
How does one get the system to actually use the IPv6 Temporary Addresses? - the8472
https://social.technet.microsoft.com/Forums/windows/en-US/57925467-2b8d-4c2d-b1f2-b0402581a30e
======
nikanj
Windows 10 also re-enables ipv6 on major updates. It’s nice to try to explain
to grandma how to turn it off again, so the pc would actually have working
internet again.

Yes, turning on ipv6 should not break the net. Let me introduce you to the
concept of ”shitty modems from shitty isps”.

~~~
oasisbob
What is the modem doing to cause v6 to break in such a way that it affects the
user's experience? In theory, broken or degraded v6 should be taken care of
with Happy Eyeballs [1] at the user's device, so the user doesn't even know
anything is wrong. I'm really curious what kind of breakage would slip through
the cracks.

eg, when Netflix started blocking IPv6 tunnel brokers in their VPN crackdown,
my house was affected and Netflix was broken. As a "short term" fix, I blocked
traffic towards the v6 tunnel at the firewall, but was too lazy to disable v6
prefix advertisement or actually take the tunnel down. I intended to revisit
the whole situation, but forgot.

Despite all the devices on my home network having global v6 addresses, you'd
never know that anything is broken because Happy Eyeballs is working as
intended across everything - Mac OS, Linux, iOS, Android, Windows.

[1]
[https://en.wikipedia.org/wiki/Happy_Eyeballs](https://en.wikipedia.org/wiki/Happy_Eyeballs)

~~~
geofft
Happy Eyeballs cannot be implemented in libc/Winsock/etc. alone, because it
crosses the abstraction barrier of the Berkeley socket API. Happy Eyeballs
wants you to open two TCP connections to the same hostname, one over IPv4 and
one over IPv6, and use the one that returns an ACK first. But the BSD socket
API separates the process of looking up the hostname and opening a connection
to it - getaddrinfo() returns a list of addresses, but you can only pass a
single address, with a specific address family (IPv4 or IPv6), to connect().
So the intended use is that the application iterates over the returned
addresses itself. You could come up with some scheme where libc caches the
IPv4 and IPv6 results and has getaddrinfo() return a fake address to the
application that's actually an index into the cache, and have libc implement
Happy Eyeballs on its end once connect() is called, but that would probably
have all sorts of negative side effects, starting with the fact that
getaddrinfo() couldn't be used for any other purpose than generating addresses
for connect().

Also, not every protocol is compatible with Happy Eyeballs, because there's no
guarantee that opening a connection is harmless. It's perfectly valid for me
to e.g. implement a smart lightbulb protocol by having it toggle off/on when
it receives a connection from a trusted network interface without actually
requiring data to be sent. If you used Happy Eyeballs in this case and both
IPv4 and IPv6 worked, you wouldn't be able to turn on your lights. This is of
course a contrived example, but the authors of generic libraries like your
libc have to worry about contrived examples.

So it has to be implemented by application software or at least a library for
the specific protocol like HTTP (layer 5 or up), which means that in practice,
lots of apps won't have it implemented. And therefore in practice, broken or
degraded IPv6 is very end-user visible.

~~~
Hello71
although otoh in theory there are 65535 usable ports, but shitty shitty
firewalls and shitty shitty "sysadmins" often mean you just get 2, and TCP
only at that, but it seems that just that bare minimum "connectivity" works
well enough that "regular users" don't notice.

------
trendia
"Initially browsers use the temporary IPV6 address. After a while they start
consistently using the permanent one."

This is the most troubling aspect to me. The process of enabling the random
ipv6 address would be:

1.Click the "enable" checkbox

2\. Check if it's working. (initially, it does)

3\. Forget about it for the next 12 months

Somewhere between Step 2 and Step 3, the feature spontaneously turns off and
the ipv6 address is leaked, and the user is none the wiser.

~~~
mirimir
As I read the article, "after a while" is more like hours than months :(

------
spystath
I think IPv6 privacy extensions are a bit overrated in their usefulness. What
I mean, at least for most residential deployments, is that the first 64 bits
(the prefix) is the same no matter what you do with the last 64. Even if the
exact IPv6 suffix is randomized your address can still be linked to an account
by its suffix. Unless you are a part of a large network suffix randomization
won't do much good. And large networks are probably better with DHCPv6 anyway.
If only Google implemented DHCPv6 for Android...

~~~
asdfaoeu
The main issue is that it uses that same suffix no matter what connection you
are on.

~~~
spystath
I don't disagree, but privacy extensions do not solve the problem of tracking,
only alleviate it since there are still ways to be tracked. In any case
believe a stateful solution like DHCPv6 is better for deployment anyway.

------
snvzz
Link sends me to some sort of live.com login page.

Could someone link a mirror?

~~~
the8472
[https://archive.is/P6R9H](https://archive.is/P6R9H)

------
mirimir
Can one block IPv6 in Windows Firewall?

------
bjt2n3904
"Bug"

~~~
mtgx
Windows 10 "privacy".

~~~
yuhong
How many people are using IPv6 in the first place though?

~~~
ggm
Between zero and ninety percent depending on which network provider you are
on. Comcast? Seventy percent. Reliance Jio in India? Ninety percent. Fptelecom
in Vietnam? Sixteen percent. Telstra in Australia? Forty percent. Sky in the
UK eighty percent. .. it depends. (I measure this for my day job, btw)

