ANSWERED Opinions on Disabling IPv6

[S.O.A. 82]

Do you think you should disable Ipv6? Why or why not? 

[OpenSourcerer 1410]

Do you think you should disable 5 GHz WiFi?
Do you think you should disable LTE on your phone?
Do you think you should disable all USB-C ports?
That's the kind of question it is. The answer to all of them is another question: Why would you ever think about preferring older tech if you've got the option to use newer? And no, I don't want to hear arguments like "I disable 5G because of radiation" – the only thing irradiated is that thought, irradiated by some web page, probably served on a v4 IP address over an ADSL line (which, interestingly, emits more radiation and consumes more power than a Fiber line and associated infrastructure).

v4 is ossified and does not meet today's needs. It's a pain to maintain for people, organizations and everyone and everything in between. The only reason people still use and maintain it is purely out of conveniece. But that's humanity for you, I guess..

Now, let's analyze this, taking the aforementioned convenience into consideration specifically..

Disabling v6 won't do a thing to your connectivity. There are tiny, tiny freckles in the face of the whole internet talking v6 only, but if you disable v4, half of that face will be gone. If you leave both enabled, v6 will be preferred, but through Happy Eyeballs v4 will be tried and preferred itself if v6 was too slow. Doesn't really up the connectivity, it's just a temporary measure while we all transition to v6, but ooh, the convenience.. and also because there are ISPs in the world still assigning v4 only to their customers. Honestly, v6 is almost 30 years old itself and some parts of the world still treat it as the New Hot Shit™.

Talking configuration, OpenVPN's config options differ from those for v4 (--route != --route-ipv6, for example), so for some use cases you will find v4 easier to configure than v6. For Wireguard, I suppose it doesn't really matter since it was written in a time where v6 was actually in use (while OpenVPN was written when Tyrannosaurus Rex was still the apex predator, I believe. Small dino hacking away at a miniature keyboard at the foot of some volcano or the other; times were as wild as this imagined picture). v4's got the leg up here because four numbers up to 255 delimited by a dot are both easier to write and easier to memorize than eight freaking groups of four hexadecimals in each, so you are dependent on DNS more or less.. (as if you're not dependent on DNS with v4, though; care to test yourself? Just name all v4 addresses of, I don't know, YouTube. Oh, do I spot you nslookuping youtube.com? You've fallen into my trap.)

So, should you disable v6? No, you should not. You are effectively prolonging the life of v4 by this; a protocol which is finished, both in the literal (as in, finished being developed) and metaphorical (as in, End Of Life) way. If you are insistent on not using v6, pay attention to your config and simply route it via VPN as you would route v4. The OpenVPN v6 options might not have absolute parity with v4, but OpenVPN does route v6 just fine. Route them both. And if you've got v6, connect via v6 (barring the case of v6 availability but the Providers' Piss-Poor Performance® of it; then you are excused if you formally complain to your ISP. It's not even a joke: Complain about shabby v6 treatment of your service providers, to those service providers).

Thank you for reading my sermon. May the Elders of the Internet protect you. Or the Admins of the AirVPN, whichever is closer to your heart.

[Staff 9894]

On 9/21/2024 at 1:12 AM, S.O.A. said:

Do you think you should disable Ipv6? Why or why not? 

Hello!

The paramount IPv6 privacy problem, which was considered by many as a critical or fatal flaw compromising adoption and usage, has been resolved through privacy extensions:
https://www.internetsociety.org/resources/deploy360/2014/privacy-extensions-for-ipv6-slaac/

Nowadays, ten years after that article by The Internet Society and 17 (seventeen) years after RFC 4941 virtually all widespread systems have finally adopted the very much needed privacy extensions. However, one bad apple may compromise the whole local network. See for example this paper: https://arxiv.org/abs/2203.08946 where the authors show how a single device at home that encodes its MAC address into the IPv6 address can be utilized as a tracking identifier for the entire end-user prefix. Therefore, it is good practice to verify with care every and each device and making sure that their Operating Systems implement the privacy extensions.

Other than that, we can't see any serious hindrance to adopt IPv6 as far as it pertains to privacy. Furthermore, in AirVPN we picked an unorthodox approach, i.e. we implemented NAT66 with ULA, as it is one of those rare cases where it comes handy to strengthen the anonymity layer (a thoughtful analysis of the pros and cons of NAT in IPv6 can be found in the following article for example https://blogs.infoblox.com/ipv6-coe/you-thought-there-was-no-nat-for-ipv6-but-nat-still-exists/ while a pragmatic approach is here: https://blog.ipspace.net/2013/09/to-ula-or-not-to-ula-thats-question/).

Switching from privacy to security, probably an informed choice can start by reading this article, that also includes other precious sources, again by the Internet Society:
https://www.internetsociety.org/deploy360/ipv6/security/faq/

Kind regards