I believe the default on retail set ups (defaut for MacOS, iOS and Windows) plus router is random addressing. So surely it may be different on certain corporate or university networks. But at least there is a guy supposed to be paid to handle security.
[Edit: I was wrong about that: //No, it is not. By default the suffix is generated based on your MAC address.//]
Moreover the wasteful norm to rely on /64 subnets and other, similar more practical than privacy-conscious design decisions diminish the potential to stay pseudo-anonymous.
the following operating systems use IPv6 privacy extensions BY DEFAULT:
All versions of Windows after Windows XP
All versions of Mac OS X from 10.7 onward
All versions of iOS since iOS 4.3
All versions of Android since 4.0 (ICS)
Some versions of Linux (and for others it can be easily configured)
For routers, then I have no way to tell. But I would be surprised if stateless addressing wasn't the default on the vast majority of retail routers.