Remix.run Logo
tremon 6 hours ago

Both systemd and dbus have a similar device id for Linux, which e.g. Chrome reads at startup:

https://manpages.debian.org/trixie/systemd/machine-id.5.en.h...

https://manpages.debian.org/trixie/dbus-bin/dbus-uuidgen.1.e...

everdrive 3 hours ago | parent | next [-]

That's good to know, thank you. I'm been considering moving away from systemd, and certainly don't use Chrome.

The number of things you need to try to keep track of merely _improve_ your privacy is maddening. The whole world seems to be against you.

mochapwns 14 minutes ago | parent | next [-]

Would OpenBSD solve both of these issues or is there a device ID in there that I’m not aware of.

I’ve seen that it uses a different init system and doesn’t rely on either dbus or systemd

drdexebtjl 3 hours ago | parent | prev | next [-]

D-Bus is much harder to get rid of than systemd.

It’s best to focus your efforts into rotating these IDs.

LtWorf 3 hours ago | parent | prev [-]

firejail has a setting to generate a random machine id at every run.

And you should be running the browser inside firejail at all times.

heikkilevanto 6 hours ago | parent | prev | next [-]

I don't like the idea of a persistent id for my machine. Would there be any harm in rewriting the machine-id at every boot? Or just deleting it as part of the shutdown sequence?

xeyownt 5 hours ago | parent | next [-]

Whatever you do there will always be uniquely identifiable information (if not an id, a fingerprint) on your machine.

If you want to escape that, you have to use dedicated privacy-enhancing tools / browsers, but even then, it's very likely that you can still be identified by motivated adversaries.

It doesn't mean you have to give up, but, if such id is necessary for technical reasons in systemd (I guess it is), I wouldn't worry too much.

Eddy_Viscosity2 5 hours ago | parent | next [-]

> motivated adversaries.

This sounds like you're referring to state actors and intelligence agencies, but really this applies to the entire advertising/surveillance industry of people trying to sell you a new flavor of soda.

xeyownt 5 hours ago | parent | next [-]

Sure, but the problem then is not systemd machineid, but rather the browser reading it and making it available for such identification (don't know if there is a browser out there doing that though).

Unless anonymization is provided by your browser, there is nothing you can do to prevent such identification technology run by these advertisers to build your profile, and send you targeted ads.

close04 3 hours ago | parent [-]

> Unless anonymization is provided by your browser, there is nothing you can do to prevent such identification technology

The OS could treat certain apps as untrusted and spoof or limit the access to these unique identifiers.

ygjb an hour ago | parent [-]

That puts the OS in the position of attempting to profile or determine if an application is accessing OS, hardware, and user details to build a fingerprint, vs using those capabilities to do something the user intends, which puts the OS developer into a performance sucking, soul sucking arms race against big and little brother surveillance/advertising platforms. I absolutely support the intention, just know that it's a brutal battle :(

type0 5 hours ago | parent | prev [-]

And petty criminals that set up fake fake websites to steal your money, ad-networks are also commonly used to spread malware so limiting the number of attack surfaces is the only sane thing to do.

mmooss 40 minutes ago | parent | prev | next [-]

No security is perfect; there is always a way to bypass it. But security can be highly valuable.

vel0city 3 hours ago | parent | prev [-]

When you go really hard with the privacy-enhancing tools, you can potentially just make yourself even more visible. When you're so far outside the normal way a user looks you're making yourself even more unique than if you had normal-ish looking identifiers.

It can take a lot of effort to make yourself truly just blend in and disappear.

gcr 5 hours ago | parent | prev | next [-]

The supported method to get a new one each boot is to truncate the file to 0 bytes and disable systemd-machine-id-commit.service

Double-check that this method actually works though.

Machine ID is used for things like dhcp leases, log rotation, etc. IPV6 addresses or transient MAC addresses are derived from it

inigyou 5 hours ago | parent [-]

I thought the kernel generated SLAAC addresses based on MAC and privacy addresses based on random numbers.

tremon 3 hours ago | parent [-]

It does, but DHCPv6 prescribes a persistent device identifier (DUID): https://www.rfc-editor.org/info/rfc9915/#RFC3315-9

The DUID is designed to be unique across all DHCP clients and servers, and stable for any specific client or server. That is, the DUID used by a client or server SHOULD NOT change over time if at all possible; for example, a device's DUID should not change as a result of a change in the device's network hardware or changes to virtual interfaces

layla5alive 5 hours ago | parent | prev [-]

dhcp uses it by default nowadays.. but you can tell dhcp to use your mac address instead (like it used to)..

https://askubuntu.com/questions/1498611/ubuntu-dhcp-client-u... (linked because depending on version, there are several different ways to make this change..)

alimbada 5 hours ago | parent | prev | next [-]

I went to check if Flatpak would protect against this but it seems although it's a wanted feature it's not so straightforward to implement: https://github.com/flatpak/flatpak/issues/4311

LtWorf 3 hours ago | parent [-]

firejail has a setting to protect against it.

CoastalCoder 6 hours ago | parent | prev | next [-]

Thanks, I wasn't aware of that.

I have the urge to grab a pitchfork, but I know better than to make assumptions about why that functionality was added. Time to do some homework I guess.

ux266478 5 hours ago | parent | prev | next [-]

Wow, three pieces of software I don't use for other reasons, just gained a new reason to evangelize against them!

MisterTea 3 hours ago | parent | prev | next [-]

Sounds like chrome is the problem.

heresie-dabord 4 hours ago | parent | prev | next [-]

The utility of and presence of unique identifiers in software should be no surprise.

But if you are using TelemetryOS (i.e. you cannot fully switch off the chatter) and your daily Web browser doesn't offer privacy extensions, you are the product.

jcarrano 2 hours ago | parent | prev | next [-]

In dbus, it seems the feature is intended for two processes to know they can access the same shmem and other system resources. I'm struggling to understand in which circumstances would that be useful.

salawat 2 hours ago | parent [-]

Creating an excuse for creating a machine-id to associate with network traffic. Sometimes, it is enough to have a plausible enough sounding reason to write down on paper, but you have to look at what something actually is. Any red blooded hacker knows there's what a tool is meant to be used for, and then there's what it can be used for. Less is more.

teaearlgraycold 3 hours ago | parent | prev | next [-]

Trying to imagine a world where I use Chrome unironically.

ezoe 5 hours ago | parent | prev | next [-]

But does browser send these id?

xeyownt 5 hours ago | parent [-]

No.

anthk 4 hours ago | parent | prev | next [-]

As an Hyperbola user both systemd and dbus are a no-no there.

givinguflac 6 hours ago | parent | prev [-]

Is this specific to Debian?

tremon 6 hours ago | parent | next [-]

https://www.freedesktop.org/software/systemd/man/latest/mach...

https://dbus.freedesktop.org/doc/dbus-uuidgen.1.html

nickjj 5 hours ago | parent | prev | next [-]

Nope, but Debian does use systemd by default so it's there.

I'm running Arch Linux and /etc/machine-id is present.

There's also an optional /etc/machine-info file that could exist. It's not a part of systemd and won't be created by default. It's more of an informal way to have details about the system in 1 spot. It was more popular when provisioning bare metal servers but still has value in the cloud. You can have key / value pairs on who to contact, where it's located, what type of machine it is, etc..

cryo32 6 hours ago | parent | prev [-]

FreeBSD has it as well.