That's a pretty weird threat model. Like, yeah commands you run on your machine can expose information about that machine.

Only in IPv6 world... in IPv4, it's all safe

Nope, iproute can still show your Mac address. And a curl ipinfo.io can show your public v4 address.

Mac address is absolutely safe in IPv4 world - the only info it gives is the network card manufacturer.

And people don't usually share "curl ipinfo.io" output unless they plan to share their external IP (unlike "ifconfig" output, which is one of the first things you want to share for any sort of networking problems)

See the top comment in this thread:

Target #2 [IPv6] gives aways 90% of the game at attacking it (we even leak some device specific information, so you know precisely where it's weak points are)

You may not consider Mac address to he important, but the context of this conversation did bring it up. Of course they forgot the fact that most v6 addressing doesn't expose Mac addresses anymore.

Especially as if someone is able to capture ifconfig data, they can probably send a curl request to a malicious web server and expose the NAT IP as well.

Just because you can think of scenarios where the IPv4 setup doesn't make a different doesn't discount that there are scenarios where it does.

Someone being able to observer some state is a different model from someone being able to perform actions on the system and the former has many more realistic scenarios in addition to the ones of the latter.

People post their ifconfig data all the time, example: https://forums.linuxmint.com/viewtopic.php?t=402315

Or if you happened to curl ipinfo

Or if you had a script that did that and put the public v4 address in your taskbar.

> Or if you had a script that did that and put the public v4 address in your taskbar.

do people still do that? Dynamic DNS is offered by so many providers now...