Ultimately, the problem is much bigger than /etc/machine-id since there are dozens of hardware IDs on any PC that can be used by malicious telemetry to silently to uniquely identify and track you, and the only solution to this problem currently is to make sure you really trust any software you use.

Systemd, in particular, acts a lot like malware for Linux because if you try to reset your machine-id a long list of stuff that breaks in in it. You could make a cron script to reset /etc/machine-id every day, but machine-id is so deep in the stack that you’d also have to reboot to ensure it’s updated.

  • hirihit640@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    1
    ·
    14 hours ago

    Perhaps ask in the github issue I linked earlier why machine-id is necessary at all. They may have their reasons. My guess is that it makes it easier for devs to port their applications to flatpak, namely legacy apps that depended on machine-id.

    • ☆ Yσɠƚԋσʂ ☆@lemmy.mlOP
      link
      fedilink
      arrow-up
      2
      ·
      11 hours ago

      It probably does, but I suspect they just didn’t consider the problem in the first place rather than the issue being that not having a persistent id is somehow extraordinarily difficult.

      • hirihit640@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 hours ago

        You could say the same about Linux itself and machine-id. Fingerprint resistance just wasn’t in the project scope.

        • ☆ Yσɠƚԋσʂ ☆@lemmy.mlOP
          link
          fedilink
          arrow-up
          2
          ·
          6 hours ago

          You could, but there was no machine-id on Linux originally and it was something that got added and arguably shouldn’t have been. Again, I’m really struggling to understand why you’re so invested in defending this decision. Like it’s obviously a bad decision, it’s not necessary, why is it so hard for you to just say that.