@AMS @cadey well, #Anubis allegedly does account for #Browsers like #LynxBrowser and handles them gracefully, unless they violate thresholds to stop scrapers that fraudulently use a fake #UserAgent, and then it'll soft-ban those.

• Granted on AT&T's ASN you'll likely run into that on #IPv4 connections due to #CGNAT!

@destiny then I guess you only get the few #IPv4only nodes for #P2P that ain't behind #CGNAT in a #DSlite configuration...

@destiny yes, but that deoends on your ISP, Internet Setup, Firewall and how shoved your NAT table is.

• If you have proper Dual-Stack (static #IPv4 + #IPv6 /64 subnet) then you should be able to get that.

• If you have #IPv4only and/or #CGNAT then this will throttle you just like when you have an #ISP that doesn't properly #peer or even acts as #racketeer towards other providers and sabotages #P2P like #KT from #SouthKorea.

I was able to max oit the wifi at my university for downloads in the past...

@thermia #CGNAT should be outlawed - espechally when it illegally uses #RFC1918 address space!

@Jarek @landley that assumes #IPv6 addresses are static (Providers in #Germany do "pseudostatic" alike #IPv4 and unless one's a business customer, will forcibly disconnect once each 24 hours and reassign a new IP) and that applications ain't configured to prefer IPv4 over IPv6 just to avoid timeouts and having to check if IPv6 exists since the only "#IPv6only" #ISP I know is #Starlink (and even they do #CGNAT due to customer complaints…)

@landley @jschauma @ryanc @0xabad1dea yeah, the exhaustion problem would've been shoved back with a #64bit or sufficiently delayed by a 40bit number.

Unless we also hate #NAT and expect every device to have a unique static #IP (which is a #privacy nightmare at best that "#PrivacyExtensions" barely fixed.)

• I mean they could've also gone the #DECnet approach and use the #EUI48 / #MAC-Address (or #EUI64) as static addressing system, but that would've made #vendors and not #ISPs the powerful forces of allocation. (Similar to how technically the #ICCID dictates #GSM / #4G / #5G access and not the #IMEI unless places like Australia ban imported devices.

I guess using a #128bit address space was inspired by #ZFS doing the same before, as the folks who designed both wanted to design a solution that clearly will outlive them (way harder than COBOL has outlived Grace Hopper)...

• Personally I've only had headaches with #IPv6 because not only do I only have #IPv4only #Internet but my #ISP refuses to allocate even a singe /64 to me (but has no problem throwing in a free /29 of #IPv4's in with my contract!)and stuff like #HurricaneElectric / #HEnet's #Tunnelbroker fail face first due to #Geoblocking and the fact that #ASNs get geolocated, not their #PoPs...

If I was @BNetzA I would've mandated #DualStack and banned #CGNAT (or at least the use of CGNAT in #RFC1918 address spaces) as well as #DualStackLite!

@landley @jschauma @ryanc @0xabad1dea well, #CGNAT has it's own problems and bricks connectivity forr many applications.

@torproject same with #obfs4 bridges: there is no option to say like ports=80,443 or similar, which makes it cumbersome to get said bridges.

• And yes, for people stuck on #publicWiFi and shitty #MVNO|s this is most likely the only way they can get any #Tor connection work through #CGNAT and #firewall|s, as most do #BlockTor and it's associated #ports alongside common #proxy ports like 8000-9999 and anything they can't #MITM that isn't #HTTPS or #IMAP!

And trying to get places to #DontBlockTor that criminalize the use of #Tor is foolish at best.

• I mean, I'm glad that I'm in #Germany and whilst #Hosters do ban Tor in their #ToS, my #ISP can't ban me from operating a #relay or #bridge at home...

@herrorange how?

Like I really wounder why...

Is it due to shitty #CGNAT at the #ISP end and #Skype doing aggresssive #HolePunching through any #NAT or some other #ISP-side shenanigans?

Issues aside it's now 15 years since I started using #Tor / @torproject & @guardianproject / #Orbot on #Android full-time.

• Not just for #privacy, but because it acts as a #PerformanceProxy on #throttled #German mobile networks!

Because in #EDGEland they yeet users to 64kBit/s if not even lower to 16kBit/s past paid bandwith and instead of properly renegotiating the bandwith, they trottle connections by reducing the packet rate / dropping packets, making it as #laggy as a #GSO-based #SATCOM connection!

• On top of that, almost all #MNO|s & #MVNO|s illegally use RFC1918 Address space, *espechally 10.0.0.0/8 for #CGNAT, thus bricking #VPN|s and sadly @BNetzA doesn't really give a damn!

@kubikpixel @malwaretech @tomscott or to put it into perspective:

I worked at a telco, and whilst clients were above-average in terns of bahaviour, one does get a high single digit or low double-digit amount of LEA requests per day per x million customers.

Now imagine the average #VPN has similar utilization as a #CGNAT, so easily they'll have #LawfulInterception going on 24/7 because logless VPNs are a lie and besides circumventing #Geoblocking they don't do anything else...

• In fact I'd argue it'll be more privacy friendly to self-host a VPN on-demand with flexible hoster or just having a fixed IP at home, simply because those usually have a higher bar for getting surveillance approved.

TLDR: Just get @torproject @tails_live @tails / #Tails and good.

@wmd @miqokin also the same Issues are by my own experience are better solved via @torproject / #Tor, @guardianproject 's #Orbot & @micahflee 's #OnionShare just to name a few.

• Not to mention most #MobileNetworks illegally use #RFC1918 space like 10.0.0.0/8 for #CGNAT, intentionally bricking #VPN|s in order to force #progessionals and #businesses in way more expensive contracts as they need a "real" VPN for work...

@tschaefer fängt damit an dass bis heute nicht alle #IPv6 haben oder bekommen können...

• Bspw.: Verweigert mein #ISP die Bereitstellung von echtem #DualStack. (Deshalb kann ich diesen Post auch nicht direkt aufrufen!)

Umgekehrt sind bis heute nicht alle #Diensteanbieter & Services von #IPv4 auf #IPv6 migriert worden.

• #IPv6only ist anders als ein #Windows-Verbot (was #BDSG & #DSGVO eigentlich verlangen!) illusorisch.

Sorgt zwar für Henne-Ei-Problem, wäre aber durch die @BNetzA lösbar indem diese zwangsweise je IPv4 mindestens ein /64 an IPv6 vorschreibt und Bullshit wie #CGNAT [insbesondere mit #RFC1918-Addressraum] verbietet!

• Besonders Bullshit wie #DualStackLite ist murks: Entweder korrekt Dual-Stack oder lasst es sein!!!

@jue @goetz @fluepke Until you have some #remote workers who only have #CGNAT + pseudo-static #IPv6 addresses on a #consumer line...

Then it's not an option and you'll have to resort to #RFC1918 and #DualStack #WAN-side, as I had to setup for a fmr. employer / client...

@goetz @fluepke AFAICT, all #MNOs and #MVNOs in #Germany violate #RFC6598 by using #RFC1918 address space ( 10.0.0.0/8) bricking #VPNs that use the same address range instead of using the #CGNAT address space ( 100.64.0.0/10 ).

Sadly, @BNetzA doesn't really care to enforce anything...

https://en.wikipedia.org/wiki/Carrier-grade_NAT
https://en.wikipedia.org/wiki/IPv4_shared_address_space
https://en.wikipedia.org/wiki/Network_address_translation
https://datatracker.ietf.org/doc/html/rfc1918
https://datatracker.ietf.org/doc/html/rfc6598

@forceofhabit yeah, blocking #CGNAT address ranges is a good thing.

• Tho most #MNO|s & #MVNO|s violate #NetNeutrality and #IETF standards and use #RFC1918 (i.e. 10.0.0.0/8) for CGNAT.

Also thanks for reminding me to never set foot into Belgium again, cuz that sounds like a facist policestate!

@elfin @juliewebgirl @doctorwhom @snipe @TheGibson

#CGNAT is a huge #MITM

https://news.ycombinator.com/item?id=24476623

@ariadne I think #IRC is both valid and working.

The problem are ops that refuse to do #IPv6 and shit like #CGNAT existing.

But unlike #Matrix & #Discord it's indexable like a #mailinglist.