Possible shared installation identifiers between AppVMs using the same TemplateVM

togoduke · November 7, 2025, 12:48am

Hi everyone,

I have a question about how TemplateVMs handle potential “installation identifiers” that some software might create during install time.

Here’s an example:

I have a Debian TemplateVM where I installed Google Chrome (using the official .deb package).
I then created four AppVMs based on that template. Each AppVM uses its own Chrome profile (stored in /home).

I understand that:

The Template’s root filesystem (/usr, /opt, etc.) is mounted read-only inside AppVMs.
Each AppVM has its own persistent /home and /rw directories.

However, I started wondering whether some programs — like Chrome — generate a unique installation identifier during installation (for example, in /opt/google/… or similar).
If so, that identifier would be shared across all AppVMs using the same TemplateVM, since they all use the same read-only system files. In this case, Google would know this as well…

I couldn’t find any documentation or discussion about this on the forum.
Has anyone ever thought about this, and besides creating a separate template per AppVM, do you have any solutions or workarounds?

adw · November 7, 2025, 2:25am

Shouldn’t be a problem for security. As for privacy:

https://doc.qubes-os.org/en/latest/introduction/faq.html#what-about-privacy-in-non-whonix-qubes

FranklyFlawless · November 7, 2025, 4:48am

Sure, StandaloneVMs are technically distinct from TemplateVMs or AppVMs:

qubist · November 7, 2025, 7:32pm

@togoduke

However, I started wondering whether some programs — like Chrome — generate a unique installation identifier during installation (for example, in /opt/google/… or similar).

You can verify it:

Install the same browser in 2 separate templates. Check which files are put/changed on the system by the installer. Copy them to a VM and run diff. What is the result?

Has anyone ever thought about this, and besides creating a separate template per AppVM, do you have any solutions or workarounds?

A possible (wasteful) one is to install the browser package on AppVM start through a script in /rw/config/rc.local. However, that is not a panacea because if we assume browser X generates such ID, it really depends how it is generated. If it is based on data which is the same in all AppVMs (e.g. CPU model), that renders the whole exercise pointless.

Even if no ID is generated in a file, a sneaky browser X (or any other software) can still generate the ID internally (in RAM) and use it while running.

Bottom line: research is necessary.

togoduke · November 8, 2025, 10:00am

Thank you this answer exactly my question.

Privacc · November 16, 2025, 10:12pm

I’ve tried the suggestion on this post and it works. It’s good protection against HW fingerprinting.

The thread of this post is a good discussion on this.

rzg · November 23, 2025, 1:15am

Yes, I also found a curious cookie when configuring avahi-daemon.service in template, like this:

Feb 24 00:22:45 rpi avahi-daemon[1438]: Server startup complete. Host name is rpi.local. Local service cookie is 2001195350.

Also Telegram:

github.com/telegramdesktop/tdesktop

Telegram replaces the launcher desktop file with a weirly named one on linux

opened 03:21PM - 11 Jan 23 UTC

closed 01:53PM - 06 Feb 23 UTC

mrmeszaros

bug

### Steps to reproduce 1. Create a desktop file manually, e.g.: `~/.local/sha…re/applications/telegramdesktop.desktop` ```ini [Desktop Entry] Version=1.0 Name=Telegram Desktop Comment=Official desktop application for the Telegram messaging service TryExec=/home/vagrant/.local/share/TelegramDesktop/Telegram Exec=/home/vagrant/.local/share/TelegramDesktop/Telegram -- %u Icon=telegram Terminal=false StartupWMClass=TelegramDesktop Type=Application Categories=Network;InstantMessaging;Qt; MimeType=x-scheme-handler/tg; Keywords=tg;chat;im;messaging;messenger;sms;tdesktop; X-GNOME-UsesNotifications=true ``` 2. Install Telegram 3. Launch Telegram 4. Inspect the `~/.local/share/applications` folder for the desktop launcher file (replaced) ### Expected behaviour Telegram should not replace the launcher file. If if must, then it should use a name that does not contain a 32 character hexa identifier. ### Actual behaviour After the first launch, `telegramdesktop.desktop` gets replaced with `org.telegram.desktop._<32LONG_HEX>.desktop`. It even says it in the `~/.local/share/TelegramDesktop/log.txt` If I rename the desktop file to something, then the dock icon for the application breaks. ### Operating system Ubuntu 22.04, GNOME ### Version of Telegram Desktop 4.5.3 ### Installation source Static binary from official website ### Logs ```shell ... [2023.01.11 15:02:27] Executable path before check: /home/vagrant/.local/share/TelegramDesktop/Telegram [2023.01.11 15:02:27] Logs started [2023.01.11 15:02:27] Launcher filename: org.telegram.desktop._102e2be7fdb48dfc5164611f2f7fd6af.desktop [2023.01.11 15:02:27] Connecting local socket to /tmp/9b4389f2b23f460fe40f59f288370d39-{87A94AB0-E370-4cde-98D3-ACC110C5967D}... [2023.01.11 15:02:27] This is the only instance of Telegram, starting server and app... ```