Madaidens Security Machine ID question - Linux hardening

hey on Linux Hardening Guide | Madaidan's Insecurities at 10.3 “Machine ID” you can read something like

Blockquote
A [unique Machine ID] is stored in /var/lib/dbus/machine-id and on systemd systems, /etc/machine-id also. These should be edited to something generic, such as [the Whonix ID]:

b08dfa6083e7567a1921a715000001fb

What is the reason behind this? I dont find an explanation and how does it affect my linux if i change its unique machine id? Can i be identified an tracked by this unique machine id in linux?

I wouldn’t worry about it tbh, it’s supposed to be kept confidential, all your disk volumes also a unique UUID.

1 Like

It’s not sent to the websites you visit. You’d literally have to install two separate programs that both decide to spy on you in this way to correlate their data on you, in order for this to be an issue.

Ah ok now it makes sence when the author is referring to whonix when using a generic uuid, because its a high security OS for people or company with higher privacy standards.

It’s foremost an anonymity focused OS, so every user is supposed to look the same or at least be in a big enough bucket to not be able to track individual user.

Btw, Madaidan’s guide is great, but sometimes his implementation details are not up-to-date. Would recommend to check out Desktop Linux Hardening | PrivSec - A practical approach to Privacy and Security or the Arch wiki to look up the implementation.