Improve Default IPv6 ACL/Firewall Policy
The current default eero IP ACL policy for IPv6 permits inbound ICMP6 echo requests to individual internal/global IPs. As a result after determining the IPv6 address of given users specific devices low traffic persistent network scans can undermine privacy by creating a map of when specific household members are at home, etc.
Either defaulting to filtering inbound ICMP6 echo requests on the WAN to anything other than the eero gateway node itself, or enabling an option for such filtering would solve this problem.
Should more advanced pinholes/ACL management be possible in the future for TCP and UDP ports this could then possibly be a part of that. In the meantime preventing this information leakage would be helpful and not require much effort.
ICMP6 network floods can also be sent and instead of just occupying WAN bandwidth, consume in-home air time for radios, despite being unsolicited. The nature of NAT for IPv4 users prevents both of these scenarios by default until IPv6 is enabled.