LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 12-01-2019, 08:43 PM   #16
ZhaoLin1457
Member
 
Registered: Jan 2018
Posts: 373

Rep: Reputation: 340Reputation: 340Reputation: 340Reputation: 340

Quote:
Originally Posted by upnort View Post
Yet since the location of the file is well known, nothing stops other software from using the file as a fingerprint. Regenerating at each boot probably throws some sand into data mining and tracking gears, but even Slackware uses and needs the file.
Man, permit me to tell you again: there are lots of ways at disposition of the rogue software to fingerprint you. It is plain and simple: the single way to not be fingerprinted is to not use that rogue software. Or, even better, to disconnect your computer from internet.

And anyways, I seriously doubt that Google uses that machine-id or ever used it for fingerprinting. Or by any other reasonable smart rogue program, because there are many other better ways to fingerprint people. Not that I claim that Google or any other companies do those things.

Just to say that, that Chrome (and Chromium) stores somewhere a value named "gaia_id" and I leave to the reader exercise to find where it is put, for what it is used and how it is obtained.

Last edited by ZhaoLin1457; 12-01-2019 at 09:05 PM.
 
Old 12-01-2019, 10:06 PM   #17
gus3
Member
 
Registered: Jun 2014
Distribution: Slackware (x86 and ARM)
Posts: 218

Original Poster
Rep: Reputation: Disabled
If you already know where/how it's being used, why aren't you sharing that knowledge?

Yes, there are lots of ways programs could put a fingerprint on your activity, but their man pages state when it does happen. You're stating that Chrome/Chromium are doing it, without being explicit in the matter. If you're going to make that allegation, it's up to you to prove it.
 
Old 12-01-2019, 10:37 PM   #18
upnort
Senior Member
 
Registered: Oct 2014
Distribution: Slackware, Proxmox, Debian, CentOS
Posts: 1,328

Rep: Reputation: Disabled
Quote:
Man, permit me to tell you again: there are lots of ways at disposition of the rogue software to fingerprint you.
Yes, I wrote the same thing in my first post in this thread. Nothing needs retelling.

Quote:
I seriously doubt that Google uses that machine-id or ever used it for fingerprinting.
I did not write they did. I wrote that I am not surprised by anything they do that violates privacy.

Quote:
If you already know where/how it's being used, why aren't you sharing that knowledge?
The information is found anywhere around the web where the file is discussed:

/var/lib/dbus/machine-id
/etc/machine-id

Quote:
If you're going to make that allegation, it's up to you to prove it.
I made no such allegation. I wrote that I am not surprised by anything the Google folks do.

I shared information and observations in response to the original post. People should form their own opinions about the file.
 
Old 12-02-2019, 04:33 PM   #19
gus3
Member
 
Registered: Jun 2014
Distribution: Slackware (x86 and ARM)
Posts: 218

Original Poster
Rep: Reputation: Disabled
You didn't make the allegation, upnort. ZhaoLin1457 made it.
 
Old 12-02-2019, 05:38 PM   #20
freemedia2018
Member
 
Registered: Mar 2019
Distribution: various automated remasters
Posts: 181
Blog Entries: 2

Rep: Reputation: 156Reputation: 156
Quote:
Originally Posted by GazL View Post
The output of this alone is likely enough to uniquely identify you: stat -c %W /
I don't want you to think I missed your point, but as an aside this returns 0 for me. I tried a few other things, like including the comma (since / is a filepath, that obviously didnt work) and running it as root. But it returns 0. I use stat, I guess my filesystem doesn't know when / was born.
 
1 members found this post helpful.
Old 12-03-2019, 12:36 AM   #21
LuckyCyborg
Member
 
Registered: Mar 2010
Posts: 475

Rep: Reputation: 289Reputation: 289Reputation: 289
Quote:
Originally Posted by gus3 View Post
You didn't make the allegation, upnort. ZhaoLin1457 made it.
Excuse me, but anyone of you brave Americans bothered to look into "~/.config/chromium" ?

Because there's a file named "Local State" which contains that mentioned "gaia_id" with value a big number. Also there's "gaia_name" and "gaia_given_name" with values my name from my own Google Account. There's even "gaia_picture_file_name" with value "Google Profile Picture.png"

So, I think this "gaia_id" is somehow connected to my Google Account and represents probably my unique id on Google. True, I am logged in on Chromium.

Certainly, it get a special treatment and it is stored right on Chromium's main configuration file absolutely only to improve my web browsing experience...

Last edited by LuckyCyborg; 12-03-2019 at 12:38 AM.
 
1 members found this post helpful.
Old 12-03-2019, 05:06 AM   #22
GazL
LQ Guru
 
Registered: May 2008
Posts: 5,298
Blog Entries: 18

Rep: Reputation: 3063Reputation: 3063Reputation: 3063Reputation: 3063Reputation: 3063Reputation: 3063Reputation: 3063Reputation: 3063Reputation: 3063Reputation: 3063Reputation: 3063
Quote:
Originally Posted by freemedia2018 View Post
I don't want you to think I missed your point, but as an aside this returns 0 for me. I tried a few other things, like including the comma (since / is a filepath, that obviously didnt work) and running it as root. But it returns 0. I use stat, I guess my filesystem doesn't know when / was born.
Yes the filesystem does indeed have to include birth date metadata for that specific example to work, and not all do. However, it will work on ext4, so that's going to cover the majority of users.

Last edited by GazL; 12-03-2019 at 05:07 AM.
 
Old 12-03-2019, 06:06 AM   #23
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 3,696
Blog Entries: 10

Rep: Reputation: 2031Reputation: 2031Reputation: 2031Reputation: 2031Reputation: 2031Reputation: 2031Reputation: 2031Reputation: 2031Reputation: 2031Reputation: 2031Reputation: 2031
It doesn't work for me and I'm using ext4. If I use stat on / without arguments, I get:
Birth: -

Now what the heck does that mean? That my root directory was never created but goes back to the Big Bang?

PS just tried it on a freshly created file and a freshly created directory. Still get nothing. If this field exists, stat isn't able to read it.

Last edited by hazel; 12-03-2019 at 06:18 AM. Reason: Added PS
 
Old 12-03-2019, 06:33 AM   #24
kgha
Member
 
Registered: May 2018
Location: Sweden
Distribution: Slackware 64 -current multilib from AlienBob's LiveSlak MATE
Posts: 208

Rep: Reputation: 139Reputation: 139
Quote:
Originally Posted by GazL View Post
... the game is already lost.

The output of this alone is likely enough to uniquely identify you: stat -c %W /, and it's not as if you can prevent programs from calling stat().
Works for me.

Personally, I'm not that worried of what Google and other corporation might do with my identity (which they have, since I use an Android smartphone). I imagine that I can handle them. I reserve my tin foil hat for intrusions from various national security services. In the near future, getting a new smartphone or PC might mean hosting preinstalled spyware unbeknownst to me. And without pop-up ads.
 
Old 12-03-2019, 06:43 AM   #25
ehartman
Senior Member
 
Registered: Jul 2007
Location: Delft, The Netherlands
Distribution: Slackware
Posts: 1,033

Rep: Reputation: 584Reputation: 584Reputation: 584Reputation: 584Reputation: 584Reputation: 584
Quote:
Originally Posted by hazel View Post
It doesn't work for me and I'm using ext4. If I use stat on / without arguments, I get:
Birth: -

Now what the heck does that mean? That my root directory was never created but goes back to the Big Bang?

PS just tried it on a freshly created file and a freshly created directory. Still get nothing. If this field exists, stat isn't able to read it.
It means that the file system you use on the / mount doesn't store the "created" or "Birth" date/time, which is true for all ext* ones (the date/time stamps stored are only last access, last change and last modified).
Out of my head I do not know which fs'es do store the creation date/time.

Last edited by ehartman; 12-03-2019 at 06:44 AM.
 
Old 12-03-2019, 06:57 AM   #26
GazL
LQ Guru
 
Registered: May 2008
Posts: 5,298
Blog Entries: 18

Rep: Reputation: 3063Reputation: 3063Reputation: 3063Reputation: 3063Reputation: 3063Reputation: 3063Reputation: 3063Reputation: 3063Reputation: 3063Reputation: 3063Reputation: 3063
Quote:
Originally Posted by hazel View Post
It doesn't work for me and I'm using ext4. If I use stat on / without arguments, I get:
Birth: -

Now what the heck does that mean? That my root directory was never created but goes back to the Big Bang?

PS just tried it on a freshly created file and a freshly created directory. Still get nothing. If this field exists, stat isn't able to read it.
Perhaps your kernel or core-utils isn't recent enough. The underlying statx() call that provides this info was introduced in kernel 4.11.

update: a quick google search reveals that it is supported in the 'stat' command from coreutil 8.31 onward which came out in March.

Last edited by GazL; 12-03-2019 at 07:06 AM.
 
1 members found this post helpful.
Old 12-03-2019, 06:58 AM   #27
Didier Spaier
LQ Addict
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slint64-14.2.1.2 on Lenovo Thinkpad W520
Posts: 9,107

Rep: Reputation: Disabled
Quote:
Originally Posted by kgha View Post
Personally, I'm not that worried of what Google and other corporation might do with my identity (which they have, since I use an Android smartphone). I imagine that I can handle them. I reserve my tin foil hat for intrusions from various national security services.
What if the former hands over the information they gather to the latter?
 
Old 12-03-2019, 11:07 AM   #28
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 3,696
Blog Entries: 10

Rep: Reputation: 2031Reputation: 2031Reputation: 2031Reputation: 2031Reputation: 2031Reputation: 2031Reputation: 2031Reputation: 2031Reputation: 2031Reputation: 2031Reputation: 2031
Quote:
Originally Posted by GazL View Post
A quick google search reveals that it is supported in the 'stat' command from coreutil 8.31 onward which came out in March.
Ah! I've got 8.25.
 
Old 12-03-2019, 12:24 PM   #29
cynwulf
Senior Member
 
Registered: Apr 2005
Distribution: OpenBSD
Posts: 2,380
Blog Entries: 6

Rep: Reputation: 1724Reputation: 1724Reputation: 1724Reputation: 1724Reputation: 1724Reputation: 1724Reputation: 1724Reputation: 1724Reputation: 1724Reputation: 1724Reputation: 1724
Quote:
Originally Posted by gus3 View Post
The latest Devuan release has this little tidbit in the release notes:

With further explanation at https://git.devuan.org/devuan-packag...e102bd225a511e :

This makes machine-id unique to each running instance of the OS on the machine.
I'm not convinced...

This is more of a mitigation, where deleting a file and rebooting (or manually deleting a file and restarting the daemon) is being touted as a benefit to using that distribution.

If the issue is with chromium, then every startup, newly visited website, newly opened tab - would need a unique ID, to be of any use whatsoever...

chromium uses dbus for IPC and I thought it may check /etc/machine-id, as crude means of checking for a valid the dbus installation.

It could equally use other methods to ID the host system, but it could also use various methods, to gain a better fingerprint.

Without checking the chromium source or understanding the code, it's hard to say:

https://github.com/chromium/chromium...chine-id&type=
 
2 members found this post helpful.
Old 12-04-2019, 05:13 AM   #30
cynwulf
Senior Member
 
Registered: Apr 2005
Distribution: OpenBSD
Posts: 2,380
Blog Entries: 6

Rep: Reputation: 1724Reputation: 1724Reputation: 1724Reputation: 1724Reputation: 1724Reputation: 1724Reputation: 1724Reputation: 1724Reputation: 1724Reputation: 1724Reputation: 1724
So from the links above:

browser_dm_token_storage_linux.cc
Code:
// The client ID is derived from /etc/machine-id
  // (https://www.freedesktop.org/software/systemd/man/machine-id.html). As per
  // guidelines, this ID must not be transmitted outside of the machine, which
  // is why we hash it first and then encode it in base64 before transmitting
  // it.
This is certainly /etc/machine-id being utilised to generate a "client ID" - i.e. it is not being used for any kind of IPC purpose but is being hashed and "transmitted outside of the machine"...

While I believe there are some concerns it is being misused here, it's google after all and entirely unsurprising.

Would be interesting to know examples of other software using the machine-id for such purposes...?

The Devuan project's concerns do seem valid, but I remain unconvinced that rebooting is any kind of "solution" to tracking - because that seems to be in effect what they're proposing...?

The Devuan project don't seem to frequent this site, but I wonder if they would like to comment?

Last edited by cynwulf; 12-04-2019 at 05:14 AM.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] hostnamectl not working, system_bus_socket in /run/dbus not in /var/run/dbus hieberm CentOS 1 05-23-2018 08:44 AM
What are the implications of moving /var/log/packages to other folder? mlpa Slackware 10 10-14-2014 01:12 PM
dbus "rm /var/run/dbus/Desktop can't remove..." longus Slackware 6 12-15-2008 04:33 AM
Fedora Core 9 update dbus.exception & dbus.proxies & DBus.Error.AccessDenied errors trien27 Fedora 1 12-09-2008 12:23 AM
Compromised? Files "/usr/lib.hwm", "/usr/lib.pwd", "/usr/lib.pwi" Klaus Pforte Linux - Security 4 09-29-2004 12:33 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 03:02 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration