My favorite thing to use IPv6 for is to use the privacy extension to get around IP blocks on YouTube when using alternative front ends. Blocked by Google on my laptop? No problem, let me just get another one of my 4,722,366,482,869,645,213,696 IP addresses.
I have a separate subnet which is IPv6 only and rotates through IP addresses every hour or so just for Indivious, Freetube and PipePipe.
Mostly, I’m not big enough to trigger anything there.
Also, since ISPs usually only get a single humongous IPv6 block, it’s actually pretty hard to know what is okay to block. Somebody might be on a /48, /56 or /64 network but they might also just have a single IPv6 address. Since you’re blocking quintillions of IP addresses with each /64 net, the risk of hitting innocent IPs is high.
Also also, I’m not sure if Google is actually prepared for such a case. Since all the requests coming from Invidious just seem like legit unauthenticated requests, it’s hard to flag them on IPv6 when the IPs are fully randomized.
Still, Google is moving towards requiring a login for everything. So I assume that method won’t work for much longer.
TL;DR is that SLAAC used to use part of your device MAC to form it’s IP, which would be trackable/fingerprintable. Now devices just pick the last 48-bits at complete random on the assumption that no other device is going to have that specific address out of the 4 quintilion available addresses.
My favorite thing to use IPv6 for is to use the privacy extension to get around IP blocks on YouTube when using alternative front ends. Blocked by Google on my laptop? No problem, let me just get another one of my 4,722,366,482,869,645,213,696 IP addresses.
I have a separate subnet which is IPv6 only and rotates through IP addresses every hour or so just for Indivious, Freetube and PipePipe.
What is stoping Google from just blocking your entire IP-Block?
Mostly, I’m not big enough to trigger anything there.
Also, since ISPs usually only get a single humongous IPv6 block, it’s actually pretty hard to know what is okay to block. Somebody might be on a /48, /56 or /64 network but they might also just have a single IPv6 address. Since you’re blocking quintillions of IP addresses with each /64 net, the risk of hitting innocent IPs is high.
Also also, I’m not sure if Google is actually prepared for such a case. Since all the requests coming from Invidious just seem like legit unauthenticated requests, it’s hard to flag them on IPv6 when the IPs are fully randomized.
Still, Google is moving towards requiring a login for everything. So I assume that method won’t work for much longer.
This is exactly why ipv6 was never widely adopted. There’s too much power in a limited IP pool.
Define “widely”.
According to Google 46.09% of their traffic is IPv6 and most servers support it. It’s mostly large ISPs dragging their feet.
I think it’s just a few domestic US ISPs. The rest of the world has been happily using it for quite some time.
Could you link the privacy extension in question I haven’t heard of it
it’s not a browser extension, its a SLAAC thing https://www.internetsociety.org/resources/deploy360/2014/privacy-extensions-for-ipv6-slaac.
TL;DR is that SLAAC used to use part of your device MAC to form it’s IP, which would be trackable/fingerprintable. Now devices just pick the last 48-bits at complete random on the assumption that no other device is going to have that specific address out of the 4 quintilion available addresses.
edit the RFC https://datatracker.ietf.org/doc/html/rfc4941
Thanks, might have to try that sometime.
Sure, it’s part of the IPv6 spec:
https://www.internetsociety.org/resources/deploy360/2014/privacy-extensions-for-ipv6-slaac/
https://datatracker.ietf.org/doc/html/rfc8981