Decide what to do with machine-id
Modern GNU/Linux tools (D-Bus, systemd) relies more and more on
/var/lib/dbus/machine-id (depending on the OS, versions, etc.). In most situations we care about, if not all, this ID should not be leaked to the network. If it is, then:
- if we set the same machine-id everywhere, then users are all in the same anonymity set; but this also leaks that they're using Tails
- if we set unique machine-id on boot, then we don't leak that users are using Tails, and applications that rely on machine-id working on the LAN work; OTOH, if machine-id leaks on the Internet, then the fact that users are not in the same anonymity set can be a problem
We should first evaluate if/how machine-id can be leaked, and then think about this all, and decide something.
#4 Updated by intrigeri over 4 years ago
Note that if we decide to make
machine-id a per-Tails-boot identifier (as opposed to the current per-Tails-version identifier), we'll need to check our AppArmor profiles and see if they allow apps to access those file, why, how dangerous it is, and whether we want/need to keep allowing it.
#7 Updated by upqoer over 4 years ago
This can be an issue.
if we set the same machine-id everywhere, then users are all in the same anonymity set; but this also leaks that they're using Tails
Go for this one.
- Person is trapped whole time while running Tails instance with the same machine-id. That means if it will get leaked by the browser or anyhow, and user will want New Identity, he will still be trackable by this attribute.
Setting hardcoded machine-id, Tails-specific is way better idea for anonymity.
Also note this: (!)¶
Tor Browser in Tails can read this file! (/etc/machine-id). See Tails current AppArmor profile allowing Tor Browser read from machine-id:
Deny it. Why would Tor Browser need the access to this file? And what about other applications like Pidgin, Evince, Electrum and all the others? They will not work without access to it? Has anybody tested this out?