Windows Now Requires IPv6 for WiFi?

Discussion in 'privacy problems' started by wsfmojosam, Dec 3, 2017.

  1. wsfmojosam

    wsfmojosam Registered Member

    Joined:
    Mar 28, 2013
    Posts:
    7
    Sometime in the last few months, my Surface 3 started having problems connecting to my home WiFi. In the course of troubleshooting, I discovered that private networks (e.g. Home Groups) now require that IPv6 be turned on. Once I did that, everything worked. My router (Netgear R6400) does not have separate LAN and WAN controls for IPv6.

    I don't want to use IPv6, due to privacy issues. Am I stuck with having it turned on?
     
  2. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,051
    Location:
    Europe then Asia
    I dont use IPv6, i blocked all entries in win10 and WinFW about it; i guess this is a local issues.
     
  3. wsfmojosam

    wsfmojosam Registered Member

    Joined:
    Mar 28, 2013
    Posts:
    7
    OK. I did some testing. IPv6 was absolutely required to create the homegroup and join it. Once connected, I was able to turn IPv6 off inside of Windows and on the router. The connectivity even survived a cold boot.
     
  4. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,410
    Location:
    USA
  5. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,541
    What's wrong with IPv6?
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,876
    There are security and privacy issues.

    With IPv4, there's typically a NAT router between your computers and the Internet. So, unless you forward ports on the router, remote devices can't establish connections. The downside is that you can't run web servers, or whatever. The upside is that it's harder for adversaries to attack your computers.

    With IPv6, there's no NAT. So you need firewall rules for protection. It's rather like the old days, before routers were common. Think worms ;)

    Also, with IPv6, your computers have Internet-routable addresses. With IPv4, it's 192.168.1.100 or whatever. So even if you're using a VPN, HTML5 can leak the address.
     
  7. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    107
    Location:
    Some country in the European Union
    That's exactly why firewalls should be used. Every usable OS has firewall: Windows, OS X (probably, I don't used that OS), Gnu/Linux, OpenBSD. I really don't understand what the problem.
    When it comes to regular people and routers... most routers run outdated and non-maintaned firmware which often have publicly known vulnerabilities. Do you really think that vulnerable router, which can by reconfigured by ISP or crackers at any time, can be a replacement for firewall?
     
  8. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,410
    Location:
    USA
    Though I expect in most cases that issues with IPv6 are more privacy related than security related, there is the possibility that any backdoors put into IPv6 devices are easier to exploit than an IPv4 device behind a NAT router, just because they will be easier to locate and access.
     
  9. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,094
    Explainer of some of the privacy issues: http://www.circleid.com/posts/20150216_ipv6_security_myth_5_privacy_addresses_fix_everything/
    Explainer of one of the known security issues: https://networkingnerd.net/2011/05/09/cut-me-some-slaac-or-why-you-need-ra-gdigit

    I find it surprising so many articles insist on describing ipv4 as a 32 bit address. It is not. The biggest 32 bit integer is a ten digit 2147483647.
    This has nothing in common with the twelve digit 255.255.255.255 address which is not even representable as a single 32 bit integer.
    The 255.255.255.255 address is 8 bit because it consists of four separate 8 bit integers.
     
    Last edited: Dec 5, 2017
  10. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    107
    Location:
    Some country in the European Union
    Are you talking about signed 32-bit number? Yes, in most programming languages this is the max for signed integers. It is because it starts from −2147483648.
    −2,147,483,648 through 2,147,483,647. From negative to positive.
    Range is still 2^32 = 4294967296 and for unsigned integers range starts from 0 making 4294967295 the max number.

    4 bytes * 8 bits = 32 bits
    256*256*256*256 = (2^8 ) ^4 addresses = 2^32 addresses = 4294967296 addresses
    Simple estimation for both representation is 2^32 addresses. There are some reserved addresses, though.
     
  11. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,094
    yes but how can 255.255.255.255 be stored in a 32 bit integer?
     
  12. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    107
    Location:
    Some country in the European Union
    In C language probably with a struct or array, pointers to memory and casting to other types.
     
  13. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    4,881
    Location:
    Among the gum trees
  14. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,094
    That wouldn't be storing it in an integer, my point being the supposed limitation of ipv4 is bogus. It never required a new 64 bit ipv6 because the supposed limitation of ipv4 has not existed since the 1970's when it was invented and CPU's of the time only supported 8 bit arithmetic. Hence the limitation of each subnet is an octet which at the time would have used four 8 bit integers to store the four octets of an ip address.
    All they needed to do to increase the number of ip addresses exponentially would have taken a tiny change to use even just standard 16 bit arithmetic which obviously has been supported since the 1980's would give,
    65356*65356*65356*65356 addresses.
    I think we should start a campaign to upgrade ipv4 from 8 to 16 bit so we don't ever need to use ipv6.
     
    Last edited: Dec 5, 2017
  15. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    520
    Location:
    Land o fruits and nuts
    Does anyone really know how to disable IPv6 trough the registry?
    So many different answers (such as the 5-second boot delay, right think i trust what ms says?)
    Nobody knows.
     
  16. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    107
    Location:
    Some country in the European Union
    It is how it is done in low-level programming. Reinterpreting memory region as another type is just common. Not to mention that IPv[4,6] is a protocol, not just one number.

    Feel free to educate yourself on designing protocols and write an RFC.
     
  17. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    456
    Location:
    MalwareTips "Your Security Advisor"
    Exactly, and you don't need to create a "Home Group" in Windows to use WiFi, I never have from Win 98 all the way up to Win 10.
    PS: Thread title is a bit misleading imho
     
  18. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,410
    Location:
    USA
    I've not seen that before. I have always seen them referred to a 8 bit. Must be the new math...
     
  19. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,410
    Location:
    USA
    I've testing this as working in the past, unless you are suggesting there are hidden components that are not getting disabled:
    http://tweaks.com/windows/40099/how-to-properly-disable-ipv6/
     
  20. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,094
    I am familiar with C programming, type casting, etc and it is not neccessary to do that to store IP addresses.
    In the case of ipv4 it was designed in the 70's when 8 bit CPU was standard. At that time the computational limitation of 8 bit CPU's meant the biggest number that could be stored in a single integer was 255. That is why ipv4 addresses consist of those four 8 bit integers.
    255.255.255.255
    That limitation of 255 in each of the four integers ceased to exist in the 80's. With the advent of 16 bit CPU's those four integers could then have each held 65356. Allowing, by default, an address limitation of,
    65535*65535*65535*65535.
    IPv4 was never upgraded to take advantage of that, probably because at the time in the 80's there was no apparent shortage of IP addresses but it could have been, and still could.
     
  21. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    107
    Location:
    Some country in the European Union
    Network protocols are supposed to be CPU agnostic, so that don't matter whether CPU is 8-bit or 16-bit, you still have to change underlying protocol. I am not familiar enough with designing quite low-level (3 layer in OSI model) binary protocols to tell whether there is some easy and sane way to extend 32-bit addressess to 64-bit addresses, but from what I see nether you are competent enough.
    Even that you got wrong.
    2^16=65536*65536*65536*65536
     
  22. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,436
  23. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,410
    Location:
    USA
    I probably should stay out of this, but, you must be starting with 00001 instead of 00000, so 65535 would be correct.

    Also, if you were doing any 3rd party programming and not writing the OS itself, you would normally be passing IP addresses as text strings anyway, so I don't know what all of the fuss is about.
     
  24. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    107
    Location:
    Some country in the European Union
    In range <0; 65535> there are 65536 possible combinations. Take a look at the "<" and ">" symbols. They mean range is inclusive for numbers. "(" and ")" would mean exclusive.
     
  25. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,376
    Location:
    UK
    I take it that people are aware of:

    http://www.enhancedip.org/

    If IPV6 is thrust upon a person, I believe a NAT solution should still be possible with the router/firewall offering IPV6 addresses which are shared/used with IPV4 NAT hosts behind it, and the VPN connection initiated by the router. As long as your friendly VPN provider supported IP over V6 tunnels, the privacy issues would be as now.

    I do not believe that the IPV4 address crunch is severe as advertised even today, given that the overwhelming number of devices are consumers only, and already behind NAT - sometimes multiple layers thereof. Hardly satisfactory, but here we are.

    I'd want to re-write many more things than IP addressing. The whole stack reeks of an era when error rates were high, processors feeble and memory tiny.
     
Loading...