I saw that too. I read the links as saying any program that is run, including within a virtualized environment, can access the CPU ID.
If this is true, it means any virtualized Windows is going to be getting the CPU ID of the system (most likely) and sending it to Microsoft, since they collect a large amount of such information via telemetry.
I almost never run closed source software, but I have occasionally run closed source software in a virtualized environment and then deleted the virtualized environment after. According to this, those closed source programs could be getting my CPU ID, sending it somewhere, and then even if I delete the program the CPU ID can be used to continue to track me.
replied to your post, even if @procShield is stating something slightly incorrectly, the post still brings up some really valid and interesting concerns.
Also, if a website were to try to do a unique fingerprint of a user using a RAM hash, would that RAM hash hold as consistent in a disposable Qubes AppVM in which the total allocated RAM could vary but is always less than the total RAM?
edit: I am not being able to make more posts until 7 hours has elapsed. @renehoj you are probably right. I think I was using the term “CPU ID” as my way of saying unique CPU identifier (like a CPU serial number), but that might not be a risk at all. Even if that can’t be determined, I have seen some new hardware based fingerprinting on GIT that can’t really be spoofed yet, but I am not sure whether big technology is deploying that because it seems like probably 95 percent of users don’t understand canvas fingerprinting, and of the 5 percent that do, probably almost all 5 percent is only blocking canvas fingerprinting and not any of the other fingerprinting types. I think the amount of users who alter metrics to try to block most of the standard fingerprinting methods is probably less than 1/10,000 and it’s so small that it doesn’t affect their profit enough to deploy new methods.
I don’t know what precisely is going on, but I have observed machine behavior.
Java constantly gets interfered with even if I am using tor. I’m not sure how this happens, but I know it is highly repeatable and persistent.
I have noticed CPU “bursts” with multimedia. Google through invidious .onions. That processing reaction must be fairly specific, although maybe only so far as the CPU series.
If I understand correctly, the CPU frequencies, however, are slightly unique due to variations in the fabrication process. I know Mozilla can get proc/cpuinfo and can lifetime ban someone without any due process, but if you virtualize or essentially alter your system, then Mozilla corp functions suddenly work again. So they must get individual IDs connected to hardware properties somehow.
I got the same result from deviceinfo. I have to study the question some more before answering. poly.nomial is not a detector, just a sample. There may be a way for Java Servers to get remote CPU info from what I’m reading, but I’ll have to look into this further. Thanks.
Then how do you think Mozilla Corp and Ubuntu Canonical Corp can identify a new computer and new software that I have not logged into any social media or email from? My identity should be unknown to them but somehow they have deep targeting capabilities I think must be connected to hardware specs. Ideas?
I doubt anyone is using CPUID for fingerprinting, it’s probably one of the weakest hardware identifiers in most systems. My laptop is the Lenovo T480 with the 8650U, the model number of the laptop is many times more unique than the CPU model, and the MAC address is 100% unique.
CPUID can be used to “break out” of the appVM and fingerprint the actual hardware, but knowning person X is using a CPU with a production run in the high millions isn’t really going to compromise your anonymity.
Difference of cpuid command (or cat /proc/cpuinfo) output on host vs guest?
iirc at least for KVM/libvirt systems the output can be very different depending on what CPU features you pass through.
Also iirc, there once was a discussion on the Whonix forum for having the same CPU model used for each user.