Author: Ivory Date: To: tails-dev@boum.org Subject: [Tails-dev] Inquiry on Tails Machine-ID Randomization Design and
Its Implications
Dear Tails Developers,
I hope this email finds you well. I'm writing to inquire about how Tails handles the randomization of the machine-id, based on my recent observations and reading from "Practical Linux Forensics: A Guide for Digital Investigators" by Bruce Nikkel (Chapter 7, Page 204). Great book by the way :)
In the book, it discusses the /etc/machine-id file, which contains a randomly generated 128-bit hexadecimal string. This ID is typically created during system installation and can be used for identifying duplicated systems or tracking installation timestamps. This prompted me to test the behavior in Tails.
Upon checking cat `/etc/machine-id` in a Tails session, I observed the following:
> Initial output: e20661e9dfffd2bb5fbf8075c3b01122
>
> After a reboot: b9f524acc60aa7ecea1cf62c60d5c900
This confirms that Tails randomizes the machine-id on each boot. However, I couldn't find any documentation in the Tails design documents explaining the exact mechanism for this randomization.
Additionally, I'm curious about potential side effects on system components, particularly with package managers like apt. For instance, do they rely on the machine-id for caching or metadata storage, potentially leading to the apt cache being cleared on each reboot? In contrast, I've noted that Whonix opts for a persistent machine-id approach, citing reasons related to facilitating package upgrades and maintaining package manager stability. While I disagree with this method due to privacy and tracking concerns, I understand their rationale and am interested in how Tails' randomization might differ in addressing these aspects.
I appreciate your time and expertise in addressing these questions. Any insights or references to relevant documentation would be greatly helpful.
