Comment by anonym29
3 days ago
Thank you for the thoughtful response.
To be fair about fingerprinting, there's no such thing as "bulletproof", but I do have a pretty robust setup. DNS level ad and tracker blocking, browser extension level ad and tracker blocking, LibreWolf's extensive anti-fingerprinting measures, kernel-level measures like kloak, I block all third party JS by default, etc. My goal isn't to become invisible and untraceable to nation states (which is essentially impossible when 90%+ of all global ISPs can and do sell netflow metadata, enabling timing and packet size correlation even across multiple hops, even with background traffic forgery / traffic pattern obfuscation), but rather to frustrate lower-level tracking efforts, and mostly to reduce attack surface for security reasons, and to reduce the total amount of information I'm sending to adversaries, even if it technically increases uniqueness. For instance, WebGL, JS JIT, WASM, WebRTC, and even SVG rendering are similarly disabled by default on my browsers, and I may very selectively enable them on a case-by-case basis depending on how important I feel the web property I'm trying to access actually is. I'll spoof my UA, my screen dimensions, and use residential SOCKS5 proxies, one by one, to identify which fingerprinting measures are being used to block me with YouTube, for instance, without enabling JIT compilation or SVG rendering. This approach absolutely does make me more distinctly identifiable (less anonymous), but doesn't necessarily make me less private, nor less secure, if e.g. ad network JS never even runs on my box in the first place. Security is the base of the pyramid, it is the prerequisite for privacy, but doesn't guarantee it. Privacy is the middle layer, it is the prerequisite for anonymity, but doesn't guarantee it. I'm aggressively climbing that pyramid where I can while accepting some tradeoffs where the net benefit is positive to me. I don't think of any of these - security, privacy, or anonymity - as binary properties, but rather a unified journey I am on to enhance gradually and iteratively over time. Switching to IPv6 would greatly complicate and regress my path through much of the journey I've already completed.
If I could leave you with a couple questions: What tangible benefits have you reaped from IPv6 that simply weren't possible on IPv4? Has the ROI for you on going dual stack outweighed the costs on your time, attention, and configuration work required for securely handling edge cases, dealing with weird or unexpected routing issues, for straying from the happy path?
> What tangible benefits have you reaped from IPv6 that simply weren't possible on IPv4?
Personal networks: Globally unique addressing. That then lends itself to not needing any kind of split DNS for services, or worrying about addressing clashes with whatever LAN I happen to be on with my own network.
Work networks: Increased revenues.
> Has the ROI for you on going dual stack outweighed the costs on your time, attention, and configuration work required for securely handling edge cases, dealing with weird or unexpected routing issues, for straying from the happy path?
Personal networks: Absolutely not. I removed the dual stacks and went back to IPv4 only everywhere.
Work networks: That's a question for the bean counters.