I think the Ubuntu installer should come with a checkbox option: [ ] Leave me naked on the Internet and STAB ME IN THE BACK. Regardless of whether it's checked or unchecked by default, I have a feeling most people aren't going to want that. Right now, I'm typing on an operating system where Samba defaults to settings that basically amount to, "Don't let anything work unless the user manually edits a configuration file," which is presumably for the sake of security (unless it's for the sake of deliberately hassling users). If security is prioritized over functionality, the same should go for privacy...yet this same operating system freely gives my MAC address to anyone I bump into with IPv6, because it's more functional...and get this: It's not even more functional for ME, but for hypothetical system/network admins who aren't even using my computer. You have to be kidding me. I cannot BELIEVE the attitude of system admins on this board. "Oh no, this will make forensics so much harder..." Yes, that is the point. (It's ironic that these comments are positioned so closely to comments saying that the privacy extensions don't effectively protect privacy. Obviously, they do so enough to make forensics a pain in the butt, so they're accomplishing something good at least.) "It'd be okay if just a few rogue users used privacy extensions, but when it's set to default and everybody does it..." Yes, that is once again the whole point. To the extent that it affects me as an end user, "forensics" = tracking, and it's not something I particularly appreciate. This may come as a surprise, but end users are not in the business of serving system admins who want to track them and/or snitch on them when some copyright mafia comes knocking. An end user's operating system should exclusively serve the end user, not others who may have conflicting interests. Writing software that obeys and serves the user [as opposed to potentially adversarial third parties] is such a cornerstone of free and open source software that the correct course of action here should be a no-brainer. Anything else is a betrayal. Did I mention copyright mafias? Let's take that up a notch and consider the ramifications of default "ass hanging in the wind" policies in totalitarian countries without free speech. A journalist/whistleblower/political dissident or such can use encryption, a VPN, etc. all she wants, but her IPv6 address may be the one weak link that ultimately ties all of her activity together and betrays her to the people who want nothing more than to identify, torture, and kill her. There is simply no excuse for leaving an obscure hole like this open by default, especially considering that most people are completely unaware of it. Are there lots of other ways for people to track you? Sure. Browser fingerprints are a problem, and that problem should be dealt with...but there are in fact solutions that are being increasingly adopted, and this problem is restricted to web browsers anyway. The existence of such a problem does not justify saying, "Well, let's just give up on user privacy and broadcast our friggin' MAC addresses to everyone we bump into, so we can be persistently tracked across any and all protocols and applications using IPv6." There are certainly a lot of bases to cover when it comes to privacy, but sensible defaults go a long way toward plugging the holes. Now, if you're a system admin in an actual enterprise environment where you legitimately have control over a large number of end user PC's (e.g. employee PC's), then changing the default IPv6 settings should not be an issue for you...because, after all, you're the one who installed the OS on all of these computers in the first place, right? Each one can be updated with the same modified config file, and this is made even easier if they're set up as preconfigured virtual machines. Now, if you're just a network admin who has no legal or moral right over end users' computers, it's simply not their job to appease you.