cross-posted from: https://piefed.world/c/tech/p/1246200/pdf-a-hacker-s-arrest-reveals-microsoft-can-track-users-ip-history-even-with-vpn-full-we
You can read about it yourself here on page 12 (or page 8 of affidavit), then page 33 and down (page 29 of affidavit)
First one to notice this: Security researcher, VX-Underground.


deleted by creator
systemd huh
From what I read over there, dbus is to blame for this one.
Dbus introduced the concept, sure, but it doesnt break your entire system for resetting it, systemd does
https://man.freebsd.org/cgi/man.cgi?query=Reset-Machine-ID&sektion=1&manpath=FreeBSD+15.0-RELEASE+and+Ports.quarterly
A lot of people overblowing this in the replies right now. Machine-id is mainly used by fleet admins at companys to manage individual devices, to generate system application keys, or tag logs (and yes systemD provides this file, but so does dbus and many non systemD applications depend on it). Chrome and Firefox might access your machine-id but their also tracking you in much worse ways by default aswell, if you care about privacy your probably already using an alternative browser that dosent use your machine-id
The problem isnt windows or linux having a machine-id but that your applications are not properally sandboxed (flatpak does not sandbox /etc by default, so no, flatpak is not a solution) or that your using applications that handle security poorly
deleted by creator
We need a workaround for this.
I just verified that debian livecd booted inside a ventoy/qemu gets a new id every boot. So as far as tracking, single session only if firefox-ESR gives that data up.
Of course as soon as you log in to social media, steam, what have you, telemetry all over again.
Disposable virtual machines.
Whonix generates a new one at boot by default.
Do they get around this, though.