Isn't it a huge security issue to include the MAC address inside of an IPv6 address by default
772
Many times you don't want to be identified while surfing. For one thing your browsing history might be sold without your knowledge, and with no benefit to you.
Whether or not it is a 'major concern' is a point of opinion, but this idea has been had before, and resulted in action. Microsoft itself proposed an RFC to cover just this. RFC 4941, Privacy Extensions for Stateless Address Autoconfiguration in IPv6 (Sept, 2007). IIRC, Windows defaults to use this, the Linux IPv6 stack has this as an option (your distro-of-choice may already set it by default), and OS X 10.6 also has support. That's a very large portion of end-user devices right there.
Yes, that is a concern, and it is the reason some operating systems intentionally do not use the EUI-64 standard, preferring to use random data for the last 64 bits of their address.
Whether or not it is a 'major concern' is a point of opinion, but this idea has been had before, and resulted in action. Microsoft itself proposed an RFC to cover just this. RFC 4941, Privacy Extensions for Stateless Address Autoconfiguration in IPv6 (Sept, 2007). IIRC, Windows defaults to use this, the Linux IPv6 stack has this as an option (your distro-of-choice may already set it by default), and OS X 10.6 also has support. That's a very large portion of end-user devices right there.
Yes, that is a concern, and it is the reason some operating systems intentionally do not use the EUI-64 standard, preferring to use random data for the last 64 bits of their address.