I am really new to this so I am trying to dig a little deeper.
Found this recommendation:
How it is important? Won’t anything break? What the purpose of this change?
Also, what do you think about fwupd (Some article recommended to install it and run it)? Should I use it? Or leave as it?
If something it is Pop OS
I’m not an expert on the topic, but after searching around, I don’t see many reasons to avoid changing your machine ID. It’s mostly used for systemd, D-Bus, your networking, logging, and licensing in order to keep track of a particular system. It persists after a reboot but will change on a system reinstall. Some distros randomize it on each boot (Tails), and some keep it the same among all users (Whonix). You shouldn’t experience any problems after changing it. If you’re worried, just write down your previous machine ID before changing to a generic Whonix one. You can always change it back.
fwupd is a daemon that is used to update device firmware. Some popular distros already ship with it: Debian, Ubuntu, Fedora, etc.; it is also integrated into such tools as Plasma’s Discover and GNOME Firmware/Software.
If I’m understanding it right, Pop OS integrates fwupd into its Firmware Manager, so check if you have it installed.
So what to do? Randomize? Ore set generic? If randomize - how?
And why this ID even exist? If I delete it what?
If I were to guess, I’d say that machine ID randomization in Tails works at the system level. You could probably do the same with an autostart script or similar. Regardless, I recommend simply following the guide and setting the generic Whonix ID.
You cannot delete it outright or set it to all zeroes, because several services have legitimate uses for it. I doubt it is used for targeted tracking, since the ID can be edited at any time, making it a poor and inconsistent fingerprint. If you’re interested, you can learn more here.
Could websites visited in a browser access one’s Machine ID or is it just installed software?
Again, not an expert, but such files are buried deep in the Linux filesystem, so web pages cannot access them. Besides, even if they could, it would be too much hassle for too little gain. There are far more consistent and reliable fingerprints to build a profile on you. The fingerprint of the browser you’re using to view a website can reveal much more than a machine ID.
Purely theoretically, you can mount this file as TMPFS. But better go with WHONIX config.
I tried on my /etc/fstab in QEMU:
/run/machine-id /etc/machine-id none bind 0 0
But it seems not really good solution.
Hi
Can someone help me?
I am experimenting with privacy hardening on my Zorin OS.
And I am thinking about full machine-id randomization…
I found guide like:
sudo rm -f /etc/machine-id /var/lib/dbus/machine-id
sudo ln -s /run/machine-id /etc/machine-id
sudo ln -s /run/machine-id /var/lib/dbus/machine-id
Other guide says to go with GRUB (and full update via sudo update-grub) via editing /etc/default/grub where I need to change some line to:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash systemd.machine_id=uninitialized"
What do you think? Better go with WHONIX one from guide above? Or randomize with my solutions? If randomize, which variant better?
Personally, I’d go with a generic Whonix machine ID. I think that the randomization present in things like Tails follows the need of its users to be as anonymous as possible. Systems like Zorin are not designed for that. I just don’t think it’s worth the hassle.
The most straightforward way to harden Linux is using SecureBlue as the distribution and then try to only install app’s as Flatpak`s with limited permissions
I was recently playing with Bubblewrap for app sandboxing, and I found that some apps (e.g. Spotify) rely on /etc/machine_id as some sort of user session id, and if you change it - you will be logged out next time you launch the app.
So I ended up using Whonix machine_id.
But I think only most invasive programs will do so (I promise I will ditch Spotify very soon 
).
You shouldn’t waste your time with such tweaks. Stick to trusted (open source) software that does not attempt to identify and track you in the first place. The moment you run commercial malware, obfuscating hardware identifiers becomes useless since you are typically logged into the “service” and identified anyway. If this cannot be avoided, you are better off running that untrusted software in VM or dedicated hardware.
This is interesting assumption, but machine-id used in DHCP ID.
Better to configure Network Manager instead.