[connection]

# Generate the stable SLAAC IPv6 address using RFC7217 ("stable privacy").
#
# Normally IPv6 SLAAC can derive the interface identifier directly from
# the device MAC address using the legacy EUI-64 scheme. This exposes the
# hardware MAC inside the IPv6 address and allows long-term tracking.
#
# The "stable-privacy" mode instead derives the address from a secret
# kernel seed and the network prefix. This produces a deterministic
# address that stays stable within the same network but does not reveal
# the device MAC address.
ipv6.addr-gen-mode=stable-privacy


# Enable RFC4941 temporary IPv6 addresses and prefer them for outbound
# connections.
#
# These temporary addresses rotate periodically and are used for outgoing
# traffic to reduce the ability of remote servers to track the device
# across connections.
#
# The interface will still retain a stable address (generated above) for
# inbound connections, but outgoing traffic will prefer the temporary
# ones.
#
# Values:
#   0 = disable temporary addresses
#   1 = enable but prefer the stable address
#   2 = enable and prefer temporary addresses
ipv6.ip6-privacy=2


# Use a per-connection DHCPv6 client identifier.
#
# When a network uses DHCPv6, the client must identify itself with a
# DHCP Unique Identifier (DUID). By default NetworkManager generates a
# single identifier derived from the system machine-id, meaning every
# network sees the same persistent identifier.
#
# The "stable-uuid" mode instead generates a different identifier per
# connection using the connection's stable-id and a host-specific secret.
# Each network therefore sees a different DHCPv6 identity while still
# receiving a stable identifier across reconnects.
#
# This prevents cross-network tracking while maintaining normal DHCPv6
# lease behavior.
#
# Note: many IPv6 networks rely only on SLAAC and do not use DHCPv6, in
# which case this setting has no effect.
ipv6.dhcp-duid=stable-uuid