Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Open Source Privacy Linux

The File /var/lib/dbus/machine-id Matters For Your Privacy (and Devuan Fixed It) (devuan.org) 147

Long-time Slashdot reader jaromil (Denis "Jaromil" Roio) writes: A few days ago Devuan ASCII 2.1 was announced and one update has been overlooked by most media outlets: our dbus patch to re-generate machine-id at every boot.

This patch matters for everyone's privacy and I hope more distributions will follow our example, let alone Debian. We are dealing with important privacy implications: non-consensual user tracking is illegal in many countries and is not even mentioned in the machine-id documentation so far.

"In theory, the machine-id should be a persistent identifier of the current host," explains the README documentation. "In practice, this causes some privacy concerns..."
This discussion has been archived. No new comments can be posted.

The File /var/lib/dbus/machine-id Matters For Your Privacy (and Devuan Fixed It)

Comments Filter:
  • by Vihai ( 668734 ) on Saturday November 30, 2019 @01:38PM (#59470986) Homepage

    It's not the presence of data: it's the use you do with it.

    If you have untrusted software running on your system it will be able to track you in hundreds of ways and exfiltrate much more sensitive data.

    OTOH many applications do need a persistent machine ID for legitimate purposes.

    • by Kjella ( 173770 ) on Saturday November 30, 2019 @02:03PM (#59471088) Homepage

      OTOH many applications do need a persistent machine ID for legitimate purposes.

      Many applications have a reason to record an ID unique to their installation. Very few applications have reason to record an ID unique to the machine, so that everything you do can be cross-tracked. Most applications belong in a virtual jail where they should have no idea if you migrated them to different hardware or a different OS installation. And of the rest the vast majority just need a soft reset that any assumptions you might have made should now be re-validated, not a history tracking where they've been. Sure, a global GUID is easy. It's also a really bad idea for everyone who cares the least about their privacy.

      • by Cyberax ( 705495 )

        Many applications have a reason to record an ID unique to their installation. Very few applications have reason to record an ID unique to the machine, so that everything you do can be cross-tracked.

        MachineID is useful to track the image across a cloud computing environment. There's nothing else that really is dependable.

    • by KiloByte ( 825081 ) on Saturday November 30, 2019 @04:00PM (#59471472)

      I see only four uses in entire Debian (thus, excluding proprietary non-packaged software):
      * Chromium for an advertising "cloud enrollment"
      * Gnome for keeping desktop layout specific to a machine (rather than monitor layout which would make more sense)
      * two uses inside systemd itself

      Thus: one outright harmful, three misguided, zero good.

  • Broken not fixed (Score:5, Interesting)

    by thegarbz ( 1787294 ) on Saturday November 30, 2019 @01:49PM (#59471020)

    They didn't fix the functionality it provides, they broke it. If they wanted to fix the privacy they would have added access control for applications to the file, not broken the core reason it exists in the first place.

    • Comment removed based on user account deletion
      • by AmiMoJo ( 196126 )

        Can this even be fixed on Linux?

        The solution is to grant access to the identifier on a per application basis, and maybe offer some apps a random one to keep them happy. Linux has no mechanism for that at the moment.

      • Sorry. OpenBSD already had it years ago - KARL - Kernel Address Randomized Link: https://www.bleepingcomputer.c... [bleepingcomputer.com]
      • by Megane ( 129182 )

        like that dumbass "Choose a new IPv6 address for every outgoing connection" thing

        I have a DSL modem (from the telco, so I can't just replace it at a whim) which caches every fucking one of those IPv6 addresses that it sees, with no TTL, then to do name resolution it roulettes one of them at random. I had to disable it on every computer I have (including OSX and Windows) because of that. It also does screwy stuff that confuses NetInfo from OSX 1.5 and earlier, making old computers go catatonic within a couple of hours of being connected to the LAN. Thank you Arris/Pace for such a high qu

    • by HiThere ( 15173 )

      OK. But for most people I'm aware of it doesn't add any security. If changing it each boot increases privacy, that seems a good move.

      OTOH, I tend to avoid software that isn't GPL or equivalent. (E.g., I'll accept BSD code if the source is available.) Anything else is going to run in a virtual machine, if I run it at all...and that usually means I won't bother.

      • Security? What are you talking about? This is for installation identification. It has a purpose. If you are concerned about privacy then limit access, don't break is purpose.

    • by waspleg ( 316038 )

      What are the core reasons it exists in the first place? They seem likely to be all shit baggy ones ... you know, like how Microsoft invalidates your keys if you hardware changes too much ...

      • To identify an installation or instance in a way the user / admin requires. Nothing more nothing less. Quite important if you're automating VMs and running services that need to identify the installation easily.

        chmod 440 /etc/machine-id

        create a dedicated group and restrict required access to said group. That's all they had to do.

        Incidentally the man page says: "It should be considered "confidential"". So if there was a privacy problem then it was due to Denuvo fucking up, and to try and resolve it they fuck

  • by Zero__Kelvin ( 151819 ) on Saturday November 30, 2019 @01:53PM (#59471038) Homepage
    Why would Debian mention it in their docs? Devuan is a bastardized Debian derivative and your patch won't properly work with Debian because you decided to shun industry standards and go your own way. You are free to do that, but complaining Debian doesn't use or mention your patch that won't work on Debian systems seems a bit absurd.
    • lololol

      Devuan is the one following the Unix standard most closely, not Debian. systemd is not the Unix way.

      • Linux is not Unix. DOH!
        • Linux is not Unix. DOH!

          Indeed. And it becomes less and less like Unix-like all the time.

          Whether that is good or bad is debatable.

        • Linux is not Unix.

          Right, Linux is a Unixlike, and systemd makes it less Unix-like.

          DOH!

          Yeah, that's what Homer says when he realizes he did or said something stupid. You're showing uncharacteristic self-awareness there.

      • Re: (Score:3, Interesting)

        by caseih ( 160668 )

        There's the unix standard, and then there's the so-called "unix way" or philosophy. Which are you referring to? Systemd remains compatible with sysv init, so you can still implement a posix unix system with systemd and expect things like legacy init scripts and even run levels to still work (debian ran init scripts under systemd for a long time during the transition to systemd targets). Even syslog is still supported, although most distros don't enable it by default for whatever reason (likely that no on

        • by rastos1 ( 601318 )

          Systemd is highly modular; you can install and use the parts you need.

          That's why we even had a post [slashdot.org] about it.

        • Even syslog is still supported, although most distros don't enable it by default for whatever reason (likely that no one but system administrators ever really reads the logs).

          Please tell me you are not this idiotic in real life?

        • My objection to systemd began in earnest when distros started replacing dnsmasq as a fucking great caching local resolver with systemd-resolved, which works fine in most cases- until some Nazi reads one RFC, determines that an underscore in a hostname is illegal, but ignores the RFC that says any recursor must take what it is given and pass it on- that it is not the recursor's job to determine if it is legal or not.

          I don't mind the init portion of systemd. But you can't deny there seems to be a movement t
      • On the other hand Mac OS is actually Unix, and Mac OS uses launchd for init. Launchd is the inspiration for systemd, and does a lot of the same things.
        • On the other hand Mac OS is actually Unix, and Mac OS uses launchd for init. Launchd is the inspiration for systemd, and does a lot of the same things.

          Nobody likes launchd. But at least launchd doesn't have a web of interdependencies with other things people don't like.

    • by HiThere ( 15173 )

      I feel you are praising Debian for an extremely stupid move. I have seen NO, i.e. ZERO, advantages to including systemd. None. The disadvantages haven't been major enough to cause me to switch, but I keep wondering whether it's too much of a hassle to switch to a different distribution. Devuan is one of the main ones I consider switching to.

      • "I feel you are praising Debian for an extremely stupid move. I have seen NO, i.e. ZERO, advantages to including systemd."

        What distribution are you in charge of?

        • What distribution are you in charge of?

          It's the people who have to use them that are the most important here, but I'm sure that made you feel clever sweetheart.

          • You don't have to use systemd dipshit. If you did you would know how stupid you sound.
            • If he had to use systemd, he would know how stupid he sounds?
              Christ, you need to refrain from using slashdot until you've had some coffee, dude. I apologize if you're on the spectrum.
    • Oh you mean that untested monstrosity that was pushed by a company whose main source of income is support? What about it?

      • Yeah ... all the other distributions use it because Red Hat decreed they must. There were never long discussions weighing the advantages and disadvantages for each approach on the part of the other distributions with informed votes resulting in systemd being chosen ... you fucking moron.
        • Debian was pretty close to a draw as I recall and someone had to break the tie. Also Redhat is the biggest commercial entity in Linux land so of course everyone will fall behind them. Anyone ever tell you that you're a real cunt?

    • Industry standards? ROTFL. Get out of here little boy.
      • systemd is the defacto standard. You can whine about it all day. You can project your childish beliefs on me and rant like a toddler all you want. In the end you just make it clear how ignorant you are.
        • No it isn't you moron. It hasn't established itself as any kind of 'standard' beyond a bunch of little boys who have no idea about Linux distributions, or the Unix 'standards' they are built on for good reasons, ranting and raving that it's now a 'standard'. It isn't, and you and others wanting to repeat the message that it is won't make it come true.
  • man page (Score:5, Informative)

    by Artem S. Tashkinov ( 764309 ) on Saturday November 30, 2019 @01:54PM (#59471044) Homepage

    From the manual [freedesktop.org]: "This ID uniquely identifies the host. It should be considered "confidential", and must not be exposed in untrusted environments, in particular on the network. If a stable unique identifier that is tied to the machine is needed for some application, the machine ID or any part of it must not be used directly. Instead the machine ID should be hashed with a cryptographic, keyed hash function, using a fixed, application-specific key. That way the ID will be properly unique, and derived in a constant way from the machine ID but there will be no way to retrieve the original machine ID from the application-specific one. The sd_id128_get_machine_app_specific(3) API provides an implementation of such an algorithm."

    Looks like systemd developers have already thought about the implications of having/using/exposing it. Now the real question is how it gets exposed in Debian/Devuan to warrant this attention.

    • Re:man page (Score:4, Insightful)

      by The New Guy 2.0 ( 3497907 ) on Saturday November 30, 2019 @02:03PM (#59471094)

      "We think this is bad, but we implemented it anyway..."

    • Re: (Score:3, Informative)

      lrwxrwxrwx 1 root root 15 May 14 2019 /var/lib/dbus/machine-id -> /etc/machine-id
      -r--r--r-- 1 root root 33 May 14 2019 /etc/machine-id

      Anyone, or process, can read it. Someone failed the confidentiality and 'do not expose' bits.

      Tested on GNU/systemd/Ubuntu 18.04.

      • Yep, machine-id is mainstream... and only this fork is trying to change it.

      • I bet it even started out as only root could read machine-id, but then user space needed access for some oddball reason.
      • Re:man page (Score:5, Informative)

        by Artem S. Tashkinov ( 764309 ) on Saturday November 30, 2019 @03:20PM (#59471330) Homepage

        Most PCs come with embedded NICs whose unique HW address can be read by any application. I don't understand what's all the fuss about.

        And then NVIDIA GPUs have unique IDs as well,

        grep UUID /proc/driver/nvidia/gpus/*/information

        And then we have user-accessible

        blkid

        which uniquely identifies partitions and these UUIDs only change if you reformat the partitions. And then most people have different partition schemes (except the ones who use Windows installed by an OEM).

        Then you have a gazillion of unique IDs at

        /sys/firmware/efi/vars

        .

        And then you can read your monitor information and even its EDID in some cases from /var/log/Xorg.log

        In short, if you're obsessed with your PC being as average as possible and not uniquely identifiable by the software you run you should be using a VM.

      • by rnturn ( 11092 )

        I noticed the same thing. I guess it's not out of line for me to engage in some serious eye rolling when reading the latest from freedesktop.org.

        What purpose is there to this unique identifier if it can be changed by the user? From the manpage:

        ``The machine ID is usually generated from a random source during system installation and stays constant for all subsequent boots. Optionally, for stateless systems, it is generated during runtime at early boot if it is found to be empty.''

        Oops! More eye roll: Si

    • >"Looks like systemd developers have already thought about the implications of having/using/exposing it. Now the real question is how it gets exposed in Debian/Devuan to warrant this attention."

      I didn't even know it was there until now. But it appears all regular users can read the "file" and get the ID (I just did as a regular user). The permissions allow any user to read it, thus ANY program or service on the system running as ANY user can read that ID. So the answer is- it is exposed to everything,

      • There's a reason this is there...

        Host name is subject to the user changing it
        IP address is subject to DHCP in most cases
        MAC address is in the NIC card and that can be swapped
        CPU model is not unique
        Partition table is the same on fresh installs
        OS version is not unique

        • >[...]is subject to the user changing it"

          How is any of that much different than machine-id, which is also subject to the user changing it, if they want to?

          https://www.thegeekdiary.com/c... [thegeekdiary.com]

          >"is not unique"

          Neither is machine-id, not to the world or to all time. It is just a random value. I can pull a sequence from a combination of the stuff I listed with a lot of entropy. It just isn't "standardized" and as easy/convenient or as persistent. (That is what I meant in my first post- not a single factor

    • by jaromil ( 104349 ) *
      It is accessed by browsers, Chromium for instance.
  • Seems like the publishers and spooks love having a machine ID, but true Linux geeks don't like the machine ID citing privacy as their goal. Let's face it, the "free" operating system has been co-opted by the spooks. Linux is tempted to fight back, Windows cites the terms of service, and Mac is for the Steve Jobs Estate to run.

    We'll get more secure computing eventually, but it's going to have to leave something for Commission Junction and DoubleClick/Google to trace who got what ad so when you buy, the site

  • Under the assumption that the machine ID is leaking to the outside, we can suppose that "they" now just need to keep track of machine ID uniqueness over time to gradually, eventually differentiate you from other sources of traffic. It is unlikely that you will reboot your computer at the same time as others around you.

    This is a facepalm on so many levels.
    • Under the assumption that the machine ID is leaking to the outside, we can suppose that "they" now just need to keep track of machine ID uniqueness over time to gradually, eventually differentiate you from other sources of traffic.

      Crap! That means that, despite our best efforts, they'll eventually figure out how to identify and access our web server!

  • What would be the use/value for a machine ID that is re-generated at each reboot?
    Couldn't I just pull something just as useful from /dev/random? (He said only half jokingly.)

  • Shouldn't this be fixed with security? Having a stable machine ID is probably useful for something - probably logging. If the only thing that needs it are system daemons, then disallow reading it from userland, and make sure dbus won't report it back to userland.

    • by HiThere ( 15173 )

      It's only useful for logging if the log is going to be stored on another machine mixed with the logs of lots of different machines. Otherwise you know it's for the machine that holds the log. (Or that wrote the log, if it's to a removable disk or some such.)

  • I'm sorry. You call yourself a nerd and don't compile your own kernel?

  • by jmccay ( 70985 ) on Saturday November 30, 2019 @05:49PM (#59471686) Journal
    The only truly safe & private computer is one that is not attached to any network & isolated to one or two people who are routinely tested for violations of policies.
  • This patch matters for everyone's privacy and I hope more distributions will follow our example, let alone Debian. We are dealing with important privacy implications: non-consensual user tracking is illegal in many countries and is

    • not even mentioned in the machine-id documentation

    so far.

    Russian Troll Alert
    demonoid-penguin@wonderland.mil ~ $ man -k machine-id
    machine-id (5) - Local machine ID configuration file
    systemd-machine-id-commit.service (8) - Commit a transient machine ID to disk
    systemd-machine-id-setup (1) - Initialize the machine ID in /etc/machine-id


    The machine ID is usually generated from a random source during system installation or first boot and stays constant for all subsequent boots. Optionally, for stateless systems, it is generated during runtim

Arithmetic is being able to count up to twenty without taking off your shoes. -- Mickey Mouse

Working...