According to TheRegister.com, Cloudflare researchers Vasilis Giotsas and Marwan Fayed published findings last week revealing that Carrier-Grade NAT (CGNAT) traffic faces three times more rate limiting than non-CGNAT traffic, despite having lower bot scores indicating more human users. Their research analyzed over 200,000 CGNAT IPs, 180,000 VPN and proxy IPs, and nearly 900,000 other relevant IPs, finding that CGNAT is more heavily used in Africa and Asia where IPv4 address allocations were historically smaller. The problem stems from hundreds or thousands of users sharing a single IP address, causing security systems to inadvertently block or throttle entire groups when one user engages in malicious activity. This creates what researchers call “an unseen source of bias on the Internet” with profound implications for digital equity.
Sponsored content — provided for informational and promotional purposes.
The Architecture of Inequality
What Cloudflare’s research reveals is a fundamental architectural flaw in how we’ve managed the IPv4 exhaustion crisis. CGNAT was conceived as a temporary bridge to IPv6, but like many temporary solutions in technology, it has become permanent infrastructure. The core issue isn’t just technical—it’s geographical and economic. Nations that were early internet adopters, primarily in North America and Europe, secured massive IPv4 allocations that now function as digital real estate. Meanwhile, countries that embraced digital transformation later, particularly in Africa and Southeast Asia, inherited address scarcity as a permanent condition. This creates a two-tier internet where your geographical location determines whether you get individual IP sovereignty or shared address space that marks your traffic as suspicious by default.
Security Systems Broken by Design
The real tragedy here is that current security infrastructure operates on fundamentally flawed assumptions. Most bot mitigation and firewall systems were designed during an era when one IP generally meant one user or device. That paradigm hasn’t existed for years, yet security vendors continue selling solutions based on this outdated model. The result is security theater that penalizes innocent users while providing a false sense of protection. When an ISP throttles a CGNAT IP because one user among thousands triggered a security rule, they’re effectively practicing digital collective punishment. This approach doesn’t just hurt user experience—it undermines trust in internet infrastructure itself.
The IPv6 Mirage
Cloudflare’s researchers correctly note that IPv6 adoption would solve these problems, but they’re being overly optimistic about the transition timeline. The reality is that we’re stuck in a classic chicken-and-egg scenario: content providers won’t prioritize IPv6 until enough users have it, and ISPs won’t aggressively deploy IPv6 until content is readily available. Meanwhile, CGNAT provides a “good enough” solution that kicks the can down the road. The deeper problem is economic: CGNAT allows ISPs to continue monetizing their existing IPv4 investments while delaying the capital expenditure required for full IPv6 deployment. This creates perverse incentives where maintaining a broken system is more profitable than fixing it.
Beyond Technical Solutions
What’s missing from this conversation is acknowledgment that this isn’t just a technical problem—it’s a policy and equity issue. The digital divide is no longer just about access to internet connectivity; it’s about the quality and fairness of that access. When users in developing regions systematically experience more throttling and blocking despite being less likely to engage in malicious activity, we’ve created a system where your internet experience depends on your geographical accident of birth. Regulators and standards bodies should be treating this as a fundamental rights issue, not just a technical optimization challenge. The fact that this bias has remained “unseen” for so long suggests we need better transparency requirements for how ISPs implement traffic management.
The Road Ahead
The solution requires coordinated action across multiple fronts. Security vendors need to develop CGNAT-aware systems that can distinguish between individual users behind shared IPs. ISPs must implement more sophisticated traffic management that doesn’t punish entire user blocks for individual actions. And the internet community needs to stop treating IPv6 as someone else’s problem to solve. Most importantly, we need to recognize that technical decisions made decades ago about IP address allocation continue to shape global digital inequality today. Until we address these architectural biases, we’re building an internet that systematically disadvantages the very regions where growth and innovation are most needed.
