← Back to context

Comment by orangeboats

2 years ago

If you think privacy can be achieved using CGNAT and not services like Tor or VPNs... then good luck.

I will be blunt: Long term, IPv4 and any technology that extends the lifetime of IPv4 will actually result in the death of online privacy.

4 comments

orangeboats

Reply
beagle3  2 years ago

I do a lot to preserve my privacy.

The CGNAT makes it impossible for random websites to correlate my actions among them - which is something they try to do while profiling me. It is, as you point out, useless against state actors and similarly funded-and-legally-equipped bodies; For those, you indeed need Tor and VPN and likely that's not enough even then.

But I care about the civilian "spies" following me; like Facebook, Google, Microsoft, and friends. I use as little of their services as possible, with add blockers, a restrictive JS policy, ultra restrictive cookie policy, etc. It's unlikely any of them can correlate me with the other (or with myself from yesterday, for many uses). Giving me an externally imposed unique identifier (and a /64 prefix is just that, regardless of randomizing the remaining bits) makes it trivial for them and impossible for me -- unless I do all my browsing through Tor or something like that.

For the record, I have no proper FB or G account, but cannot avoid Whatsapp and an occasional Google product.

> I will be blunt: Long term, IPv4 and any technology that extends the lifetime of IPv4 will actually result in the death of online privacy.

Can you explain why you believe that? To me it sounds like baseless scaremongering.

  • orangeboats  2 years ago

    >Can you explain why you believe that? To me it sounds like baseless scaremongering.

    One word: centralization.

    As we have seen throughout the years, all means of IPv4 lifetime extension have involved the introduction of state, which is bound to a central node. The HTTP/1.1 Host request header allowed the existence of reverse proxies, the invent of NAT allowed routers to no longer be "just" a dumb packet forwarder. Both technologies are involved in state tracking.

    NATs also destroyed the possibility for any two nodes on the Internet to communicate with each other directly, unless workarounds like port forwarding are used. This means that all messages on the Internet must go through a central server, where there can be malicious actors sniffing your traffic. Remember Mark Zuckerberg's infamous "they trust me"? [0]

    But it was still somewhat managable during the early 21st century, when free IPv4 addresses were available. Most people had only one layer of NAT (in their routers) which they owned and controlled back then, so P2P were still mostly doable, and services like Skype relied on that. Life went on.

    Fast forward to the 2010s, we ran out of IPv4 addresses. CGNATs were starting to be widely deployed so even port forwarding had become impossible. P2P communications ceased to work. Virtual hosting were now ubiquitous. TURN was invented, which of course increased more centralization. [1] Since central servers have to carry even more traffic now (back then they merely mediated the communication between two nodes behind NAT, now they have to relay the entire traffic), it had become more costly to host web services, increasing the barrier to entry.

    In the 2020s, people can no longer host servers inside their homes, many have come to rely on centralized technologies or services e.g. VPSes for that purpose. By now, we have mostly given up on peer-to-peer, and moved onto "federation" where we have a web of central servers that clients can connect to -- in the end though, a central server is still a central server that you have to implicitly trust, and some admins of the Fediverse had been discovered performing suspicious activities.

    Perhaps I worded my thoughts too strongly in my previous comment, but the trend of centralization is there and continuing. Your own comment has alluded to that fact. Time has shown repeatedly that privacy never fares well under centralization.

    The thing is, the Internet as a whole doesn't have to go down this route, had we simply moved onto IPv6 and restored end-to-end communication. Then P2P is possible again. [2] It's IPv4 and its lack of address space that created an environment where people expect there to be a central node. It's just the natural consequence of the statefulness of IPv4-extending technologies like NAT and CGNAT.

    Oh well, CGNAT preserves privacy, so they say.

    [0]: https://en.wikiquote.org/wiki/Mark_Zuckerberg

    [1]: https://en.wikipedia.org/wiki/Traversal_Using_Relays_around_...

    [2]: https://github.com/realrasengan/dwebchat

    • beagle3  2 years ago

      Thank you for the elaboration.

      I disagree it’s the limited IPv4 address space that promotes centralization, which seems to be the essence of your thesis.

      Incumbents and laziness promote centralization. First, people stopped hosting email because gmail (and friends) were free. Now, it’s become hard regardless of whether you own a pristine IPv4 or not - because msft+goog+amzn+etc make it hard, and effectively own email.

      I don’t see how the IPv4/CGNAT/IPv6 thing is related. To be decentralized, we need thousands of directly addressable nodes (which IPv4 even today easily and cheaply provides), not that every single node be addressable.

      We might just agree to disagree.

      1 reply →