Stop using IPv6 immediately if you value your privacy. Disable it at the router-level ideally.
>Reasons: Half of the address is a unique identifier derived from your MAC address, making your device identifiable. >but what about privacy extensions They aren't enabled by default on most systems, and even then don't work correctly. Ubuntu 18.04 doesn't enable them by default, for example. In Windows 10, they were ignored for over 1.5 years if set and global address was used instead [1]: >"Temporary IPv6 address is present but not used" >"Still a problem in 2018, a year and a half later" FreeBSD doesn't enable them by default [2]: >"Please do not enable classical RFC 4941 temporary addresses by default!" Etc, etc - you simply can't rely on software to do it right.
Among others, one reason for disabling privacy extensions by default is because they make networks susceptible to cache overflows as devices will accumulate many addresses in a short period. Administrators don't like this, they prefer stability over privacy. As such, even the RFC itself recommends disabling privacy extensions by default [3]: >"[T]he use of temporary addresses SHOULD be disabled by default in order to minimize potential disruptions" This is what FreeBSD argues for their reasoning to disable privacy addresses.
As such, there's a revision to the private addresses, Stable Privacy addresses, that allows stable addresses. It's like the global address but the MAC is mangled. But this only hides your MAC between networks, it still makes your device uniquely identifiable on a given connection. Unlike traditional privacy addresses, these are non-random and persistent - zero privacy.
>No NAT No NAT means your ISP can count every connected device on your LAN behind your router. With IPv4 NAT, all the ISP sees is the gateway making connections. With IPv6, the ISP sees each individual IPv6 device. While you can use NAT with IPv6, it's never used in practice as IPv6 is supposed to deprecate the need for NAT. And if you do set up NAT, you might as well just use IPv4.
This also applies to connected domains since the IPv6 prefix identifies your ISP+region, so, for example, Google can count how many devices you have which use their services. This makes tracking much easier, IPv6 is like a global cookie in IP form.
And of course even for stable privacy extensions (which are usually the default now to prevent flooding) this all applies. Doesn't matter if MAC is hidden, each device on your LAN is visible.
No NAT also means proper firewalling is absolutely essential. While NAT isn't supposed to be used for security, it does offer some. With IPv6, you better ensure your WAN is set up correctly otherwise anyone can make direct connections.
This is all to say IPv6 just over-complicates things while offering zero benefit to the average network. IPv6 is decades in the making but is still crashing entire networks [4]: >"The principal change that I have made in this regard is to disable IPv6 on most CSAIL networks. I have come to the conclusion that so much in IPv6 design and implementation has been botched by protocol designers and vendors (both ours and others) that it is simply unsafe to run IPv6 on a production network" And now random addresses are being deprecated for stable, identifiable ones, and thus IPv6 offers no privacy compared to IPv4 + NAT. The protocol is broken botnet.
>Half of the address is a unique identifier derived from your MAC address, making your device identifiable. that just makes it easier to evade bans and harder to be identified, since MACs can be easily changed.
Jow Forums doesn't allow IPv6 for this reason, this botnet needs to identify you at any time.
Cameron Brown
>No NAT means your ISP can count every connected device on your LAN behind your router. With IPv4 NAT, all the ISP sees is the gateway making connections. With IPv6, the ISP sees each individual IPv6 device. While you can use NAT with IPv6, it's never used in practice as IPv6 is supposed to deprecate the need for NAT. And if you do set up NAT, you might as well just use IPv4. >No NAT also means proper firewalling is absolutely essential. While NAT isn't supposed to be used for security, it does offer some. With IPv6, you better ensure your WAN is set up correctly otherwise anyone can make direct connections. Dude are you retarded? Your ISP has full access to your router. They can connect to your network shares if they want to. You have always needed a proper firewall.
James Miller
Only the half most significant bits (64) are used for routing. You just block the leading prefix to block an entire network, same as IPv4. This prefix is what your ISP assigns you.
Robert Gray
>using the ISP-provided router who the flying fuck does this
Carter Flores
>Your ISP has full access to your router. Only if you're using your ISPs router, which I seriously hope no one on Jow Forums does. The firewall is less relevant now, but a couple years ago OpenWRT was recommended over DD-WRT simply because the latter didn't come preconfigured with a IPv6 firewall.
People without a proper firewall, cause if you have a good router you can easily set up a firewall no matter the addressing protocol. You don't need a fucking Checkpoint/F5, and I bet those are backdoored anyway.
Jayden Hernandez
Another thing: even if your device isn't using IPv6, e.g. it ignores the protocol, you still have a visible IPv6 address if your router has IPv6 enabled.
>Half of the address is a unique identifier derived from your MAC address, making your device identifiable. No shit, this was always known. MAC addresses can be faked so easily it's a joke.
>No NAT That's fucking great. It's one of the biggest reasons IPv6 is good. >means your ISP can count every connected device on your LAN behind your router 90% of NPCs use the ISP router anyways. >No NAT also means proper firewalling is absolutely essential Not really. Home routers will simply switch from "NAT on by default" to "Deny inbound by default" In enterprise, if you can't configure your firewall you shouldn't have a job anyways >This is all to say IPv6 just over-complicates things while offering zero benefit to the average network That's true. Except purging the awful NAT. But we are used to it's shit by now, so who cares.
And to address everything else in your shitty posts: You can have IPv6 for WAN and still have only IPv4 internally you mongol. You also get to keep your godawful NAT too.
Sage goes in all fields.
Easton Perez
>Only if you're using your ISPs router Got any good info on how to set this up properly?
Christopher White
If you bothered setting pfsense up already, then why do you want advice about firewalls from random anons on Jow Forums?
Jeremiah Stewart
Go fuck yourself op. You retarded and braindead people are what keeping networking back. IPv4 is fucking retarded shit and it should die along with those who thought of it and made it an rfc. If you want privacy, use a fucking vpn. that's what they are for. Let networking be free from IPv4 evil. please.
Kayden Wilson
welcome to 10 years ago, OP
Evan Walker
This is the dumbest post I have read this year
James Sullivan
I never assume I'm smarter than someone I haven't met and welcome any knowledge I can gain. But seriously, I was being facetious.
Zachary Torres
you buy a new router or use an old computer that's it >the current state of Jow Forums
Asher Collins
Why is everything ipv6 suddenly?
Caleb Torres
somehow get the settings from your ISP modem, apply them to your own modem, spoof your modem's MAC address to match theirs.
Ian Nguyen
>No shit, this was always known So why were privacy extensions tacked on AFTER the fact? You can spoof MAC addressees, yes, but nobody is doing that because they're not supposed to be and it disrupts a home network each time, requiring new leases, etc, as you appear as a new device. What kind of a shitty protocol allows global identifiers based on the MAC? >90% of NPCs use the ISP router anyways. So you have no argument. >You can have IPv6 for WAN Yeah, and this is most likely using a global address, your router is identifiable. And makes IPv6 completely pointless because you might as well be using IPv4.
You haven't addressed the issue of no-NAT being IPv6 de facto allowing per-device identification. I don't want my ISP and Google counting each device on my LAN and yet that's what IPv6 mandates as de facto. Your post is shitty, not mine. Read some of the sources I linked. IPv6 is a botched and hacked protocol that is breaking modern production networks. >vpn Not an excuse for the protocol being broken and insecure and on top of that its own privacy amendments being deemed unusable and requiring an even less secure revision. All of the sources I linked are recent. Windows 10 didn't use privacy addresses up to 2018, users were browsing IPv6 with all their devices identifiable globally. FreeBSD in 2017 rejects a proposal to enable them by default. 2014 and random privacy addresses, part of the IPv6 protocol and thus should usable in any situation, take down a production network. Many Linux distros don't enable them by default, which is technically correct as per the RFC. This is an issue right now as we speak, people are browsing the web on IPv6 and their devices are visible and traceable, and yet the push for IPv6 adoption continues to grow with no privacy measures in place.
Liam Morris
>spoof your modem's MAC address to match theirs. does the isp care if you do this? >>the current state of Jow Forums >everyone on Jow Forums has to know everything cmon now, people can ask questions
Jordan Williams
>Read some of the sources I linked. IPv6 is a botched and hacked protocol that is breaking modern production networks. I've read the post in your second post. from all I can see, it's just another braindead sysadmin who, like you, doesn't understand IPv6 and jumps to the conclusion that IPv6 is bad because they don't know how to use it. Every argument you listed in your posts is simply wrong or not an issue, and were refuted by other anons so I won't bother
>Not an excuse for the protocol being broken and insecure and on top of that its own privacy amendments being deemed unusable and requiring an even less secure revision. Expecting privacy from an ip address is like expecting privacy from a phone number. If you want privacy, use a vpn (burner phone). Your argument that we should use a shitty designed internet protocol because you are delusional with your "security" claims. If you don't like stateless config, then use DHCPv6 or static addresses. It's no worse than what you already have with IPv4
Jeremiah Green
The easiest way is to buy a cheap OpenWRT-supported router. Then you probably have to bridge your ISPs router as a modem, and simply plug in the new router and use that for your network. You just use DHCP, don't do anything manually. Why would you spoof the MAC, does your ISP whitelist gateways?
Xavier Long
>So why were privacy extensions tacked on AFTER the fact? Retards complained >but nobody is doing that Everyone and their cat was doing that at one point to get a new ID from Teamviewer. I even saw absolute idiots do it because they were reaching Teamviewer's free session limits. So you'd be wrong. Everyone with a positive IQ can do it. >and it disrupts a home network each time No home network uses leases user. Not even I do in mine. I just set a static on my PC and other devices can go fuck themselves. >your router is identifiable Your router is identifiable anyways what the fuck are you on about? Your ISP already knows who you are. Half the world is using static WAN IPs too, so even google knows who you are too. Unrelated: Dynamic IP country master race. >You haven't addressed the issue of no-NAT being IPv6 de facto NAT was a workaround for IPv4 exhaustion. Why would someone design a new protocol with a workaround in it? Workarounds are always shit. And I did address it. You can have IPv4 internally if you like it. It is easier to type after all, if you are a pleb with no internal DNS.
There is nothing wrong with IPv6. IPv4 and NAT were not designed to keep the amount of devices you have, private. It just ended up happening. If you care, you know what to do.
Blake Harris
>expecting global addresses to not be derived from unique identifiers is unreasonable What are you even arguing against, moron? Why shouldn't, in 2019, IPv6 support random temporary addresses out of the box by default on all applicable systems over global MAC-identifiable addresses or stable privacy addresses? This provides privacy, so it's absolute a valid expectation. IPv6 is bad compared to the perfectly fine out of the box IPv4, because it exposes your LAN by-design. >braindead sysadmin They were using the protocol as designed, how can you say they don't know how to use it?
William Walker
I'll let you guess how i know you don't know shit about security/privacy
Ethan Reyes
>Retards complained I'm going to disregard your entire worthless post, because insinuating that MAC-based global identifiers is "retarded" and invalid to remedy makes you the retard, not anyone else.
i disabled ipv6 a long time ago. i dont know a lot about computers and to me it sounded like any connected device would be able to be accessed by anyone around the world since the router wouldn't be the middle man anymore. i never liked the idea of devices being able to be accessed from the outside world by default. i also didnt like the idea of my server bypassing the router by default. i'm not experienced enough to secure that so i just have it behind the router with only 2 ports open.
and some also require specific VLAN tags, MTU sizes, etc. that need to be set manually
Michael Rogers
>I'm going to disregard your entire worthless post Of course you will. Probably because you realised that neither IPv4 nor the internet in general were designed with privacy in mind. In IPv4, every IP was supposed to be reachable just like IPv6 is now. I bet you want to remove IP addresses from TCP headers too, faggot.
Ethan Williams
>What are you even arguing against, moron? Why shouldn't, in 2019, IPv6 support random temporary addresses out of the box by default on all applicable systems over global MAC-identifiable addresses or stable privacy addresses? IPv6 supports every possible address allocation method you want retard. It literally gives you a block of 18446744073709551616 addresses that you can assign to your clients HOWEVER THE FUCK you want. You want dhcp? use dhcp. you want to use static addresses? fine. Don't want to bother with any config and want it to just fucking work? slap your mac address and go. Want privacy? change your suffix every single time you visit any website. Why the fuck do you care about what the default is? If you are the network admin, then just disable stateless router advertisement and clients will request an address from dhcp. If you are a client, then disable slaac, use dhcp or set your own static address. Are you seriously arguing that IPv4 is somehow better? >IPv6 is bad compared to the perfectly fine out of the box IPv4, because it exposes your LAN by-design. No, IPv6 doesn't expose your internal network and you are stupid for even thinking this. your isp has no way of knowing if you actually have 100 distinct devices on your network or if it's just a single device using 100 different addresses. If you really want to, setup nat66 so everything passes through just one address. It will be exactly like IPv4. Then shove it up your ass while the rest of us can put nat to it's death and embrace the future of natless networking like it was always meant to be.
Your whole argument that IPv4 is better because IPv6 does 'things' is invalid because you can have every possible IPv4 configuration within IPv6, even the bad parts if you want to, since you seem retarded
Julian Martin
Having every IP addressable is a good thing if you're worried just get a actually decent firewall like sane people
Jose Clark
I've been saying for years IoT can go on IPv6 and the WWW and internal legacy LANs should keep IPv4
Isaac Bell
Get a proper router and it's going to generate random identifiers. Also NAT is present to some extent. Probably even consumer grade shit routers do this by now. And stop posting uneducated shit.
Aaron Evans
This is some of the most retarded FUD I've seen in a while
Lucas Perez
eventually it will be even easier to track you specifically, since you'll be the only retard still using IPv4
Gabriel Cooper
I think this only applies to the modem, as the router itself has to support transparent DHCP so clients can connect, in which case you can simply plug in your own router and do double NAT and the ISP is none the wiser.
Cameron Garcia
>router itself has to support transparent DHCP In what ass-backwards ISP do they do that? First time I've ever heard of this
Thomas Phillips
I have a similar issue, if i plug any device (router, laptop, desktop) directly to my ISP's ONT it'll work fine but if i spoof the MAC address on a device and connect it to the ONT then it won't get connectivity until i revert to the original MAC address, why does this happen?
Ryder Morris
How would the average normalfag connect their wireless device if the ISP router didn't do DHCP and if the router whitelisted MAC? It's only the modem, be it cable or DSL, that matters, which is why coincidentally why there's no (few?) open-source firmware support for modems.
Dylan Diaz
but IPv6 is inevitable so what do we do?
Colton Williams
Transparent DHCP means that DHCP requests and leases pass through the router to the ISP like it would from a relay. So the ISP assigns an address for each of your internal devices. I've never heard of an ISP that does that. Now I'm not so sure that user knew what that meant though...
Ryder Martin
That's a whole lot of words just to say "turn on randomized addresses if you use IPv6"
Is the OpenBSD device doing layer 3 routing, or only filtering at layer 2? If it's pf it must be layer 3, right? I don't think pf does layer 2 you need something like ebtables for that.
Need to learn IPv6, what are some good guides that are actually written well and not just copy paste of RFCs or pajeet plagiarism?
Colton Walker
anybody knows pls respond
Jack Fisher
how do i disable in debian for lesbians?
Lucas Morgan
It only uses your MAC address if you configure it with SLAAC, you can use DHCP instead.
Matthew Richardson
I use OpenWRT. Do I need to change any settings or are the default settings secure enough?
Sebastian Carter
That's called EUI64. You can disable that if you want with privacy extensions.
John Jones
The ipv6 firewall in openwrt is default deny. you can set up a rule to forward by interface ID.
Isaiah Gray
In IPv6, DHCP is not typically used to get an address from the router like it is in IPv4. DHCPv6 is a much different protocol that's mostly used for your router to request a large block of IPs from your ISP.
Instead, what you want is RFC 4941 SLAAC privacy extensions. You probably don't have to configure it, it is usually the default.
On Linux, IPv6 privacy extensions are supported by NetworkManager, but are not the default. To enable it, add "ip6-privacy=2" to the config file.
I have also just set up default OpenWRT 18.02. I have disabled IPv6 on my machine, so no IPv6 connections outbound from client. However, what's disturbing is, if I go to google.com/search?q=what is my ip , it shows my public router IPv6 address even though my computer isn't using IPv6. So OpenWRT is routing IPv4 outbound to IPv6, and this IPv6 address is the global one tied to the router MAC. So it's probably best to just disable IPv6 in OpenWRT if you have no need for it - at least that's what I'm doing.
Dominic Anderson
>if you value your privacy I really don't, the truth will set you free. If you want to spy on me, then so be it. You will learn what you want to learn about me.
Justin Smith
>Half of the address is a unique identifier derived from your MAC address, making your device identifiable.
Yes, but if not websites such as Google will be able to view your mac adress and low level specs such as CPU make and motherboard make. And of course these websites will use this to serve ads. Also its dangerous for normies who dont know how to properly setup a firewall
Easton Barnes
ok normiefag. Do you use Windows 10 annon? Do you Use Instagram annon?
Jack Morgan
>normiefag No. >Do you use Windows 10 annon Yes. >Do you Use Instagram annon? No.
In the rare event any of this GNU/FUD is true, I couldn't care less. Nothing to hide, nothing to fear. Oh no someone might read the post I make public on the internet, or spy on me while I make commits to open source software, or read my private conversations about what American silverware is like to Chinese students. If only I had some privacy.
Joseph Miller
yes to both nigga, what's up
Elijah Gonzalez
>nothing to say, nothing to fear >I don't care, therefore I will drag down everyone who does with me
Luke Nguyen
its nice to actaully talk to people without being intercepted by a third party. But i mean, microsoft doesnt need to see who you follow on normiebook and doesnt need to bug your microphone to serve your ads, or even view all the programs you are running on your system. I mean the line has to be drawn somewhere.
Michael Cruz
>not changing your IP address every 30 seconds since you have a /64 sad
Noah Davis
I don't care about you as well.
Joshua Perry
When did I say you had to use what I use?
None of it effects me which is why I really don't care. I have no problem with marketplaces knowing what I like since it makes it only makes things more convenient for me. >but doesn't it upset you that they make money off of that data Not in the slightest. If people like Amazon want to buy my data to find out what kind of food I like and put it in my recommended section at no cost to me, I want that. If Google wants to buy my data to know what kind of people I like so they can do the same with video on youtube, that's more than fine by me. >looks like user likes cute asian women, we'll push them to the front page What a nightmare!
Nathan Morgan
So naive. You think that's all that data is good for?
Nathan Scott
got no privacy right now anyways, I'm not a Jow Forumsentooman, so I don't know how a lot of this shit works and I don't want to just start doing shit I don't know, but i've been reading a book on networking so I learn how things work. so for now I've accepted the botnet knows too much,nothing I can do I don't wanna half ass trying to escape the botnet by doing what people tell me to do without knowing how it all works
Brayden Mitchell
Feel free to enlighten me, I'm not as interesting as you seem to think I am. What are you so afraid of that you must give up your personal freedom and comfort to hide.
Lincoln Gonzalez
>Go fuck yourself op.You retarded and braindead people are what keeping networking back.IPv4 is fucking retarded shit and it should die along with those who thought of it and made it an rfc.If you want privacy, use a fucking vpn. that's what they are for.Let networking be free from IPv4 evil. please.
>Go fuck yourself >You retarded and braindead people lol >IPv4 is fucking retarded shit orange protocol bad >it should die along with those who thought of it and made it an rfc death is the punishment for wrong think
>IF YOU WANT PRIVACY ipv6 is anti-privacy > IPv4 evil. orange rfc bad
>google can enumerate your devices literally don't give a fuck >your interface is identifiable only if you use slaac >your network is identifiable only if your isp assigns you a fixed prefix (I wish)
Let me guess: you are like the people about "muh do not use vaccines", right?
Why do not you also disable IPV4? Fucking retard!
Nicholas Morales
Run these two to disable Ipv6 sysctl -w net.ipv6.conf.all.disable_ipv6=1 sysctl -w net.ipv6.conf.default.disable_ipv6=1
Asher Ortiz
>afraid of ipv6 i bet you still use windows 7
Jonathan Thompson
Hello?
Joseph Reed
If there's so many issues with ipv6 why don't we just upgrade to ipv5?
Jaxson Parker
This disables in-kernel, including for LAN (plus it's not persistent, you have to edit some conf). But disabling WAN6 in luci web interface appears to allow LAN IPv6 while disabling harmful WAN IPv6.
Aiden Harris
>Half of the address is a unique identifier derived from your MAC address, making your device identifiable. Isn't making your device identifiable is the whole purpose is IP?
Blake Reyes
>Hey, look at me, I'm retarded!
Landon Smith
Only retards oppose IPv6. Also, not having NAT actually makes it harder to censor content and alloes true decentralized communication. IPv6 is in no way worse for privacy than IPv4: as long as you use your real ip, you're trivial to track regardless.
Tyler Reyes
Problems with NAT: Let's say you want to encrypt an IP packet with IPSec and then send it over a NAT:ed connection. IPSec has two modes. AH and ESP. AH = The entire packet is verifiable that it was sent and not modified along the way. ESP = Only the payload is verifiable.
When you send a packet in AH mode, the IP headers are included in the HMAC function. If a single bit in the packet is changed, the end device can detect it.
In ESP mode, only the payload is verifiable. This allows routers and other devices to do things such as swap out the IP header for another one (NAT:ing them) without the HMAC breaking. The drawback of this is that there are portions of the packet which can be freely modified with no way for the IPSec devices to detect it.
Gavin Brown
Another problem happens when packets are fragmented. Let's say you have a packet that is too big and needs to be split into two in order to get sent over a link. The source and destination number are only in the first fragment, not the second one. What happens if fragment 2 arrives at a NAT:ing device before fragment 1? Since NAT functions by changing the port numbers, the router/firewall will not be able to do NAT:ing until the first fragment arrives, which causes delays and the need for larger buffers. Without NAT, the router/firewall can just ignore the ports and send fragment 2 as soon as it arrives.
What if an application uses IP addresses for something? Let's say a program includes the host's IP address in the data field for some reason. If such a packet is sent over NAT, the header info and payload will not match, since the header was modified. Something in the payload might also reference the IP header, and if that changes the data inside the data field might not function as it should.
NAT also breaks routing protocols because there are quite a few of them, and they all use their own packet formats which NAT devices don't always have special formatting implemented for (and even if they did, changing the packet might break integrity checks).
NAT can also be a headache when doing firewall rules, when the firewall itself is the NAT-device. Does the NAT:ing happen before or after the firewall rules gets processed? So if a device gets translated from 10.10.10.10 to 192.168.10.10, do I write the firewall rules as "allow 10.10.10.10" or do I write it as "allow 192.168.10.10"? Minor issue, but it has caused problems for me before.
NAT also requires more configuration in the network (at least static NAT), which adds to the burden of documentation and maintenance. Moved one server? Suddenly you may need to update the NAT rules in 2-3 places.
Nathaniel Russell
>Problems with NAT I'll help you user STUN
Logan Roberts
There are more issues too, like the specifications for NAT being kind of fussy, and behavior verifying from different devices, NAT causing issues when the initiator of the traffic is on the outside of the NAT (why we need port-forwarding), and so on.
IPv6 do not use ARPs anymore.
The reason why we had ARP was to figure out the MAC address associated with a specific IP. In IPv6, ARP has been replaced with "Neighbor Discovery" (ND). ND is like ARP but with more functions. For example it is used in the duplicate address detection (DAD) which allows for automatic assignment of IP addresses without the need for a centralized DHCP server. ND can also be used for mapping and discovering MAC addresses associated with a specific IP address.
I'll be honest, I've never used that for more than a simple test. Sounds like it won't work on mid-large networks though.
Cameron Carter
OP is a fag. Lack of NAT is a feature, not a bug. Learn what socket pressure is and why torrenting chokes up your router. Also learn what IPv6 privacy extensions are you triple fucking nigger.
Gavin Myers
If IPv6 is "anti-privacy", so is IPv4, except IPv6 doesn't suffer from as many potential MITM attacks due to NAT not being pretty much mandatory. Also, you sound gay.
Brayden Adams
NAT wouldn't be a big deal if every implementation used a simple full cone mode. but cheap fucks had to come up with symmetric shit because there are only 65535 ports per ip and is easily exhausted by as few as 500 clients. But instead of adding IP addresses to support more clients, they opened the gates of hell and summoned symmetric nat, which is practically impossible to defeat without fully relaying data between parties.
Almost every NATed network, except for home networks (assuming ISP doesn't utilize cgnat) is guaranteed to be symmetric. It's shit and breaks every form of p2p applications. We need to move away from IPv4, IPv6 is fucking awesome. There is literally nothing wrong with IPv6 that cannot be solved by changing the default configs. OP's whole argument is that the defaults don't work for him so his solution is staying on god awful shit IPv4
Connor Hall
>It literally gives you a block of 18446744073709551616 addresses that you can assign to your clients HOWEVER THE FUCK you want.
But it that enough.
Chase Brown
>tfw my ISP still doesn't offer IPv6 despite bragging about it since 2011