Leaderboard

Hello! The paramount IPv6 privacy problem, which was considered by many as a critical or fatal flaw compromising adoption and usage, has been resolved through privacy extensions: https://www.internetsociety.org/resources/deploy360/2014/privacy-extensions-for-ipv6-slaac/ Nowadays, ten years after that article by The Internet Society and 17 (seventeen) years after RFC 4941 virtually all widespread systems have finally adopted the very much needed privacy extensions. However, one bad apple may compromise the whole local network. See for example this paper: https://arxiv.org/abs/2203.08946 where the authors show how a single device at home that encodes its MAC address into the IPv6 address can be utilized as a tracking identifier for the entire end-user prefix. Therefore, it is good practice to verify with care every and each device and making sure that their Operating Systems implement the privacy extensions. Other than that, we can't see any serious hindrance to adopt IPv6 as far as it pertains to privacy. Furthermore, in AirVPN we picked an unorthodox approach, i.e. we implemented NAT66 with ULA, as it is one of those rare cases where it comes handy to strengthen the anonymity layer (a thoughtful analysis of the pros and cons of NAT in IPv6 can be found in the following article for example https://blogs.infoblox.com/ipv6-coe/you-thought-there-was-no-nat-for-ipv6-but-nat-still-exists/ while a pragmatic approach is here: https://blog.ipspace.net/2013/09/to-ula-or-not-to-ula-thats-question/). Switching from privacy to security, probably an informed choice can start by reading this article, that also includes other precious sources, again by the Internet Society: https://www.internetsociety.org/deploy360/ipv6/security/faq/ Kind regards

Have just put a post on the Ubiquity forums if anyone else is running into simlar issues... https://community.ui.com/questions/AirVPN-Wireguard-Timeout-Issues-UDM-SE/cabd29e4-675d-4de4-b9ff-5d6e216afc8e

Do you think you should disable 5 GHz WiFi? Do you think you should disable LTE on your phone? Do you think you should disable all USB-C ports? That's the kind of question it is. The answer to all of them is another question: Why would you ever think about preferring older tech if you've got the option to use newer? And no, I don't want to hear arguments like "I disable 5G because of radiation" – the only thing irradiated is that thought, irradiated by some web page, probably served on a v4 IP address over an ADSL line (which, interestingly, emits more radiation and consumes more power than a Fiber line and associated infrastructure). v4 is ossified and does not meet today's needs. It's a pain to maintain for people, organizations and everyone and everything in between. The only reason people still use and maintain it is purely out of conveniece. But that's humanity for you, I guess.. Now, let's analyze this, taking the aforementioned convenience into consideration specifically.. Disabling v6 won't do a thing to your connectivity. There are tiny, tiny freckles in the face of the whole internet talking v6 only, but if you disable v4, half of that face will be gone. If you leave both enabled, v6 will be preferred, but through Happy Eyeballs v4 will be tried and preferred itself if v6 was too slow. Doesn't really up the connectivity, it's just a temporary measure while we all transition to v6, but ooh, the convenience.. and also because there are ISPs in the world still assigning v4 only to their customers. Honestly, v6 is almost 30 years old itself and some parts of the world still treat it as the New Hot Shit™. Talking configuration, OpenVPN's config options differ from those for v4 (--route != --route-ipv6, for example), so for some use cases you will find v4 easier to configure than v6. For Wireguard, I suppose it doesn't really matter since it was written in a time where v6 was actually in use (while OpenVPN was written when Tyrannosaurus Rex was still the apex predator, I believe. Small dino hacking away at a miniature keyboard at the foot of some volcano or the other; times were as wild as this imagined picture). v4's got the leg up here because four numbers up to 255 delimited by a dot are both easier to write and easier to memorize than eight freaking groups of four hexadecimals in each, so you are dependent on DNS more or less.. (as if you're not dependent on DNS with v4, though; care to test yourself? Just name all v4 addresses of, I don't know, YouTube. Oh, do I spot you nslookuping youtube.com? You've fallen into my trap.) So, should you disable v6? No, you should not. You are effectively prolonging the life of v4 by this; a protocol which is finished, both in the literal (as in, finished being developed) and metaphorical (as in, End Of Life) way. If you are insistent on not using v6, pay attention to your config and simply route it via VPN as you would route v4. The OpenVPN v6 options might not have absolute parity with v4, but OpenVPN does route v6 just fine. Route them both. And if you've got v6, connect via v6 (barring the case of v6 availability but the Providers' Piss-Poor Performance® of it; then you are excused if you formally complain to your ISP. It's not even a joke: Complain about shabby v6 treatment of your service providers, to those service providers). Thank you for reading my sermon. May the Elders of the Internet protect you. Or the Admins of the AirVPN, whichever is closer to your heart.

How are we coming to this question? Nothing is 100% safe, not even Tor. But using a VPN, and while connected using Tor, makes usage safer. So don't ask this like it can only be black or white: Internet usage is always grey, but with VPN + Tor it gains some shades of white (as in safe). But it will always have a certain grey influence.

Name: Multi ultimate Description: Ultimate Sweeper - Strictly cleans the Internet and protects your privacy! Blocks Ads, Affiliate, Tracking (+Referral), Metrics, Telemetry, Phishing, Malware, Scam, Free Hoster, Fake, Coins and other "Crap". License : MIT license A raw URL which our system can fetch from periodically in order to build the list: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/ultimate.txt You can find more of his List [Even some that dont block so hard here: https://github.com/hagezi/dns-blocklists#ultimate

Any plans for the future? It’s a useful feature, I’m surprised it hasn’t been implemented yet. 🤔

True, neither more or less comprehensive lists are objecively better. But having *the option* to use a more comprehensive or more aggressive list (or less aggressive/more conservative list) is objectively good. When it comes to blocklists there is no objective best option, Its about finding the list that works best for your context and your priorities (e.g. for network wide blocking or multi-user contexts a more conservative minimal blocklist that is tuned towards minimizing breakages or false positives is preferable whereas on my personal devices I like a blocklist tuned towards more aggressive blocking at the risk of slightly increased changes of breakages or false positives). I suggest you take a look at this analysis and discussion for some context and statistics on why the "Light" and "Pro++" lists tend to be the most recommended options. The ultimate list is a good option for some people, but its not the recommended option for most people and has the highest risk of false positives and breakages. So if Hagezi lists do get included, it should not just be the Ultimate version. In my somewhat-informed opinion. If just one Hagezi list were to be added it should be Hagezi Light, if just two are added they should be Light & Pro++, if three than the supplemental full Threat Intelligence feed should be added, and if four Ultimate list should be included.