Remix.run Logo
ranger_danger 2 hours ago

Linux has the same kind of identifier at /etc/machine-id... readable by default by basically any application on the system.

drnick1 an hour ago | parent | next [-]

This is a systemd identifier, not strictly speaking a "Linux" identifier.

In any case, an executable allowed to run on a host can trivially fingerprint the machine it is running on using a combination of hardware identifiers. Removing or rotating machine-id does not buy you any privacy against a malicious app.

What I find most surprising in this story is how careless these "hackers" were. You would think that people engaged in this type of activities would use throwaway devices running free operating systems and VMs, not personal devices logged into Snapchat and Facebook.

aftbit 2 hours ago | parent | prev | next [-]

Which is also well documented and trivially rotatable by anyone with root on the machine. How do you rotate the MS identifier?

ranger_danger 2 hours ago | parent [-]

https://github.com/gd03gd031/Windows-GDID-Changer

> well documented and trivially rotatable

Yes, but almost nobody does that or complains about it at all, even though applications may have been silently phoning it home for many years now.

gruez 2 hours ago | parent [-]

>https://github.com/gd03gd031/Windows-GDID-Changer

sounds like you can rotate it, but it doesn't really matter because the registration/rotation process sends a bunch of static information to microsoft, which means they can re-correlate the the old id back to the new id.

rpdillon 2 hours ago | parent | prev [-]

...and that can be changed at-will.

ranger_danger 2 hours ago | parent [-]

same for the windows GDID