I’ve just done some testing and I think these values are good. Maybe get someone else to verify them first but they definitely need to be added to the documentation because the defaults are not good.
There are privacy benefits to ip6-privacy which is why I think they’ve included it, but it’s not necessary. It’s fine to keep in there but it needs to be accurately commented and made optional.
The documentation on anonymizing the hostname is also incorrect, although it does give the expected result. It turns out that NetworkManager doesn’t work as documented and doesn’t actually send the hostname in the case where ipv4.dhcp-hostname=null and ipv4.dhcp-send-hostname=yes. You get the same result if you use the default NetworkManager internal dhcp client. In general NetworkManager overrides the configuration of the dhcp client based on how NetworkManager is configured, so a hostname should be sent even with the send host-name commented out. You can verify this by setting a value for ipv4.dhcp-client-id in NM and commenting out the send dhcp-client-identifier in the dhclient.conf. It sends the value set in NM.
The documentation should just state that a bug in NetworkManager means hostname is not sent in the default configuration. The current method seems like it is doing something but it isn’t. I don’t think there’s a better solution to this problem until No way to set dhcp-send-hostname globally (#584) · Issues · NetworkManager / NetworkManager · GitLab is solved. Maybe get someone else to test this before making the change but I’ve tested thoroughly on debian-11.
I think there also needs to be some comments about active probing on the MAC randomization page. It’s a different topic but people who randomizing MAC often also want to avoid active probing.
The recommendation should be to use a disposable sys-net, otherwise you have to trust that NetworkManager actually forgets a network when you instruct it to and I don’t think that is reliable.