keep the UI to where it was manageable.

Mozilla IMO has trashed Firefox and aliened a decent portion of their users. Their god awful UI rework for unified touch interface BS turned it into a dumpy childs toy. I miss the old UI where you could put anything anywhere. The user actually had control. Now you can put things wherever they say…

The tabs look like buttons, waste tons of space. You can’t have the URL bar anywhere else anymore. They keep hiding things that allow you to control things. You’ve got to as you say dump time into digging through about:config and writing userchrome to make anything workable.

It is very much whackamole laced with benevolent benefactor waiting to rug pull something. Which goes back to the zombie IoT crap. “My heated blanket still works but it’s too old so they aren’t releasing updates for it anymore.” “WTF does a blanket need network connectivity for?” “Uh well see it measure ambient temperature and my body temperature and stores various values and times to automatically adjust to what it best for sleeping comfort based on ambient temps, time of year and what my body preferences are…” “UH so it can’t just do that locally? I mean still stupid but…”

I think you have that backwards…I’m not upset about it, I’d rather it never roll out…it’s trash…but hey troll gunna troll ;p

AI wants IPv6

Good lord sir you sure are salty.

I’m not trolling you, I was sympathizing with the multi-decade rollout of ipv6.

While I agree ipv4 is better/simpler, ipv6 is the only way I know of to compensate for the future of exponentially more devices. It can be private too so…

How long can we stall on ipv4. Prolly a LONG TIME.

It isn’t so bad really. Start glancing at it and give it time to sink in. As you say, there’s no hurry. IPv6 adoption is steadily increasing though; Google says currently ~45 % of all clients are IPv6 enabled.

apalrd has some great videos on IPv6 that let me take the step:

Also some interesting info about hardening DNS from a privacy standpoint in this one. The video starts out with a product overview; real content starts at 4:30.

Also he’s simplifying things a bit too much in his OPNsense IPv6 firewall rule example IMO. His example works if you have a static IPv6 prefix, but if you have a dynamic one you need to set up a Dynamic IPv6 Host Alias and use that as the Host Address so that the rule continues to work if/when your prefix changes.

This one is also worth watching IMO, especially if you use VLANs:

Still watching but security through obscurity

Well… This escalated quickly…

Personally, My key takeaways on the title subject so far are:

1.IPV6 doesn’t necessarily fix the static IP issue because an ISP doesn’t HAVE to issue you a static IPV6 address even though they COULD for basically free.

2.From a security standpoint it can be no better, MUCH worse, or maybe OK depending on implementation.
I’m seeing three broad ways to do it.
A. old tried and true router firewall with manually entered rules and forwarding. Just like the IPV4 stuff, so just as secure and inconvenient.
B. A direct device link to the internet with a device firewall. As secure as the device… AKA a F**king disaster waiting to happen.
C. A router firewall that can have rules changed temporarily by the device during initial setup.(think a WPS button, but for firewall and routing config.) A “more” secure option than B, but still a massive honeypot depending on how it’s implemented.

3.It does broadly solve the ISP NAT problem, As you would expect.

4.Implementation is VERY slow, so this whole thread is academic. Well, Kinda… I called my ISP tech support (only got too level two, unfortunately) and asked what the hold up was with IPV6 and basically was told while it has been around for a long time,It was only finalized in 2017, not quite yesterday in ISP terms but maybe a week or two. Also they said they are working on it and certain large commercial customers do use it, but the residential implementation isn’t a priority.

Also, it isn’t supported by the cell carriers at all, basically.

5.An IPV6 address is way too long to remember off hand so you probably need DNS registration anyway, certainly for public facing servers, for private stuff where you can just copy paste the the address out of your password manager or notepad, I don’t see it as a huge deal. Now if you can’t get a static and need DDNS for private stuff, than yeah, it’s pointless…

As for just using a VPN, I wholeheartedly agree for private stuff, but the VPN still needs to know the private servers IP address to connect… and making that easier is part of this exercise…

As for the other stuff, I’ll try to stay on topic…
Thanks for the feedback so far, the enthusiasm has been somewhat curbed depending on how it’s implemented…

Packets got to switch like packets do /// Why is ipv6 better outside ID a person or device ?

The HOLE in the BOTTum problem is DNS to ipv4 was running out of translating to an address. Thanks to NAT we still good for how long ? world has not ended yet.