GitLab

In December 2019 I saw an article mentioning that Devuan has made so that a new /var/lib/dbus/machine-id is generated for each boot for improving privacy, considering that the file can be read by anyone and there is no restriction to that:

https://devuan.org/os/debian-fork/ascii-point-release-announce-112119

I started a discussion about the issue on openSUSE's bugzilla (the distro I use) where I shared my thoughts of the potential implications of machine-id being accessible by everyone (as it is now) and a suggestion that additionally to what Devuan has done machine-id should also be with limited access, allowing only "whitelisted" programs.

The advise of the dbus experts on openSUSE's bugzilla is that this discussion rather belongs upstream (here) where the possible changes should be made, so I am opening it for consideration.