security implications of /var/lib/dbus/machine-id. Thoughts?
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
which is why we hash it first and then encode it in base64 before transmitting it.
Yes, that's clearly not in line with the spirit of that "guideline", but no matter what you do with this, google will still find ways to identify you, because that's who they are, and what they do.
Yes, that's clearly not in line with the spirit of that "guideline", but no matter what you do with this, google will still find ways to identify you, because that's who they are, and what they do.
And they can do it easily with or without this file...
Personally, I'm not that worried of what Google and other corporation might do with my identity (which they have, since I use an Android smartphone). I imagine that I can handle them. I reserve my tin foil hat for intrusions from various national security services. In the near future, getting a new smartphone or PC might mean hosting preinstalled spyware unbeknownst to me. And without pop-up ads.
With some idle moments I fiddled with /var/lib/dbus/machine-id and not regenerating the file. Deleting the file, setting to zero size, or 32 zeroes results in X not launching with startx.
The dbus-uuidgen man page states:
"The important properties of the machine UUID are that 1) it remains unchanged until the next reboot and 2) it is different for any two running instances of the OS kernel."
The first condition implies that regenerating at each boot is safe.
As dbus is for IPC and not interhost communication, a sweet summer child view is the file should not be used by other software for non IPC purposes.
Yet since the location of the file is well known, nothing stops other software from using the file as a fingerprint. Regenerating at each boot probably throws some sand into data mining and tracking gears, but even Slackware uses and needs the file.
If someone is concerned by machine-id there are two ways:
1
Share a machine-id spreaded on the net i.e. I generate a machine-id with a live distro I put the id on the net and everyone can overwrite the original machine-id with that supplied.
D-bus is stupid and don't give a s... if you have faked it so who uses machine-id to fingerprint will get million equals machine-id's hard to associate something to a single machine and consequently to a single user
2
Delete machine-id file on shutdown.
The system will generate an always different machine-id at every boot.
Simply add to "/etc/rc.d/rc.6" the command "rm /var/lib/dbus/machine-id" after the line which stops dbus.
Both solutions works flawlessly with Slackware 14.2 & SalixOS
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
