Use app-specific machine id instead of reading /etc/machine-id file
Currently pulseaudio reads from /etc/machine-id
by default if that file is readable.
From man machine-id
:
This ID uniquely identifies the host. It should be considered "confidential", and must not be exposed in untrusted environments, in particular on the network. If a stable unique identifier that is tied to the machine is needed for some application, the machine ID or any part of it must not be used directly. Instead the machine ID should be hashed with a cryptographic, keyed hash function, using a fixed, application-specific key. That way the ID will be properly unique, and derived in a constant way from the machine ID but there will be no way to retrieve the original machine ID from the application-specific one. The sd_id128_get_machine_app_specific(3) API provides an implementation of such an algorithm.
From man sd_id128_get_machine
:
sd_id128_get_machine_app_specific() is similar to sd_id128_get_machine(), but retrieves a machine ID that is specific to the application that is identified by the indicated application ID. It is recommended to use this function instead of sd_id128_get_machine() when passing an ID to untrusted environments, in order to make sure that the original machine ID may not be determined externally. This way, the ID used by the application remains stable on a given machine, but cannot be easily correlated with IDs used in other applications on the same machine. The application-specific ID should be generated via a tool like systemd-id128 new, and may be compiled into the application. This function will return the same application-specific ID for each combination of machine ID and application ID. Internally, this function calculates HMAC-SHA256 of the application ID, keyed by the machine ID.
It would be nice to use such alternative APIs for getting an id.