Niels Dettenbach wrote: > > Martin Rex: >> >> IPv6 privacy addresses are security theater when the network prefix >> is constant and the number of users sharing the prefix is tiny. > ...ahh, > which is 'not' the case with (much) shorter IPv4 network prefixes and (much) > smaller address pools?!... Correct. AFAIK, to change an IPv6 network prefix in a "fully transparent" home network, you would have to renumber every machine&device on that network. So for a DSL subscriber, the network prefix is the size of that subscriber household, which often is a family or just one single person. With NAT and a regularly reassigned randomly chosen IPv4-Address on the WAN interface of your home gateway, you not only get rid of the entire renumbering crap for the inside of your (home) network, but you also get blended with many other subscribers of the same ISP in the perception of everyone else on the internet other than your ISP. I've just glanced over the IPv4 addresses assigned over the past 4 days. The "lowest" IP address was a.b.4.x The "highest" IP address was a.b.118.x and the other addresses look fairly well distributed between these. Looking at the past ~50 addresses, I see 3 addresses twice, the other addresses are unique. Absolute anonymity doesn't exist. In the real world, anonymity means always some form of "blending in a group". And the larger that group, the better. Randomly dynamic DHCP-assigned IPv4 addresses do not _provide_ anonymity, but static IPv6 network prefixes completely preclude anonymity, and therefore completely preclude privacy when the groups size is ~10 or less, or in the extreme, just a single subscriber/customer. To get a decent level of privacy, you really want to blend with 1000+ plus other ISP customers, preferably 10000+ or more. -Martin