IF some ISP isn’t giving you a IPv6 network with /64, sue them to get your money back, and run from themEach customer to an ISP SHOULD HAVE at absolute minimum a /60 network Which is the divided in your home router to 16 /64 networks But then, consider change ISP, because then they are stupid, and should not run a ISPA customer should actually have a /56 (or company a /48) network which is divided into 256 /64 networks by your router Then you can use those 256 IPv6 LAN addresses to divide your network into different LAN For instance one for all your computers, one for each house hold member, some for guests One for IoT that phones home One for your file server etcThen you set up the firewall so that IoT LAN only can be reached from your other LAN, and only can reach the servers the devices needs to phone home tooMuch easier to manage LAN and security this wayBut yes, NAT is 100 not securityAnd yes, IPv4 NAT only hides your computers behind ONE public address They can still trace your machines IPv4 addressWith IPv6 you can set up your machine so it generates a new IPv6 address in your /64 LAN each 5 minutes when you surf a web site Those IPv6 addresses will be totally useless to track your machine Even less so then the IPv4 NAT addressSo yes, IPv6 hides, by design, your internal network structure Which IPv4 are notAnd as you wrote That IPv4 address that is stored in those web servers you connect, goes straight to your home router And with a data base and nmap command, you can even know what version of the software you run on your home router And use that to choose the right attack if it is knownThat you don’t get with the IPv6 and randomized outgoing IPv6 address for surfing Hm, I didn’t even thought about this problem with NAT