this post was submitted on 05 Feb 2024
188 points (95.2% liked)
Technology
59392 readers
2918 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
They need to stop that nonsense. NAT is not for security, and was not designed for security purposes. In fact, there are a few ways it subverts security, such as SNI in TLS making the connection less private than it could be.
If they want to block external connections, a border firewall can do the job just fine without NAT. It's arguably better, because NAT complicates existing firewall rules and their implementation in code. Complications are the enemy of security.
How do you anonymize ip addresses without effectively recreating nat using firewall rules?
Mu. Why do you feel the need to anonymize IP addresses?
There is no way to personally identify anyone. Right now advertisers have to jump through hoops of cookies and browser fingerprinting to identify you- which can be blocked.
They still wouldn't. A single computer address is not an individual. They're only slightly better off compared to knowing the edge router IP like they do now.
If you really want to protect against that, then use a proxy or an onion router. NAT was never meant to do this, and it does it poorly.
It is extremely likely to be the same user. Shared computers are rare today.
So what? They still don't have much more information than the edge router IP. Again, if you want to protect yourself here, use a proxy, onion router, or VPN. NAT is not designed to tackle this, and does it poorly.
In a large cooperate network, or even a small network, there's nothing fixing a device to a specific network address. You can shuffle those around between people entering and leaving the building and device power cycles just like DHCP does for IPv4.