On IPv6-enabled hosts, ifupdown generates an EUI-64 address for the interface. This is a major privacy issue, because EUI-64 can be reverse-mapped to a specific MAC address and therefore to a specific physical host. Setting privext=2 doesn't solve the issue, since it merely makes the kernel prefer the privacy address.

RFC4291 EUI-64 generation is deprecated. What's instead favored is RFC7217 stable privacy addressing. It would be a good idea for ifupdown to implement this. The current upstream for dhcpcd (not yet packaged for Debian, but waiting in Mentors) contains a good implementation of this RFC.

- -- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-12-amd64 (SMP w/8 CPU threads)
Locale: LANG=fi_FI.utf8, LC_CTYPE=fi_FI.utf8 (charmap=UTF-8), LANGUAGE=fi:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages ifupdown depends on:
ii  adduser   3.118
ii  iproute2  5.10.0-4
ii  libc6     2.31-13+deb11u2
ii  lsb-base  11.1.0

Versions of packages ifupdown recommends:
ii  isc-dhcp-client [dhcp-client]  4.4.1-2.3

Versions of packages ifupdown suggests:
ii  ppp     2.4.9-1+1
pn  rdnssd  <none>

- -- no debconf information
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEyJACx3qL7GpObXOQrh+Cd8S017YFAmIsTSIACgkQrh+Cd8S0
17bMmhAArd5O0KO79zlKbLb9KJw8Jg+YSpRLnYVMVDWl3j1lDq2o1CKmw2cL5T/B
NmMXJ+9FvZQpGyibldXssMVFfkcDOUhyc4AkNhdvXfmap2YY8mpvdaerZF5jec89
BuYe04tvRmMUJylN0ABdu1mOFSUAGdRzLz2Bspcc3sSVRqrAFCejFi5cUaW7lLDF
zuZNvVOLu/fMhOyeHF11DGfv8xLr9q6hNYg2SNhrSWLcUc1+ax2xiYCa2E2JX3Od
S/efxI2oGwSGpbRZWlm1nHKQCHmay88A4GVARBRzGQno+yuiUuQW7hsqhmEO6HH1
AQ1qBCbFacsrO9duHmhohUBRDGnkdMH2CKak2fdJoP2NogliNF0KHlfI29hUBp2c
7L1rQ0UNMtrozm3bIILOWS1wNqWtc5Zs+Rri520R0japILCgTw6oKof59Sv258un
q6XmwUPsuq48A3CvDBwqITfIO3i+moIUZtZrDNCP9qdzQE4aLPun8woFzUncXsTg
0A2X1oYy3VQoOLCWQ9FEvYegvGR/k3Ntezx/jqGH8bzMy7/wugf4T4gya8Zcln5f
Nec3A/RnD9ZS7qVRpv8lLUHpsM9cjm/7mIAtyUdXCJ/DKnErjSNTrAtbYCMS8v4c
EOV9OB6V+DoL3OtgBV8Ls4lJsd6rzvcF4SuiX4iv9mjNvZtHpiw=
=jMxm
-----END PGP SIGNATURE-----

Greetings,

Any progress on this?

Martin-Éric
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEyJACx3qL7GpObXOQrh+Cd8S017YFAmPSZTUACgkQrh+Cd8S0
17Z8vQ//aToLt6QNZt/Lpu+rViZ9XBSzpu6Jqi9GXIVEtnCLCnK1WuRJxyF6AEK0
v5r2+fl6nEAH/IlRPSNFBnJh0ywjqvBtVT0e3gLuy30cmIstY29TGyEd76fpuxyY
9CxfDToH/rjWu9vbiIBHtsbkg2suu56DPJbJggEatpzAShzG84i4/veZtCCMCpz7
RazIrD/O0UcUD63+a1BwSkLgl86WxWH0uvgVoFaW0ii47OtP6/k9aoy144YU0dka
wUjCgl6+tV1yInfwrebArFN6rIcTx3HfRxYwpIf8pKnjbb0V8KuIknAs/PmmvAku
tTmv/qYlCTbYd8I6c0Hl5waD5AWJY1AING3tbsvbEooAoVgqkhvnauuUoITZWsg1
xQ7M2FwrHN10uoFID1FcWI5f9TAa+tZt/qh4WJHZlvO8HCf9UQXFPqlsmdgQIuub
EcFXbbYyyFGCOktR4bXXxB094bE8wYzHzxwEcdpkg3bZWPU+nS7Q+oPzmptsp1qY
zvdazBMaDJX5zfkpShiKO0aa1xtL7ILEYfOh9MnirF6MASiNtI5Bzq5rv36dYnCS
DhZmM3LtZHG9tG6cEGRY2IKYohU8h9zURyvzU3+nkVInlRmQasIARbqmD5FHpHs9
BcL1IWaikmkuxJKEkV2jOq4cUYXbVcBMQIpxkXghFwmxKYBo5ew=
=CmNm
-----END PGP SIGNATURE-----

Hi,

El 26/01/23 a las 13:34, Martin-Éric Racine escribió:

None for the moment. But thanks for the ping. I acknowledge this is an
important bug.

I see what I can do ASAP.

Cheers,

Es gibt eine Familienspende in Höhe von 1.850.000,00 USD von Cheng Charlie
Saephan. Bitte antworten Sie für weitere Informationen. Denken Sie daran,
Ihrer Familie und den Bedürftigen in Ihrer Umgebung Gutes zu tun.

Dies ist bereits der zweite Versuch, Sie zu erreichen. Bitte antworten Sie
für weitere Details.