Ultimately, the problem is much bigger than /etc/machine-id since there are dozens of hardware IDs on any PC that can be used by malicious telemetry to silently to uniquely identify and track you, and the only solution to this problem currently is to make sure you really trust any software you use.

Systemd, in particular, acts a lot like malware for Linux because if you try to reset your machine-id a long list of stuff that breaks in in it. You could make a cron script to reset /etc/machine-id every day, but machine-id is so deep in the stack that you’d also have to reboot to ensure it’s updated.

  • someone@lemmy.today
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    7 hours ago

    this is really shocking. wouldn’t browser makers concerned with privacy like librewolf, mullvad, ungoogled-chromium, etc, try to block this by default? is it that they don’t know? is it that it can’t be blocked?

    how does a regular user of a typical linux distribution like fedora or debian block this?

    is this machine-id used to track people on hardened distros like tails or qubes?

    can this machine id be read by sites when using tor browser?

    i don’t understand why debian, for example, who removed telemetry from keepassxc before putting it in their repo because they didn’t like a password manager phoning home, would allow a persistent id that could be easily read by many sites.