> But, there are billions of other devices (IoT etc). that barely has any security protections in place that rely completely on not being exposed to the outside world.
Yes. And you can not-expose them via default deny firewall rule.
My home printer had an IPv6 in a prefix assigned from my ISP, but it was not accessible to the Internet (it was actually ping6-able because my Asus allowed ICMPv6 by default, but I could not connect to its web interface, like I can internally). Neither could I SSH into my macOS desktop or laptop from the outside (but could between the two internally).
And even if my globally addressable devices were globally reachable (which they were not), good luck scanning a /64.
Yes. And you can not-expose them via default deny firewall rule.
My home printer had an IPv6 in a prefix assigned from my ISP, but it was not accessible to the Internet (it was actually ping6-able because my Asus allowed ICMPv6 by default, but I could not connect to its web interface, like I can internally). Neither could I SSH into my macOS desktop or laptop from the outside (but could between the two internally).
And even if my globally addressable devices were globally reachable (which they were not), good luck scanning a /64.