What is a machine-id, and why should you randomize it? From the machine-id man pages, it is defined as:
This ID uniquely identifies the host. It should be considered “confidential”, and must not be exposed in untrusted environments, in particular on the network. If a stable unique identifier that is tied to the machine is needed for some application, the machine ID or any part of it must not be used directly.https://www.man7.org/linux/man-pages/man5/machine-id.5.html
In an effort to promote privacy, having a unique and unchanging identifier tied to your device seems like the wrong approach. It’s quite possible that poorly coded or even maliciously coded software could fetch this ID from your system. Let’s make sure that even if that does happen, that the value is constantly changing so that your device can not be uniquely identified as your device.
This is an incredibly simple and quick adjustment to your default Linux system. What we’re doing is showing you how to either adjust this value manually by hand, or by running a cronjob to change this value every minute with a new, randomized value.
Before we begin, a disclaimer: We’ve tested this on our own work desktops and development environments and I’ve tested it on my daily driver desktop. We have not found that anything has ‘broken’ because of this, but this is untested in many environments and may not be suitable for your use. It’s always reversible if you later wish to continue with a single, uniquely identifying ID attached to your device(s).
Debian / Ubuntu systems
To check your machine-id, open up your terminal and enter the following:
The output should look a little something like this:
You’ll note that this value is also stored in /var/lib/dbus/machine-id and that a symlink between the two exist. Any change to one file, will be reflected in the other.
me@virtbox-testing:~$ cat /etc/machine-id a9976154f0084a3782892638656ad9fd me@virtbox-testing:~$ cat /var/lib/dbus/machine-id a9976154f0084a3782892638656ad9fd
If you reboot your device, you’ll notice that this value remains unchanged. So, let’s change it ourselves!
Method 1: Manually.
Method 2 is automatically, every minute, as ran by a cron-job. If you don’t want to fully commit to that, you can change your machine-id by hand manually whenever you feel like it.
Step 1, remove the old machine-id file.
sudo rm /etc/machine-id
Step 2, recreate the machine-id file.
Step 3, confirm that /etc/machine-id (and /var/lib/dbus/machine-id) now show a new value, different from the original.
cat /etc/machine-id && cat /var/lib/dbus/machine-id
That’s it! You should see two lines in your output with matching IDs that differ from the original machine-id you had in the beginning.
me@virtbox-testing:~$ cat /etc/machine-id && cat /var/lib/dbus/machine-id a78badce3e73beced163bbef7e55232a a78badce3e73beced163bbef7e55232a
You’ve changed your device’s uniquely identifying machine-id. This change will survive device reboots and will remain the same until you create a new one.
Method 2: Changing every 1 minute, automatically.
If the above didn’t satisfy your needs, than feel free to automate the creation of a new machine-id by creating a cronjob entry that will generate a new ID every minute.
Step 1, open up your crontab file.
sudo crontab -e
Step 2, enter at the bottom of the file the following:
*/1 * * * * sudo rm /etc/machine-id && sudo systemd-machine-id-setup
Save and Exit.
Step 3, wait a minute and confirm that your machine-id value has changed:
cat /etc/machine-id && cat /var/lib/dbus/machine-id
You should see two new matching values, that differs from the original value you had at the start. Wait a minute and run the step 3 command again, and you’ll see that these values have changed.
You’ll see that the command, when ran a minute or more apart, will produce new values now.
me@virtbox-testing:~$ cat /etc/machine-id && cat /var/lib/dbus/machine-id b722903d87994e24b6378289262c3021 b722903d87994e24b6378289262c3021 me@virtbox-testing:~$ cat /etc/machine-id && cat /var/lib/dbus/machine-id 4352c41ad7fb4a05a54b0942c5c27cb0 4352c41ad7fb4a05a54b0942c5c27cb0
Uniquely identifying ID’s are rarely a good thing when you take privacy into consideration, and although these items have their purpose in limited use cases it doesn’t appear that generating a new unique ID every minute has any downsides.
What do you think? Is this a pointless privacy practice or a needed, but often overlooked part in maintaining privacy in the modern age? Let us know in the comments below.
After publishing this article, we received some feedback that I’d like to touch base on here.
- Testing the high privacy, pro-anonymity Tails-OS shows that you receive a new machine-id after every reboot. Props to Tails-OS!
- Testing the privacy and anonymity promoting Whonix-OS shows that they do not issue a new machine-ID after every reboot and instead use the same ID for all Whonix users. Their response to this blog post can be read here with their reasoning and more information.
- A commenter on a [RAMBLE] post mentions that MXLinux does not use systemd, and thus does not use a machine-id.
- Here is a list of Linux operating systems that do not use systemd. (And will not have a machine-id)
- Yes, there are other uniquely identifying aspects on all systems. From device serial numbers to MAC addresses. The purpose of this post was to discuss a lesser discussed unique identifer: machine-id.
What about your distro? Feel free to comment below and share your thoughts.