[LINK] Alternatives to Skype

Karl Auer kauer at biplane.com.au
Sat Feb 16 17:21:54 AEDT 2013


On Sat, 2013-02-16 at 12:54 +1100, Kim Holburn wrote:
> Thanks Karl,
> 
> Are some of these available on domestic modem/routers?  I am looking
> at turing on IPv6 at home but my home router only seems to do the MAC
> address thing.

IPv6 addressing is done by the host, not the router. All the router
provides is information about the network that the host should organise
an address in. The exception is DHCPv6, where a server (typically
embedded in the home router) allocates addresses on demand, in pretty
much the same way that DHCPv4 does.

So you can configure your computers to generate their own addresses
using whichever system you prefer. The standard default is MAC-based,
but Windows7+ uses random and/or temporary addresses as its default
(good call for once, Microsoft).

If your router does do DHCPv6 (which most do not do by default) it all
gets slightly more complicated, but most DHCPv6 servers issue random
addresses anyway, and you can even do temporary ("privacy") addresses
via DHCPv6, so it's generally not such a problem.

It is important to compare apples with apples, too. If you are one
person, with one computer behind a typical IPv4 home router doing NAT,
then your IPv4 outside address probably changes relatively rarely and it
positively identifies you. Even if you have two or three computers, that
*group* is positively identifiable - which is slightly better, but still
not good. This has been the case for many years. In other words, NAT is
providing next to no privacy - and the smaller the group behind a NAT
router, the less privacy it provides. The situation does not change with
IPv6, because you or your group will all typically be in the same IPv6
network, even if your separate addresses in that network change. NAT
obscures the number of different hosts in your group, but not very
effectively. Constantly changing random addresses (which is what IPv6
"privacy" addresses are) obscure the host count much more effectively,
and are for all practical purposes never re-used (there are enough
addresses in just one IPv6 subnet to have a million new addresses every
second for about 500,000 years).

Add to this the fact that 99% of real threats do not come at layers 2 or
3 (i.e., directly on the network), but are trojans delivered via
phishing attacks and the like, and the whole idea that address obscurity
is actually useful becomes rather dubious.

When you then look at the *cost* of NAT vs end-to-end transparency, it
all becomes a lot easier to understand why techies everywhere loath NAT
with a passion - and Skype is a great example. Something that should be
simple ("make a connection, transfer voice data") became, because of
NAT, something very complicated ("make a connection to a well-known
host, find out where other hosts are that can carry your voice traffic,
make a connection to one, tell it where you want to talk to, wait while
it looks up that destination to find out where that destination is
currently connected, send the call request to that place, make a
connection, now transfer voice data"). And that's a *simplified*
description of how Skype works.

And that's just one cost of NAT. Others include harder troubleshooting,
difficulty identifying miscreants behind NAT, session count limits,
timing out connections, the power cost of keep-alives on battery-powered
devices, massive logging requirements in some regulatory jurisdictions.
The NAT is another point of failure, an added complexity, another
performance negative, another expense. And of course NAT keeps us all
passive consumers, because while we can connect out, no-one can connect
in. So we can't offer services from home, or engage on equal terms with
people who have static public addresses. Yes, there are things like the
security nightmare of UPnP, and people with the right skillz can
configure their routers to do port forwarding, but for the vast majority
of users, NAT is a cage - and it's not even gilded.

IPv6 has its faults - but it is not privacy hostile. And the return of
end-to-end transparency (aka the death of NAT) is in general a Good
Thing, not a bad one.

Regards, K.

PS: www.into6.com.au

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://www.biplane.com.au/blog

GPG fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A
Old fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017





More information about the Link mailing list