Quite a few will refuse to run on regular unrooted Android if the device's bootloader is simply unlocked, because they consider that an indication that the operating environment is unsafe. It's completely nonsense reasoning, but banks gonna bank.
It's not because it's Bitwarden, it's because an app has been installed from a source other than the Play Store, and thus hasn't been audited by Google and installed with the verification of Play Protect. HSBC doesn't want apps that aren't Play Protect-certified installed on the device. Android is merely showing the user a list of all such apps, so that they know what to uninstall if they wish to comply with HSBC's mandate. The HSBC app doesn't know what the offending apps are, merely that at least one offending apps is installed. Install Bitwarden directly from the Play Store rather than another source, and the HSBC app won't complain.
Yes, it's still utterly stupid, especially when you consider the fact that the same banks are willing to let customers access and manage their accounts in any web browser, which is much less secure. No, the UK banks won't budge on this, they've been doing it for over 10 years in various forms, it's a continuous cat-and-mouse game.
The extra (nominal) security guarantee afforded by Play Protect is not a requirement for EU PSD2 SCA authenticator app compliance, but I wouldn't be surprised if someone in HSBC's liability/cybersecurity department advised them to implement this for some misguided reason. That said, I'm running Android 14 on a non-rooted device with several apps installed from sources other than the Play Store (including Bitwarden from F-Droid), and all of my UK banking apps (of which I have 12, as I have accounts with almost every bank that operates in the UK, though HSBC is notably not one of them) function just fine. Suffice it to say that if First Direct (an online-only subsidiary of HSBC UK that is routinely ranked as the top bank nationally for customer service) implements this and refuses to revert, I'm closing my accounts with them.
I could say the same to you and it would be just as incorrect. No, I just like it when people actually engage with genuine questions and arguments rather than completely ignoring them. Could you tell me how NAT actually improves your privacy compared to no NAT?
Then I guess there is no way for you to understand that NAT is not a privacy tool. 🤷🫂
"Distinguish" means "tell two things apart", e.g. one household from another. It doesn't mean "identify".
Fingerprinting is likewise a means of distinguishing, but not necessarily identifying. The need for law enforcement to identify is where the need for the logs arises.
I assure you that I don't care about whether I'm right, I just care about the reasoning and what the correct conclusion is. If being willing to engage in discussion about something comes across to you as wanting to be right, that's just your personal inference.
> it's not about what I or you care about.
I'm asking whether you care so that I can determine whether it's worth it for me to be talking to you. If you don't care about the benefits of IPv6, then there is no point in me trying to convince you.
I asked again because you said you couldn't respond to something "that long". If you cared, I would expect you to respond to that "long" post. If you don't actually care, then there's no point talking to you about this, so if that's the case, please just say so, so that I can drop this conversation. If you do care about the topic, then please actually read the post and respond to the points if you feel that you have something to say about them.
> It's about what it's useful or not.
IPv6 is useful because it maintains the end-to-end principle in light of the fact that we have so many internet-connected devices. NAT is only useful in situations where address exhaustion would otherwise occur. NAT is not a privacy tool. NAT was not necessary in the dial-up era. NAT is is still not necessary in IPv4 environments with more addresses than devices, such as enterprise/university settings where they have had enough IPv4 addresses since the early days of the Internet that they still don't suffer address exhaustion and thus have no need to use NAT with IPv4.
> Laws require ISP to keep logs because NAT works as a privacy tool.
Those laws don't exist because of NAT. Laws require ISPs to keep equivalent logs even in contexts where NAT is not used at all.
NAT is not a privacy tool. It is not the thing giving you the privacy here. The privacy comes from two things:
1. the pseudonymous nature of the IP address, a property which is just as present without NAT; and
2. the fact that the ISP isn't giving up your identity to anyone and everyone that asks about your IP address. This is a consequence of data protection laws, not of NAT. I said this in the previous post that you said you couldn't respond to because it was "too long".
Let me provide concrete examples to hopefully make the point clear to you: the IP address that I'm sending this post from is 2a02:6b6f:fc22:4c01:211c:b02a:a4f1:266e. My ISP owns the prefix 2a02:6b6x, assigns 2a02:6b6f:fcxx to my neighbourhood, and assigns 2a02:6b6f:fc22:4cxx to my household. However, that household-level assignment is subject to change, and so e.g. tomorrow I may be given 2a02:6b6f:fc48:a9xx instead. As such, the ISP must log the fact that they assigned "22:4c" to me one day, and "48:a9" to me the next day, so that if they are served a warrant asking them to identify which household was the source of packets using address 2a02:6b6f:fc22:4c01:211c:b02a:a4f1:266e, they can actually answer that request.
This is absolutely no different from the case where the adversary's query is instead, "we saw packets coming from address 193.164.21.152 at time X. Which household did these originate from?" My ISP's use of CGNAT means that this address is used by the entire neighbourhood, just like the IPv6 prefix 2a02:6b6f:fc22:4cxx, but this doesn't affect the nature of the query, nor the nature of the information that the adversary has before making the query. The only difference is that with IPv6, the "22:4c" or "48:a9" data can also be seen publicly, but this isn't useful alone in identifying me; it doesn't compromise my privacy in any way.
The exact same is true if the ISP were not using CGNAT for IPv4, but just a single layer of NAT: the adversary can still see the pseudonym of the household in the address of packets that they received, e.g. if the ISP owns 192.0.2.16/28 and delegates 192.0.2.20 to my household, then the adversary sees packets coming from 192.0.2.20, but still doesn't know what household those packets came from until the ISP tells them. Their query to the ISP would also be identical: "we saw packets coming from address 192.0.2.20 at time X. Which household did these originate from?"
***
So please, tell me: in your view, what is the actual *practical* difference, if any, when NAT is used vs. when it isn't used? What actual aspect of your privacy is compromised without NAT, but retained or gained with NAT? How is the actual set of possible effects on you any different in either circumstance? You keep saying NAT "works as a privacy tool because you share an address with other people", but *how* do you think that address-sharing actually aids in keeping you private/unidentified compared to no NAT?
Genuinely, I want to know your reasoning here, but you haven't provided any reasoning in light of what I've told you about the nature of networks without NAT, so currently there's literally nothing for me to argue against. You're just saying "but I share a address, therefore I have more privacy." I tell you, "no, that's wrong, and here's why," but then you just repeat, "no, address sharing gives me privacy." That's a completely unfounded statement on it's own. You need to tell me what the tangible privacy benefit that you see actually is, because I don't see any.
Perhaps this wasn't true at the time you asked about this, but SN supports NIP-46 / Nostr Connect / Bunker. You can generate a Bunker URI in Amber by going to Applications (the first tab) > "+" button (in the lower right) > Add a nsecbunker.
I can only interpret this as apathy. If you just don't care about latency centralisation, etc , just say so. You're welcome to use whatever you want to use, but if you actually want to have a discussion about whether NAT provides extra privacy or not, you can respond to the points I've made.
You misunderstand my use of "distinguish" there. Even with IPv4, you can already be distinguished from other users when it comes to your identity/fingerprint, because such fingerprinting doesn't come from IP metadata, but from application-layer data. However, filtering based on this requires deeper packet inspection, which is more resource-intensive.
With IPv6, endpoints can distinguish your IP packets from those of other users/households based solely on the IP address. That doesn't increase or decrease your privacy in any way; they still don't know *who*, only *what*. The only thing an endpoint gains from this is the ability to more selectively block/filter packets based on IP address alone. That's good for both you and the endpoint, not bad.
In other words, you have no good reason to think that distinguishing household A from household B, whilst still not knowing anything more specific about A and B, such as their street addresses, is harmful to privacy. Or at least, so far, you have failed to convince me that this actually harms your privacy. Perhaps you could give a concrete example of where this would be the case?
> NAT has not stopped it to happen.
I never said that it does. But do you care about increased latency, decreased throughput, more centralised points of failure? If so, then you should prefer avoiding the use of relays to facilitate P2P traffic, because relays result in all of these things.
> Moreover, sharing an IP address has protected a P2P user from legal consequences
Such protection/anonymity does not come from address sharing due to NAT, it comes from some combination of network sharing (e.g. at a public place), proxying (e.g. using a public VPN service), and/or local laws restricting access to certain kinds of data/logs. All of these factors being the same, you have exactly the same level of anonymity with IPv6 as with IPv4.
The particular case you cited hinges on the specifics of Spanish Law 25/2007, which states that data such as NAT mappings must be retained by the relevant orgs, such as ISPs, for at least 12 months, and only shared following a judicial order:
> > imposibilidad dada por la Ley 25/2007, de 18 de Octubre, de conservación de datos relativos a las comunicaciones electrónicas y a las redes públicas de comunicaciones, que circunscribe la posibilidad de exigir la identificaci a supuestos de detección, investigación y enjuiciamiento de delitos graves
> > ***
> > impossibility given by Law 25/2007, of October 18, on the conservation of data related to electronic communications and public communications networks, which limits the possibility of requiring identification to cases of detection, investigation, and prosecution of serious crimes
In other words, the crime was not serious enough to legally compel the ISP to disclose the identifying data (the NAT mappings); it did not meet the standard of "delito grave" in Spanish law. In an IPv6 context, it would be the specific IPv6 subnet (address/network prefix) delegated/assigned to the customer by the ISP that the plaintiff would need to know. This identifying data is, again, something that only the ISP and the customer know by default, and would require legal warrant for the plaintiff to obtain. Thus, the outcome of the case should be the same in an IPv6 context.
***
Amusingly, the article highlights a negative point about NAT that I have already mentioned — one user's actions unfairly negatively affecting many other unrelated users due to a subsequent restriction of access to services by the offending IP addresses.
> > Además, aparte de a "nito75" el alcance de la sentencia perjudicará a todos aquellos que usen esa misma conexión a internet.
> > ***
> > In addition, apart from "nito75" the scope of the sentence will harm all those who use the same internet connection.
This would not happen in an IPv6 context, because the offended service can simply block traffic from the particular subnet. In other words, with IPv6 rather than NAT/CGNAT, endpoints can distinguish different households and users but still can't identify them without extra info.
> it's just a good thing to have, privacy-wise.
Please explain why you think this, bearing in mind the reasons that I have already given for why it is not.
> Wait, who said something about usability?
Separately, I am telling you why IPv6 is more useful than IPv4, because you asked what improvements IPv6 provides.
It's not trading sovereignty for convenience, it's trading it for utility. The reason for doing so is that the sovereign platform currently lacks the desired utility.
Sharing the same IP address as other devices doesn't improve usability, it actively hampers it by breaking the end-to-end principle. If you care about using peer-to-peer applications (voice calls, online gaming, torrents, Bitcoin, Nostr, etc.) without requiring the use of middlemen/relays that are publicly reachable over IP (thereby introducing other issues such as natural centralisation pressures and additional latency), then you care about maintaining the end-to-end principle. If you don't care about P2P apps, that's your prerogative, but just know that such an architecture is significantly responsible for the current state of the internet economy (among other things, of course).
It can also actively harm usability by lumping you in with bad actors that happen to be sharing the same IP address as you. What do you do when someone on the other side of your neighbourhood is using the same IP address as you and does something that gets that IP address blocked by a service that you want to use?
Sharing an IP address also doesn't give you any extra privacy, because (1) NAT on a per-household basis still identifies the household, (2) where CGNAT is used, NAT mappings on a per-neighbourhood basis are still logged by your ISP, and (3) the actual endpoints you're communicating with over the internet can fingerprint you using other means anyway.
This opinion is unfortunately not unpopular globally — it's one reason among many that convincing people to adopt IPv6 is so hard — but it is unpopular among those intimately familiar with networking because it is simply false. NAT doesn't give you any privacy at all, you've just incorrectly convinced yourself that it does.
I was talking about this and other routing protocols such as cjdns with Squiggs at CMH yesterday. It's an interesting one, but I don't know how well the routing algorithm actually works in practice on a dynamic mesh network — it's something I've read about, so have a good technical understanding of, but not something I've actually experimented with to see whether its fault-tolerance mechanisms actually work.
You can "host" whatever you like "on Yggdrasil". It's not a hosting platform, it's a routing protocol, like IP itself. You wouldn't say "I host my website on IPv6," you'd say "my website is available/reachable over/using an IPv6 connection." Likewise, you'd say "my Nostr relay is reachable using Yggdrasil."
The goal in the context of making routing accessible to the masses should be to minimise the technical knowledge needed to deploy them. To that end, even good old IP is fine, but the problem is hiding all of the complexities of BGP from laymen that want to deploy routers, and making sure the routing algorithms are still efficient at that kind of scale. The modern internet remains scalable due to its semi-hierarchical structure, which facilitates route aggregation; despite IPv6 network IDs being 64 bits, the global IPv6 routing table almost entirely consists of 32-bit and 48-bit route IDs.
You can achieve this kind of aggregation with plain old IP even without organisations such as ISPs, as long as local communities can agree on their locally unique name/ID, such as a city name within a country, a village name within a city, or a postcode/zipcode within a country. Yggdrasil differs by not relying specifically on name-level aggregation like a postal mail address, but instead relying on an "aggregated" view of a network graph: a spanning tree.
We need to decide who controls a domain name by using a consensus-based mechanism such as Namecoin, rather than centralising that delegation of control to domain registeries as is currently the case.
Because Nostr is a series of tubes built upon a series of tubes!
For reference, this remark is prompted by Cloudflare (and thus many popular sites such as Twitter/X) currently experiencing a global outage. Hooray for decntralisation!
1. Node operators, individually.
2. Node operators, individually.
It's a proposal that will simply result in a network split if and when node operators decide to enact it.