On Jan 15, 2011, at 9:19 AM, Leen Besselink wrote:
On 01/15/2011 03:01 PM, Joel Jaeggli wrote:
On 1/15/11 1:24 PM, Leen Besselink wrote:
I'm a full supported for getting rid of NAT when deploying IPv6, but have to say the alternative is not all that great either.
Because what do people want, they want privacy, so they use the IPv6 privacy extensions. Which are enabled by default on Windows when IPv6 is used on XP, Vista and 7. There aren't enough hosts on most subnets that privacy extensions actually buy you that much. sort of like have a bunch of hosts behind a single ip, a bunch of hosts behind a single /64 aren't really insured much in the way of privacy, facebook is going to know that it's you.
Now this gets a bit a offtopic, but:
If you already have a Facebook account, any site you visit which has "Facebook Connect" on it usually points directly at facebook.com for downloading the 'Facebook connect' image so the Facebook-cookies have already been sent to Facebook.
That assumes that you use the same browser for Facebook as for other uses. I recommend not doing that, but to dedicate a browser for Facebook only, precisely because Facebook plays these sorts of games and is such a security hole. Regards Marshall
Why would Facebook care about your IP-address ?
And now you have no idea who had that IPv6-address at some point in time. The solution to that problem is ? I guess the only solution is to have the IPv6 equivalant of arpwatch to log the MAC-addresses/IPv6- address combinations ?
Or is their an other solution I'm missing.