© 2018 Elsevier B.V. A comprehensive privacy model plays a vital role in the design of privacy-preserving RFID authentication protocols. Among various existing RFID privacy models, indistinguishability-based (ind-privacy) and unpredictability-based (unp-privacy) privacy models are the two main categories. Unp. *-privacy, a variant of unp-privacy has been claimed to be stronger than ind-privacy. In this paper, we focus on studying RFID privacy models and have three-fold contributions. We start with revisiting unp. *-privacy model and figure out a limitation of it by giving a new practical traceability attack which can be proved secure under unp. *-privacy model. To capture this kind of attack, we improve unp. *-privacy model to a stronger one denoted as unp. τ-privacy. Moreover, we prove that our proposed privacy model is stronger than ind-privacy model. Then, we explore the relationship between unp. *-privacy and ind-privacy, and demonstrate that they are actually not comparable, which is in contrast to the previous belief. Next, we present a new RFID mutual authentication protocol and prove that it is secure under unp. τ-privacy model. Finally, we construct a RFID mutual authentication model denoted as MA model, and show that unp. τ-privacy implies MA, which gives a reference to design a privacy-preserving RFID mutual authentication protocol. That is, if we propose a scheme that satisfies unp. τ-privacy, then it also supports mutual authentication.