Tangentially, these “privacy” addresses are such an ipv6-ism of small theoretical value at the expense of extra complexity and noise. If ipv6 had been “ipv4 but now with 100% more bits”, I suspect we would have come a lot further in global deployments.
IPv6 literally is that, plus a few pretty minor changes.
SLAAC? Literally a hack that accidentally caught on because some vendor implemented it sooner than DHCPv6 for some reason. It was intended that everyone would use DHCP just like before. And that's the biggest difference from v4 other than the address format.
They might sound minor but in practice they violate assumptions that are really crucial for implementations. Everyone who deals with addresses must make decisions about how and what to do in face of these quirks.
Another example is the zone identifier string. So how do you store them efficiently in memory or a db? Golang did a really clever thing with netip but the implementation was not easy. Oh well maybe we can always ignore and strip it? Maybe, depends on the use case.
The point is going from exactly 32 bit to 128 bit + sometimes maybe a variable length string (max length, encoding, allowed chars?) is not a small change for something so important and ubiquitous as ip.
In most cases, you don't. Zone identifiers are OS-specific, contain whatever the OS says they do, and may be only valid in the short term (e.g. Linux interface number). You only need them if you are doing lower level networking things. As a web app you just don't, because they aren't part of an internet address. As a web browser you pass whatever the user typed through to the operating system.
Okay, but that's not a minor change. Regardless of why it caught on, SLAAC completely changes how addresses are handed out, and is in many/most environments a requirement if for no other reason than that Android explicitly refuses to implement DHCPv6 ( https://issuetracker.google.com/issues/36949085 ). And once SLAAC is in play, suddenly privacy problems come up and you kind of need to jump through the extra hoops to avoid, y'know, putting your MAC address in every single packet you send over the public internet.
> SLAAC? Literally a hack that accidentally caught on because some vendor implemented it sooner than DHCPv6 for some reason.
The history I recall is very much a academics designing theoretical standards vs operators who actually implement the damn things.
The academics designed the standards around the use of SLAAC deliberately and intentionally. DHCPv6 was the ‘hack’ that operators implemented after the fact.
I’m sure there’s an RFC somewhere that’ll prove this one way or another, if anyone else reading this cares enough to determine for sure (Duty Calls).
With ipv6 you can match IPs realistically to a single household across multiple sites.
Access porn.com from 12.34.56.78 and you are one of dozens of households. Just because Bob Bobson who logged into Netflix is on the same IP it doesn’t mean that house was on porn.com.
Access from 2100:1234:5678:abcd:: and you are accessing from one specific household, even if the lower 64 bits differ. You’ll likely keep the same ip for longer than in cgnat anyway (and by design you keep it until your isp changes)
CGNat adds a layer of privacy that a public /32 (ipv4) or /64 (ipv6) doesn’t give.