Consumer Rights Wiki

CgNAT: Difference between revisions

← Older editNewer edit →
VisualWikitext
Emayeah (talk | contribs)
confirmed
22 edits
added an example
Tempo123 (talk | contribs)
confirmed
354 edits
Replace paywalled academic source with archived version from discord CDN (received from original author after requesting from them on Discord) and archive again.
Line 4: Line 4:


===Complaints from law enforcement agencies===
===Complaints from law enforcement agencies===
Law enforcement agencies find it harder to identify criminals behind an IPv4 address used by thousands of people. As a result the agency may have to tap connections of all users sharing that address to identify the criminal. <ref>{{Cite web |last=European Cybercrime Centre (EC3) |date=17 Oct 2017 |title=Are you sharing the same IP address as a criminal? Law enforcement call for the end of Carrier Grade NAT (CGN) to increase accountability online |url=https://www.europol.europa.eu/media-press/newsroom/news/are-you-sharing-same-ip-address-criminal-law-enforcement-call-for-end-of-carrier-grade-nat-cgn-to-increase-accountability-online |website=europol.europa.eu |url-status=live |archive-url=http://web.archive.org/web/20260113094744/https://www.europol.europa.eu/media-press/newsroom/news/are-you-sharing-same-ip-address-criminal-law-enforcement-call-for-end-of-carrier-grade-nat-cgn-to-increase-accountability-online |archive-date=13 Jan 2026}}</ref><ref name=":0">{{Cite web |last=Gözükara |first=Furkan |date=8 Nov 2021 |title=Challenges and possible severe legal consequences of application users identification from CNG-Logs |url=https://www.sciencedirect.com/science/article/abs/pii/S2666281721002377 |website=sciencedirect.com}}</ref>
Law enforcement agencies find it harder to identify criminals behind an IPv4 address used by thousands of people. As a result the agency may have to tap connections of all users sharing that address to identify the criminal. <ref>{{Cite web |last=European Cybercrime Centre (EC3) |date=17 Oct 2017 |title=Are you sharing the same IP address as a criminal? Law enforcement call for the end of Carrier Grade NAT (CGN) to increase accountability online |url=https://www.europol.europa.eu/media-press/newsroom/news/are-you-sharing-same-ip-address-criminal-law-enforcement-call-for-end-of-carrier-grade-nat-cgn-to-increase-accountability-online |website=europol.europa.eu |url-status=live |archive-url=http://web.archive.org/web/20260113094744/https://www.europol.europa.eu/media-press/newsroom/news/are-you-sharing-same-ip-address-criminal-law-enforcement-call-for-end-of-carrier-grade-nat-cgn-to-increase-accountability-online |archive-date=13 Jan 2026}}</ref><ref name=":0">{{Cite web |last=Gözükara |first=Furkan |date=12 Aug 2020 |title=Challenges and possible severe legal consequences of application users identification from CNG-Logs |url=https://megalodon.jp/2026-0322-2005-47/https://cdn.discordapp.com:443/attachments/1484862664252592178/1485093404877524992/Challenges_and_possible_severe_legal_consequences_of_application_users_identification_from_CNG-Logs.pdf?ex=69c09c83&is=69bf4b03&hm=bbcf1d7804a49737bc96785e789148610be43243902c1b1913f04ada19a67c08& |url-status=live |archive-url=https://web.archive.org/web/20260322105855if_/https://cdn.discordapp.com/attachments/1484862664252592178/1485093404877524992/Challenges_and_possible_severe_legal_consequences_of_application_users_identification_from_CNG-Logs.pdf?ex=69c09c83&is=69bf4b03&hm=bbcf1d7804a49737bc96785e789148610be43243902c1b1913f04ada19a67c08& |archive-date=22 Mar 2026 |access-date=22 Mar 2026 |website=Megalodon |series=Forensic Science International: Digital Investigation |publisher=Elsevier Ltd. |publication-date=8 Nov 2021 |via=ScienceDirect |doi=10.1016/j.fsidi.2021.301312}}</ref>


A 2016 survey conducted by the European Cybercrime Centre revealed that 90% of EU Member State cyber divisions regularly encountered errors related to CGNAT technologies during investigations, sometimes forcing them to discontinue cases or employ more resource-intensive approaches. <ref>{{Cite web |last=European Police Office (Europol) |first=page 57-58 |title=IOCTA 2016 INTERNET ORGANISED CRIME THREAT ASSESSMENT |url=https://www.europol.europa.eu/iocta/2016/resources/iocta-2016.pdf |website=europol.europa.eu |url-status=live |archive-url=https://web.archive.org/web/20260216020928/https://www.europol.europa.eu/iocta/2016/resources/iocta-2016.pdf |archive-date=16 Feb 2026}}</ref><ref name=":0" />
A 2016 survey conducted by the European Cybercrime Centre revealed that 90% of EU Member State cyber divisions regularly encountered errors related to CGNAT technologies during investigations, sometimes forcing them to discontinue cases or employ more resource-intensive approaches. <ref>{{Cite web |last=European Police Office (Europol) |first=page 57-58 |title=IOCTA 2016 INTERNET ORGANISED CRIME THREAT ASSESSMENT |url=https://www.europol.europa.eu/iocta/2016/resources/iocta-2016.pdf |website=europol.europa.eu |url-status=live |archive-url=https://web.archive.org/web/20260216020928/https://www.europol.europa.eu/iocta/2016/resources/iocta-2016.pdf |archive-date=16 Feb 2026}}</ref><ref name=":0" />
Line 22: Line 22:
To circumvent these limitations, ISPs typically offer subscriptions for dedicated IPv4 addresses or IPv6 tunnels.<ref>{{Cite web |date=8 Mar 2024 |title=About Static IP addresses |url=https://www.att.com/support/article/u-verse-high-speed-internet/KM1002300/ |url-status=live |archive-url=http://web.archive.org/web/20251111020054/https://www.att.com/support/article/u-verse-high-speed-internet/KM1002300/ |archive-date=11 Nov 2025 |website=att.com}}</ref>
To circumvent these limitations, ISPs typically offer subscriptions for dedicated IPv4 addresses or IPv6 tunnels.<ref>{{Cite web |date=8 Mar 2024 |title=About Static IP addresses |url=https://www.att.com/support/article/u-verse-high-speed-internet/KM1002300/ |url-status=live |archive-url=http://web.archive.org/web/20251111020054/https://www.att.com/support/article/u-verse-high-speed-internet/KM1002300/ |archive-date=11 Nov 2025 |website=att.com}}</ref>


=== ELI5: Why (and how) does CGNAT break the internet? ===
===ELI5: Why (and how) does CGNAT break the internet?===
Let's assume that normal IP addresses are "public" phone numbers and that IPs used by CGNAT are "private" phone numbers, that is numbers that can only initiate calls, not receive them. let's assume that there are 2 users (user A and user B):  
Let's assume that normal IP addresses are "public" phone numbers and that IPs used by CGNAT are "private" phone numbers, that is numbers that can only initiate calls, not receive them. let's assume that there are 2 users (user A and user B):  


Line 33: Line 33:
4) User A wants to call user B, but both users only have private numbers (CGNAT). Both users can initiate calls, but neither of them can receive them, thus a connection can't be established. there's only one solution to this, having user A and user B call user C (a man in the middle that has a "public" IP address thus being able of receiving calls) with user C rerouting the voice from user A to user B and viceversa. this means that there's an additional cost and privacy risks, since a not well intentioned man in the middle can eavesdrop on the conversation.
4) User A wants to call user B, but both users only have private numbers (CGNAT). Both users can initiate calls, but neither of them can receive them, thus a connection can't be established. there's only one solution to this, having user A and user B call user C (a man in the middle that has a "public" IP address thus being able of receiving calls) with user C rerouting the voice from user A to user B and viceversa. this means that there's an additional cost and privacy risks, since a not well intentioned man in the middle can eavesdrop on the conversation.


==== How does IPv6 resolve the issue? ====
====How does IPv6 resolve the issue?====
There are only roughly 4 billion IPv4 addresses (or phone numbers), compared to the roughly 340 undecillion IPv6 addresses (that's more than the number of grains on planet earth SQUARED!). 4 billion addresses are not enough for every single user, hence the need of reusing addresses, potentially assigning one to thousands of users (there may be only 8 billion humans on planet earth, but the numbers of devices connected to the internet vastly exceeds that). IPv6 does not have those limitations, and because reusing IPv6 addresses is useless due to the vast number, every single IPv6 address is inherently "pubic" (aka being able of receiving and initiating calls).
There are only roughly 4 billion IPv4 addresses (or phone numbers), compared to the roughly 340 undecillion IPv6 addresses (that's more than the number of grains on planet earth SQUARED!). 4 billion addresses are not enough for every single user, hence the need of reusing addresses, potentially assigning one to thousands of users (there may be only 8 billion humans on planet earth, but the numbers of devices connected to the internet vastly exceeds that). IPv6 does not have those limitations, and because reusing IPv6 addresses is useless due to the vast number, every single IPv6 address is inherently "pubic" (aka being able of receiving and initiating calls).


==References==
==References==
<references />
<references />
Retrieved from "https://consumerrights.wiki/w/CgNAT"