• mic_check_one_two@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    1
    ·
    2 days ago

    If your system uses systemd, it has an etc/machine-id, which is used for a lot of different things. And changing it will break a lot of stuff, probably until you reboot. I guess you could write something to randomly shuffle it every time you reboot? But it is the go-to way for lots of programs (including browsers) to identify themselves. Which means (unless you have done the work to scramble your machine ID) you can be tracked on Linux as well.

    • treadful@lemmy.zip
      link
      fedilink
      English
      arrow-up
      56
      ·
      2 days ago

      The difference is that Linux isn’t sending telemetry to some central entity associating that ID to an IP.

      Microsoft’s records showed that at that exact same minute, a Windows device carrying GDID g:6755467234350028 had visited the ngrok signup page. Three hours later, the same GDID visited the retailer’s own website, through the same Tzulo proxy address used to set up the ngrok account.

      This article is super vague about this as well. How does Microsoft not only have the GDID->IP link, but they have Web history as well? Are they just exposing all this through advertising telemetry?

      Fucking gross. And if you know of anything on Linux exposing/transmitting the machine-id, please do let everyone know because nothing should. Anything that does should be considered malware.

      • whatiswrongwithyou@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        ·
        13 hours ago

        Another user said they think machine-id is readable by the browser. This is absolutely true, machine-id is working as described when it is read by any web browser.

        So Linux isn’t sending your unique id to a central entity that can associate it with your ip, it’s sending your unique id to any entity you browse to that can then associate it with your ip.

        • Ghoelian@piefed.social
          link
          fedilink
          English
          arrow-up
          1
          ·
          13 hours ago

          If you’re really worried about that, just change it every time you boot or something. There’s a kernel parameter to change it.

          • whatiswrongwithyou@lemmy.ml
            link
            fedilink
            English
            arrow-up
            1
            ·
            13 hours ago

            There is not a parameter to automatically change it every time the system boots, that solution doesn’t work for machines that don’t reboot often and it breaks stuff in systemd as volunteered by many people talking about it online and as verified by me two weeks ago when I tried that.

            • Ghoelian@piefed.social
              link
              fedilink
              English
              arrow-up
              1
              ·
              13 hours ago

              I never said there was. There is however a kernel parameter to change the machine id, which I did say.

              • whatiswrongwithyou@lemmy.ml
                link
                fedilink
                English
                arrow-up
                1
                ·
                12 hours ago

                What you said was that if a person was actually worried about it there is a kernel parameter to change it.

                My reply was not intended to refute what you said but instead to illustrate how that approach doesn’t solve the problem of tracking and is not a workable solution for many systems and users.

                I made that reply to help you and any reader understand the depth and breadth of the problem, not to start a fight.

          • whatiswrongwithyou@lemmy.ml
            link
            fedilink
            English
            arrow-up
            1
            ·
            13 hours ago

            Yes as I said it’s working as intended. The point of machine id is to id a machine.

            A better solution would be to not rely on the various programs to hash the unique id and instead have the host read it, hash it and provide the hash to the program that asked.

            • treadful@lemmy.zip
              link
              fedilink
              English
              arrow-up
              1
              ·
              12 hours ago

              Yes as I said it’s working as intended. The point of machine id is to id a machine.

              Your claim was that Linux was “sending your unique id to any entity you browse” which is misleading at best. machine-id should never be transmitted and if it is, that software should be considered spyware.

              A better solution would be to not rely on the various programs to hash the unique id and instead have the host read it, hash it and provide the hash to the program that asked.

              That doesn’t solve anything, really. There’s plenty of ways to fingerprint a machine that doesn’t involve the machine-id.

              • whatiswrongwithyou@lemmy.ml
                link
                fedilink
                English
                arrow-up
                1
                ·
                11 hours ago

                Machine-id is read as plaintext by programs and transmitted as plaintext by programs.

                Hashing the unique id from the host side as opposed to trusting programs to read it and act in a way the user understands and deems appropriate is a much better method of handling calls to identify the equipment than just letting programs read your standardized unique id.

                And the above would literally solve something, it would keep programs from just walking directly across the mat tee posing to get a unique id and force them to do some kind of jetpack backflip routine that, when presented to a court, is much more tenuous.

                • treadful@lemmy.zip
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  11 hours ago

                  Machine-id is read as plaintext by programs and transmitted as plaintext by programs.

                  [citation needed]

                  Anything that does that is spyware and if you’re aware of anything that does this you should be doing us all a public service and sharing.

                  Hashing the unique id from the host side as opposed to trusting programs to read it and act in a way the user understands and deems appropriate is a much better method of handling calls to identify the equipment than just letting programs read your standardized unique id.

                  I can build something in maybe 10 minutes that will fingerprint your machine to like 99.99% uniqueness. This solution solves nothing. But now we’re just repeating ourselves.

                  Go take it to the systemd folks yourself and see how they respond.

                  • whatiswrongwithyou@lemmy.ml
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    arrow-down
                    1
                    ·
                    10 hours ago

                    here’s a fifteen year old stack overflow thread where someone asks where a unique system identifier can be read and someone suggests machine-id.

                    Lest that be considered old and bad information, I just checked /etc/machine-id on a new install of Debian 13 and the permissions were 444, readable by owner, group and everyone else.

                    So programs can read machine-id. If programs can read it they can transmit it. I hope someone capable of writing a program that can id my machine doesn’t need a proof of that.

                    Further, programs reading machine-id don’t necessarily fall into the spyware category by default like you say. There are plenty of perfectly good reasons to request a machine specific identifier.

                    Getting rid of the literal “papers please!” “Okay officer!” File literally makes investigation more difficult and puts a barrier up to tracking where there was none before. Presenting a unique hashed output based on the systems machine-id prevents a tracking method that is currently as easy as read file -> get identifier.

                    The fact that other methods of tracking exist doesn’t make preventing this method not worthwhile and you should be ashamed for suggesting that.

        • treadful@lemmy.zip
          link
          fedilink
          English
          arrow-up
          31
          ·
          2 days ago

          It’s not just Windows tracking your web browsing history. GPU drivers do it too.

          …on Windows. if you explicitly install their malware and agree to data sharing.

          • hirihit640@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 day ago

            I should have clarified, but yes it’s the windows GPU drivers. Though even on Linux, it’s hard to know what the proprietary GPU drivers do, but from what I read they don’t collect telemetry by default. Luckily Nvidia is developing official open source drivers now so we won’t have to worry about these things.

            Also note that for the Windows Nvidia drivers, it’s fairly annoying to disable all telemetry. It’s not just an option in the installer. You have to use unofficial third party tools.

      • Trainguyrom@reddthat.com
        link
        fedilink
        English
        arrow-up
        3
        ·
        2 days ago

        This article is super vague about this as well. How does Microsoft not only have the GDID->IP link, but they have Web history as well? Are they just exposing all this through advertising telemetry?

        My interpretation was that they had an IP that they suspected was the perp’s home network, and subpoena’d some major platforms to confirm beyond a shadow of a doubt. Given the perp’s sloppiness in using the same machine for both personal and illicit computing activities, they could even have some network traffic in the capture to indicate which platforms they should subpoena

        Or if we want to be more conspiracy-minded, maybe they installed a trojan on his computer and this is the parallel evidence trail that law enforcement created so they don’t have to admit to hacking the hackers

      • hexagonwin@lemmy.today
        link
        fedilink
        English
        arrow-up
        6
        ·
        2 days ago

        i think i remember hearing the dbus machine-id being read by google chrome on linux. it could be used for privacy violation with proprietary software, though i personally consider linux machines with chrome or equivalent software installed compromised.

      • Septimaeus@infosec.pub
        link
        fedilink
        English
        arrow-up
        18
        ·
        edit-2
        2 days ago

        Upvoting both comments for awareness, since Linux is the first of a multi-step process, not a privacy panacea.

        But we must be clear that in both theory and practice there’s little comparison between systemd and modern Windows machine-user association.

        Someone using Windows regularly has a gaping wound, is actively bleeding out. Switching to Linux is just a tourniquet, but every other treatment is at best no-effect until that tourniquet is applied.

        E: transpose systemd/Windows for clarity

        • DevDave@piefed.social
          link
          fedilink
          English
          arrow-up
          5
          ·
          2 days ago

          Also as a life long programmer, I have this feeling it is possible to just go in and make some changes so I can have the system just make shit up about the TPM while indeed also doing the equivalent of having system-d decide to respond with random bullshit.

          Don’t even need to be a programmer, just find a community of them that you trust that distribute their own “fixes”.

          Definitely not doing that with anything else because its both hidden in compilation and buried like herpes across multiple components. Probably/hopefully not directly related but I really want to know what they changed to break the clipboard service.

          • Septimaeus@infosec.pub
            link
            fedilink
            English
            arrow-up
            3
            ·
            2 days ago

            And you’d be technically correct, the best kind of correct.

            To the inquisitor:

            any distro that’s fully OSS can be fully compiled from scratch with any modifications you choose).

            Though yes, if you’re still using Windows, the learning curve may look like a wall.

            I really want to know what they changed to break the clipboard service

            Guessing the X11 [X]Wayland migration KDE Plasma bug report? Should be fixed in 6.5.2.

            • DevDave@piefed.social
              link
              fedilink
              English
              arrow-up
              3
              ·
              2 days ago

              Adjacent comment. I’ve found working in a true posix environment is drastically better than the oddities I dealt with Win32. One annoyance is Microsoft has never been able to implement fork().

              Though i never messed with x11 as I was never motivated to see what it was like under the figurative hood.

              • Septimaeus@infosec.pub
                link
                fedilink
                English
                arrow-up
                2
                ·
                2 days ago

                It really is a hell of a lot more sane, instantly missed once you don’t have it. And yeah Fork’s a blessing when used with care lol

            • DevDave@piefed.social
              link
              fedilink
              English
              arrow-up
              3
              ·
              2 days ago

              Sorry, switched contexts there. Microsoft broke their clipboard service recently which makes me think they added “telemetry” collecting logic somewhere in there.

              • Septimaeus@infosec.pub
                link
                fedilink
                English
                arrow-up
                1
                ·
                2 days ago

                Oh right, I misread. And yeah not sure (my win32 repro targets have all been locked for a while) but with all the facepalm regressions I’ve read about lately it really could be anything.

                • DevDave@piefed.social
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  2 days ago

                  From my experience, the number one culprit of legacy code breaking is someone asking if anyone knows how it works. Second most common culprit is someone making a “quick patch” to legacy code.

          • Septimaeus@infosec.pub
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            2 days ago

            I’m specifically highlighting that there is none though I acknowledge machine ID makes it easier.

            ETA: edited original comment to be more clear

      • mic_check_one_two@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        3
        ·
        2 days ago

        Yeah, motherboard-level tracking is scary because even the OS won’t be able to detect it. The truly paranoid people (and security researchers) go as far as desoldering chips to ensure nothing phones home.

    • ozymandias117@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      2 days ago

      Where in the source does Firefox expose machine-id to websites?

      With a quick grep I’m only seeing it around audio?