[eythian]

My feeling with privacy extensions is that it's more to prevent enumeration of a network by looking at outgoing traffic. It may have a degree of tracking protection too, but that's probably less important, and is about equivalent to everything being behind a single NAT address.

[simoncion]

The RFC 4941 problem statement [0] notes that an attacker who can look at outgoing traffic from a network will not be thwarted by "privacy" addresses. The background section of that document goes on to say that "privacy" addresses do little-to-nothing to thwart correlation attempts against client networks that have few hosts on them.

IMO, something like what's described in RFC 7217 [1] (changing the interface identifier used for "permanent" addresses from the interface's MAC address to something that mixes in the advertised prefix) is a much better way to address the concerns described in section 2.3 of RFC 4941.

[0] <https://datatracker.ietf.org/doc/html/rfc4941#section-1.2>

[1] <https://datatracker.ietf.org/doc/html/rfc7217#section-4>