Because access to the internet is inequitably distributed throughout society, it is inherently problematic for any privileged class members (e.g. men, white people) to stay on the internet at all.
Any single US entity trying to MITM such large swatches of global internet traffic is inherently dangerous to global freedom. they're a single point of failure for national security letters and secret gag orders that can compel them to perform targeted censorship, backdoor all sorts of software via HTTP distribution channels, assist in US disinformation operations by rewriting third party content, etc. They could be logging literally every plaintext HTTP request and response passing through their servers and leaving it wide open in some noSQL database for hackers to go steal from someday - users have no way to trust that Cloudflare is even competently qualified to protect what they collect, and there's nothing stopping Cloudflare from blatantly lying about what they collect. This wouldn't be as big of an issue if they weren't collecting your social security / national insurance number, name, age, date of birth, address, contact information, credit card details, usernames, passwords, and every other piece of data under the sun on sites that sit behind CF, including government websites and websites that function more or less as public utilities.
Cloudflare poses an impossible to overstate threat to your right to privacy, your right to freedom of speech, to democracy itself, to say nothing of the threat they pose to the free and open web. They are very nearly as large of a stain on what was arguably one of the crowning accomplishments of the human race (the internet) as the largest evil corporations on the planet - Microsoft, Alphabet (Google), Amazon, Meta (Facebook), etc.
I believe information wants to be free, and should be free, even when I don't unanimously agree with the information, so I will start by re-sharing the torrent magnet link for the video, which I am also seeding right now, and will continue to do so until at least a full month passes with zero activity:
That said, there seems to be lots of conspiracy-adjacent talk in here. Has anyone considered the impact of the previous Trump lawsuit against CBS over the Kamala Harris edits, or the Trump-BBC lawsuit, whereby CBS made a business risk decision to avoid a story that might have some individual aspects of questionable factual accuracy that could come back to bite CBS in a courtroom, like how BBC's selective edits of Trump came back to bite them? Paramount/CBS settled Trump's lawsuit over the Kamala Harris "60 Minutes" edit for $16 million in July. BBC is getting sued for $10 billion. It's not economically irrational for an organization that has already settled lawsuits for selective presentation of political information in the past to be more worried about $10b lawsuits than $16m lawsuits.
Resisting these economic threats, these lawsuits, is something that major media needs to do, otherwise they just get compromised step by step by the wealthy oligarchs.
>They just want an easy way to connect with their friends and family
You'd be surprised how many people in your life can be introduced to secure messaging apps like Signal (which is still centralized, so not perfect, but a big step in the right direction compared to Whatsapp, Facebook, etc) by YOU refusing to use any other communication apps, and helping them learn how to install and use Signal.
I got my parents and siblings all to use Signal by refusing to use WhatsApp myself. And yet all of them still use WhatsApp to communicate among each other. They have Signal installed, they have an account, they know how to use it, and yet they fall back to WhatsApp. Some people really do want to choose Hell over Heaven.
The primary and most important feature of a messaging app is the ability to message a lot of people.
Signal is the best messaging app, but not by metrics people use to measure messaging apps, because not a ton of people use it. I use signal, but I also still use SMS (garsp!) because ultimately sometimes I just need to send a message.
It sucks and it's stupid, what we need more than anything else, more than any app, is open and federated messaging protocols.
Great first step either way! The pressure for social conformity is a hell of a drug and I try to have compassion for those suffering from it, even as I try to gently encourage them to grow past it.
Correct. I was shocked when one of my non-technical family members moved over to Proton Mail. I was super proud of them even if it came from left field!
Report the emails as spam, report the sender address to spamhaus. When enough people do this and tiktok's emails stop getting delivered, a one-click unsubscribe button in the email body that actually works will very quickly be born.
Not all of the skepticism is "does IPv6 work", some of it is "why should I want it as an end user who values privacy and minimal attack surface?"
From my perspective:
• CGNAT is a feature, not a bug. I'm already deliberately behind a commercial VPN exit node shared with thousands of others. Anonymity-by-crowd is the point. IPv6 giving me a globally unique, stable-ish address is a regression.
• NAT + default-deny inbound is simple, effective security. Yes, "NAT isn't a firewall", but a NAT gateway with no port forwards means unsolicited inbound packets don't reach my devices. That's a concrete property I get for free.
• IPv6 adds configuration surface I don't want. Privacy extensions, temporary addresses, RA flags, NDP, DHCPv6 vs SLAAC — these are problems I don't have with IPv4. More features means more things to audit, understand, and misconfigure.
• I already solved "reaching my own stuff" without global addressing. Tailscale/Headscale gives me authenticated, encrypted, NAT-traversing connectivity. It's better than being globally routable.
So yes, my parents are using IPv6 to watch Netflix. They're also not thinking about their threat model. I am, and IPv4-only behind CGNAT + overlay networking serves it well.
"It just works" isn't the bar for me to adopt IPv6. "It serves my goals better than IPv4" is the bar, and IPv6 doesn't meet it. Never has, never will.
IPv6 wasn't designed as "IPv4 with more bits." It was designed as a reimagining of how networks should work: global addressability as a first-class property, stateless autoconfiguration, the assumption that endpoints should be reachable. That philosophy is baked in. For someone like me, whose threat model treats obscurity, indirection, and minimal feature surface as assets, IPv6 isn't just unnecessary, it's ideologically opposed to what I want.
Want me to adopt a new addressing scheme? Give me a new addressing scheme, don't impose an opinionated routing philosophy on me.
Only for IP based trackers. Any webpages embedding facebook/twitter/microsoft/google trackers have already deanonymised you through a variety of fingerprinting techniques. This includes if you use private browsing sessions, and even qubesOS. You get a fuzzy feeling doing the things you do (and I do these things too), but that battle is lost.
> NAT + default-deny inbound is simple, effective security … That's a concrete property I get for free
Depends on your definition of “free”. Is it cheaper to lookup just a connection state table, or is it cheaper to look up both a connection state table and a NAT table?
> IPv6 adds configuration surface I don't want … More features means more things to audit, understand, and misconfigure.
100% agreed. More complexity, more attack surface, more things to go wrong.
> I already solved "reaching my own stuff" without global addressing … It's better than being globally routable.
I do something like this too. It’s more private and more secure. It adds more complexity, and it restricts my ability to access things from terminals I don’t personally own & control unless I create another exposed vector though. “Better” is subjective based on metrics being optimised for.
> IPv6 wasn't designed as "IPv4 with more bits." It was designed as a reimagining of how networks should work: global addressability as a first-class property
Apologies, but global addressability as a first-class property is exactly how the internet was designed. NAT was originally deployed as a hacky add-on to temporarily alleviate the lack of addressing space in IPv4 until a successor could resolve that.
That said, the internet of the 90s was a very different beast to the internet of today. A lot of your concerns and perspective is absolutely valid and extremely reasonable given the internet of today.
> "It serves my goals better than IPv4" is the bar, and IPv6 doesn't meet it. Never has, never will … Want me to adopt a new addressing scheme? Give me a new addressing scheme, don't impose an opinionated routing philosophy on me.
IPv6 can absolutely be configured in ways that just gives you a new addressing scheme and does away with a lot of the other complexity. You’re just very much straying off the happy path, removing complexity by introducing … other complexity.
FWIW, I’m operating my home networks much the same way you do. I’ve also been dual stacking networks since the 2000s. Things have come a long way since the original pure-dogma introduction of ipv6.
To be fair about fingerprinting, there's no such thing as "bulletproof", but I do have a pretty robust setup. DNS level ad and tracker blocking, browser extension level ad and tracker blocking, LibreWolf's extensive anti-fingerprinting measures, kernel-level measures like kloak, I block all third party JS by default, etc. My goal isn't to become invisible and untraceable to nation states (which is essentially impossible when 90%+ of all global ISPs can and do sell netflow metadata, enabling timing and packet size correlation even across multiple hops, even with background traffic forgery / traffic pattern obfuscation), but rather to frustrate lower-level tracking efforts, and mostly to reduce attack surface for security reasons, and to reduce the total amount of information I'm sending to adversaries, even if it technically increases uniqueness. For instance, WebGL, JS JIT, WASM, WebRTC, and even SVG rendering are similarly disabled by default on my browsers, and I may very selectively enable them on a case-by-case basis depending on how important I feel the web property I'm trying to access actually is. I'll spoof my UA, my screen dimensions, and use residential SOCKS5 proxies, one by one, to identify which fingerprinting measures are being used to block me with YouTube, for instance, without enabling JIT compilation or SVG rendering. This approach absolutely does make me more distinctly identifiable (less anonymous), but doesn't necessarily make me less private, nor less secure, if e.g. ad network JS never even runs on my box in the first place. Security is the base of the pyramid, it is the prerequisite for privacy, but doesn't guarantee it. Privacy is the middle layer, it is the prerequisite for anonymity, but doesn't guarantee it. I'm aggressively climbing that pyramid where I can while accepting some tradeoffs where the net benefit is positive to me. I don't think of any of these - security, privacy, or anonymity - as binary properties, but rather a unified journey I am on to enhance gradually and iteratively over time. Switching to IPv6 would greatly complicate and regress my path through much of the journey I've already completed.
If I could leave you with a couple questions: What tangible benefits have you reaped from IPv6 that simply weren't possible on IPv4? Has the ROI for you on going dual stack outweighed the costs on your time, attention, and configuration work required for securely handling edge cases, dealing with weird or unexpected routing issues, for straying from the happy path?
> What tangible benefits have you reaped from IPv6 that simply weren't possible on IPv4?
Personal networks: Globally unique addressing. That then lends itself to not needing any kind of split DNS for services, or worrying about addressing clashes with whatever LAN I happen to be on with my own network.
Work networks: Increased revenues.
> Has the ROI for you on going dual stack outweighed the costs on your time, attention, and configuration work required for securely handling edge cases, dealing with weird or unexpected routing issues, for straying from the happy path?
Personal networks: Absolutely not. I removed the dual stacks and went back to IPv4 only everywhere.
Work networks: That's a question for the bean counters.
> Any webpages embedding facebook/twitter/microsoft/google trackers have already deanonymised you
I bet OP has already blocked at least 3 of them. Private browsing is only a partial solution, blocking/unblocking domains, scripts, etc. on a case-by-case basis is a more reliable way to defend your right to privacy against abusive practices (I'm talking about fine grained adblockers such as uMatrix/uBlockOrigin) daily.
I admit it can be a hassle sometimes, in particular if one explores the net every day, but staying away from bad actors (such as some of those 4) is one way to maybe eventually stop them - even if "vote with your clicks" feels as pointless as "vote with your feet" when you're just one in many millions.
Extremely well. You don’t need an account to have a unique fingerprint that will eventually tie to an identity somewhere, and data brokers exist specifically for this purpose.
AMD has strong Israel ties too, right? And Israel is very nearly Intel's first home.
Besides Bolt Graphics, are there GPU or other computer graphics manufacturers that aren't cozying up to perpetrators of what the UN has formally recognized as a genocide?
This is true in "big tech", too - think FANGMAN. I saw more than one summer of 30+ summer intern cohorts that were less than 1/3 male, with a total of <=2 white guys. Diversity reports bragging that women were paid >100.0% as men, across the company, that people of color were paid >100.0% as white people, across the company. Hiring practices that would result in candidate sets on interview loops that were 75%+ women, 50%+ people of color, etc.
I'm not offering any criticism of the practice, and I don't know anyone who would say some composition re-balancing wasn't long overdue. Just clarifying that this is absolutely a systemic practice in big tech, not just media / academia / hollywood / "culture industry".
sort of agree. Maybe its because im in a more niche engineering field, but i have worked closely with lets say ~25 engineers. 0 have been women. I keep this stat running in my head as its quite absurd, but its been my experience. A majority are non-white though.
reply