cross-posted from: https://piefed.world/c/tech/p/1246200/pdf-a-hacker-s-arrest-reveals-microsoft-can-track-users-ip-history-even-with-vpn-full-we
You can read about it yourself here on page 12 (or page 8 of affidavit), then page 33 and down (page 29 of affidavit)
First one to notice this: Security researcher, VX-Underground.


There was just a thread on the privacy community about how Linux has a similar machine-id that could be used to identify and track you.
Far from a Linux power user, so I don’t know the veracity of that claim or how far it goes, and at least it isn’t tied directly to a company that you know is tracking you. Just pointing out that Linux generally seems to have a similar machine-id it presents to browsers with a lot of information that could be used to identify you.
A lot of people overblowing this in the replies right now. Machine-id is mainly used by fleet admins at companys to manage individual devices, to generate system application keys, or tag logs (and yes systemD provides this file, but so does dbus and many non systemD applications depend on it). Chrome and Firefox might access your machine-id but their also tracking you in much worse ways by default aswell, if you care about privacy your probably already using an alternative browser that dosent use your machine-id
The problem isnt windows or linux having a machine-id but that your applications are not properally sandboxed (flatpak does not sandbox /etc by default, so no, flatpak is not a solution) or that your using applications that handle security poorly
systemd huh
From what I read over there, dbus is to blame for this one.
Dbus introduced the concept, sure, but it doesnt break your entire system for resetting it, systemd does
https://man.freebsd.org/cgi/man.cgi?query=Reset-Machine-ID&sektion=1&manpath=FreeBSD+15.0-RELEASE+and+Ports.quarterly
We need a workaround for this.
I just verified that debian livecd booted inside a ventoy/qemu gets a new id every boot. So as far as tracking, single session only if firefox-ESR gives that data up.
Of course as soon as you log in to social media, steam, what have you, telemetry all over again.
Disposable virtual machines.
Whonix generates a new one at boot by default.
Do they get around this, though.