On Mon, 2010-12-06 at 20:55 -0500, Bob McConnell wrote:
David wrote:
Folks I have been following the IPV6 comments. What concerns me with the loss of NAT are the following issues 3) When I connect my IPV6 refrigerator with its automatic inventory system tracking every RFID-enabled carrot I use, won't I be making my shopping habits visible to all those annoying advertisers? Or, in other words, am I compromising my privacy? Actually, although such dissemination of information can be blocked by a correctly designed firewall, I suspect the "Free IPv6 DSL Modem and Router, Sponsored by <your-favorite-commercial-site>" that comes with your ISP contract, would err on the side of promiscuity.
Why yes, yes you are giving up some of your privacy. And unless you have the time and are willing and able to learn how to configure firewalls for each device and application you use, or have the money to pay someone else you trust to do it for you, there is very little to protect you from the rest of the world. I just finished reviewing my firewall logs for last week. There are 127MiB with ipmon reports of rejected connection attempts. That's actually on the low side for any seven day period. I have some weeks that are half again that much. Somebody out there is pounding on that firewall pretty hard, trying to break in. I'm certain they don't have my best interests at heart. Most of the ports attacked are linked to well known services and worms on one particular OS, which I don't happen to have running on my network. But this log tells me that it is important to make it as difficult as possible for whomever is knocking on the door. I don't see that IPv6 helps improve that protection. In fact, it appears to eliminate some of the protection I have now.
It does *NOT* help with that situation; nobody credible says it does.
It also does *NOT* "eliminate some of the protection I have now".
You apparently *believe* that NAT is about "protection" You are wrong.
NAT [at best, and not really] adds obfuscation to the source / destination. Obfuscation is not security.