On Sat, 9 Mar 2019 09:05:20 +0100, marc wrote in message
<20190309080520.GA32402@???>:


> So instead of adding crontab rules to obfuscate the ids,

...er, say "to flood them with useless IDs," if you want
my agreement.

> I'd recommend adding an inotify rule to record which processes
> look at these files, and publishing this - here.
>
> Much has been written about Debian's Social Contract, but
> it seems to be ineffective against this type of spying,
> whether it involves falling back to 8.8.8.8 as name-server,
> or scattering machine ids all over the filesystem.
>
> I think Devuan has an opportunity to do better - going by
> the number of messages in this thread it is an issue which
> worries many people.
>
> A good starting point might be to update the "Tags:"
> package field, to include a "leaking::" category. So packages would
> not only described as being "implemented-in::c" but also as
> "leaking::host-id" or "leaking::clickstream".
>
> Then one could aim to have a "leak-free" build, like people
> try to have a "reproducible build"...


--
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.