← Back to context

Comment by tremon

1 day ago

Both systemd and dbus have a similar device id for Linux, which e.g. Chrome reads at startup:

https://manpages.debian.org/trixie/systemd/machine-id.5.en.h...

https://manpages.debian.org/trixie/dbus-bin/dbus-uuidgen.1.e...

I don't like the idea of a persistent id for my machine. Would there be any harm in rewriting the machine-id at every boot? Or just deleting it as part of the shutdown sequence?

  • Whatever you do there will always be uniquely identifiable information (if not an id, a fingerprint) on your machine.

    If you want to escape that, you have to use dedicated privacy-enhancing tools / browsers, but even then, it's very likely that you can still be identified by motivated adversaries.

    It doesn't mean you have to give up, but, if such id is necessary for technical reasons in systemd (I guess it is), I wouldn't worry too much.

    • > motivated adversaries.

      This sounds like you're referring to state actors and intelligence agencies, but really this applies to the entire advertising/surveillance industry of people trying to sell you a new flavor of soda.

      5 replies →

    • When you go really hard with the privacy-enhancing tools, you can potentially just make yourself even more visible. When you're so far outside the normal way a user looks you're making yourself even more unique than if you had normal-ish looking identifiers.

      It can take a lot of effort to make yourself truly just blend in and disappear.

    • No security is perfect; there is always a way to bypass it. But security can be highly valuable.

  • The supported method to get a new one each boot is to truncate the file to 0 bytes and disable systemd-machine-id-commit.service

    Double-check that this method actually works though.

    Machine ID is used for things like dhcp leases, log rotation, etc. IPV6 addresses or transient MAC addresses are derived from it

  • Only side effect I ran into is that journalctl couldn't find the logs of a previous boot.

That's good to know, thank you. I'm been considering moving away from systemd, and certainly don't use Chrome.

The number of things you need to try to keep track of merely _improve_ your privacy is maddening. The whole world seems to be against you.

  • D-Bus is much harder to get rid of than systemd.

    It’s best to focus your efforts into rotating these IDs.

    • Not using Chrome is a better bet for privacy than not using systemd or D-Bus. If you sign into Chrome (which by default happens any time you sign into a Google product), your entire browsing history is logged on Google's servers, and tied to your email address, Android ID, and any other machine identifiers Chrome can read.

      Anyone serious about privacy is using Firefox or Tor Browser, with various settings to harden it against tracking.

  • As a sysadmin and a former enemy of systemd it's actually pretty good overall, simplifies a lot of things.

    If the privacy reasons are driving you, see if you can find fixes to these issues without getting rid of systemd.

  • Would OpenBSD solve both of these issues or is there a device ID in there that I’m not aware of.

    I’ve seen that it uses a different init system and doesn’t rely on either dbus or systemd

  • firejail has a setting to generate a random machine id at every run.

    And you should be running the browser inside firejail at all times.

Thanks, I wasn't aware of that.

I have the urge to grab a pitchfork, but I know better than to make assumptions about why that functionality was added. Time to do some homework I guess.

Wow, three pieces of software I don't use for other reasons, just gained a new reason to evangelize against them!

The utility of and presence of unique identifiers in software should be no surprise.

But if you are using TelemetryOS (i.e. you cannot fully switch off the chatter) and your daily Web browser doesn't offer privacy extensions, you are the product.

In dbus, it seems the feature is intended for two processes to know they can access the same shmem and other system resources. I'm struggling to understand in which circumstances would that be useful.

  • Creating an excuse for creating a machine-id to associate with network traffic. Sometimes, it is enough to have a plausible enough sounding reason to write down on paper, but you have to look at what something actually is. Any red blooded hacker knows there's what a tool is meant to be used for, and then there's what it can be used for. Less is more.

Is this specific to Debian?