It's virtually always used with some firewall rules, so it sort of is? It's just dogma to insist that there are no security benefits to having a single choke point for traffic.
The firewall is very much a separate thing, and part of the efforts to make v6 properly available for home customers was introducing somewhat standard firewall setup that replicates what people think NAT does for security (and what NAT definitely does not do, if only by virtue of being broken by the classic connect/connect vs connect/listen connection)
It's almost always done in devices capable of being firewalls because many-to-few translations require stateful tracking. Firewalls already did that, so it was a natural place to apply NAT policies.
NAT also include many-to-many and one-to-one translations, and those are just as easily implemented in anything routing with no extra memory and complexity required. This is sometimes referred to as symmetric NAT.
The firewall rules are what is providing the protection, by applying a policy that traffic must be initiated by a host on the "more trusted" network or whatever your prefered terminology is. That can happen without NAT and does all the time. Techniques for forcing translations have been well known as long as NAT, and there are probably some unobvious ones out there too. In the 1990s it was still common to get multiple IPv4 addresses if you went to the trouble of having ISDN or whatever, and they were equally protected by a firewall that did not do NAT.
You can clearly see an initial steep spike to the curve where mobile adoption was new and fierce, and then the curve starts slowly becoming less steep over the last 10 years. It will peter out and remain steady when mobile device adoption reaches critical mass.
Because all that usage is in one market space, mobile device only. Take mobile devices out of the picture and that graph would be through the floor.
Mobile and Telco ISPs are the only ones not issueing IPv4 addresses to their clients and this will never change.
Saying NAT 'Won Out' may have been a bit of a flippant overreacting statement which I apologise for, but IPv6 will never replace IPv4 outside of the mobile space and that was my core point I was (poorly) trying to make.
You mean the single largest increase in deployed computing devices in the history of computing and fastest growing type of deployment in the developing world? That mobile device space?
Yes, that mobile space which is only made up of a few ISP and device types, that mobile device space which is completely seperate to the rest of the internet infrastructure of the world.
No, as I pointed out in another reply to you, home internet is commonly dual-stack (at least in the US and many other countries), and machines with dual-stack connectivity can and do use IPv6 to connect to sites that support it. You can verify this yourself using Wireshark or similar tools.
Yes, I have done many times. You know what else Wireshark showed me? That even though my ISP and all my equipment have IPv6 addresses, they never use them by default.
It’s amazing to me that you’ve spent hours arguing this point on this thread, when it‘s based on an assumption (dual-stack machines use v4 by default) that is simply, verifiably wrong. If that were true, then you’d be right that nearly all IPv6 usage is attributable to mobile. But it’s not true!
"IPv6 just turned 30" - literally the first part of the post title.
The rest of the post is equally baffling, you are just clinging to a legacy bottleneck (NAT) that was never designed to be a security feature