Those IPv6 privacy extensions still reveal when the same node connects to a sequence of destinations within the address change interval, though. E.g. observers can see a single device connects to Facebook, OnlyFans, Pornhub and PayPal in that order.
Behind a NAT, observers can only make that connection (using only addresses) for the network as a whole, instead of an individual device on the network. So the privacy extensions are weaker than NAT
(If the IPv6 privacy extensions used a different address for each connection, they would be more like NAT in this regard.)
That said, other observable clues still allow connections from a single device to be associated, NAT or not. There's TCP OS fingerprinting for example, and the close timing of related connections.
That requires someone who has the ability to monitor all your traffic - ie the government, your ISP, or a hacker who has infiltrated one of those two.
In this scenario it's a lot more work trying to map out your infrastructure than to try performing a MITM connection against some of your outbound traffic.
Behind a NAT, observers can only make that connection (using only addresses) for the network as a whole, instead of an individual device on the network. So the privacy extensions are weaker than NAT
(If the IPv6 privacy extensions used a different address for each connection, they would be more like NAT in this regard.)
That said, other observable clues still allow connections from a single device to be associated, NAT or not. There's TCP OS fingerprinting for example, and the close timing of related connections.