diff --git a/preseed/lipnsa.hook.sh b/preseed/lipnsa.hook.sh
index 1b90bf55fc92cded350136d20f0362801a03a620..af948c1c6e343dad2739fe4382a798a953e1f30a 100644
--- a/preseed/lipnsa.hook.sh
+++ b/preseed/lipnsa.hook.sh
@@ -153,7 +153,10 @@ else
 	log_success_msg "> saved architecture"
 fi
 
-ip link > "${DIR}/ip-link" 2>&1
+# regexp replaces the last half of MAC adresses with :xx:xx:xx
+#   -> we still get the OUI and should be able to infer vendor stats, without saving
+#      the NIC specific part (that could be misused for identification/spoofing)
+ip link | sed 's/^\( *link\/[^ ]* \)\([0-9a-fA-F:]*\)\(:[0-9a-fA-F:]\{8\}\)\( .*\)/\1\2:xx:xx:xx\4/' > "${DIR}/ip-link" 2>&1
 if [ $? != 0 ]; then
 	log_failure_msg "> could not save ip devices"
 else
@@ -176,7 +179,7 @@ fi
 
 if [ -d /sys/firmware/efi ]; then
 	echo "yes" > "${DIR}/efi" 2>&1
-	
+
 	ls /sys/firmware/efi/efivars | grep -i SecureBoot > "${DIR}/secureboot"
 	if [ $? != 0 ]; then
 		echo "not found" > "${DIR}/secureboot" 2>&1