While antivirus software pioneer John McAfee is in the media spotlight for his long-shot Libertarian presidential run...
I'm sorry, but if he's "in the spotlight" for his presidential run, it's pretty dim, maybe needs a new bulb.
All of this is boiling over to what exactly is considered "YOUR" information in the digital age? Nobody seems to be asking this question.
As a minimum if you don't encrypt it before tossing it out onto unknown public and private networks you don't control, you've already said you don't care who sees / reads / hears / metabolizes your data.
Misfeatures of UPnP: A) only for IPv4/NAT gateways; B) proprietary specification; C) defined as profile of SOAP over UDP (so very wide attack surface); D) allows every client to make 3rd-party port maps by default (so very insecure by design).
Corrections in PCP A) works for IPv4/NAT and IPv6 gateways (NAT and w/o NAT); B) open IETF specification; C) defined as simple binary protocol (so very narrow attack surface); D) disallows 3rd-party port maps unless optional extension implemented (so less insecure by design).
You need something that does this if you have a firewall (whether there is NAT or not). If you have an IPv6 gateway, then see RFC 6092 section 3.4 Passive Listeners for an explanation. That RFC is referenced by CableLabs and BBF specs, so it is what you should expect to see in most provider-provisioned home gateways in the near future.
Seriously, PCP is what you need to use for this. Does this suck? Maybe. Depends on whether you think having firewalls everywhere denying all inbound traffic to passive listeners by default is a good idea. If you think that's a good idea, then PCP doesn't suck. Deal with it.
> So how do you propose that my game on a machine on NAT arranges to receive UDP through the firewall? I'm supposed to manually configure firewall rules for each game? And then change them all if my IP changes?
Ladies and gentlemen, I give you Port Control Protocol [RFC 6887].
Another feature of the AirPort home gateway product line is that it doesn't have any UPnP support, which is the attack surface that has been proven to be so difficult to secure. It also doesn't have an embedded web server for administration and configuration, using instead a proprietary Apple protocol between the firmware and the AirPort Utility rich client program that runs on OS X, iOS and Windows. The attack surface on the AirPort home gateway is really small compared to other products.
Too bad Apple will probably never make another one.
I work for a small hosting/cloud provider...
And that is where I stopped reading. What you really mean is your company resells shared hosting on virtual servers...
fc00:/7 are *not* private addresses. They are globally scoped, but non-globally routable.
A complex system that works is invariably found to have evolved from a simple system that works.