PureOS default hostname?

What is the best hostname to select for a new PureOS install? This isn’t a trivial inquiry. It would be beneficial to blend into the crowd. I’ve seen too many ways that my (unique) hostname finds its way out the front door.

The only caveat is that this should be a Linuxy name, which would be consistent with our rather obvious Linux fingerprint. So “Ted’s iPhone” and “WindowsBox” are out of the running.

I was thinking “localhost” would be good, but that could create some confusion with bona fide loopback redirection. “host” maybe? Or is that so generic that no one uses it? What’s your suggestion? It would be nice if PureOS made this name the default for everyone. (It would also be nice if PureOS identified itself as Ubuntu or something lame and popular, but that’s another issue.)

1 Like

are you referring to the “account-name@hostname” ? the terminal prompt ?

“linux”.

However bear in mind that a person may have more than one computer, so your mileage may vary as to how acceptable such a generic name is.

Identified itself where? how?

For the User-Agent browser string, there are already browser add-ons that give you control over what is sent.

Picking up @reC’s comment … the shell prompt is completely configurable as to what information is included within it. (The default seems to be that the hostname is included within the prompt but that is easily changed.)

It might be helpful to list those ways e.g. a checklist for someone trying to control such leakage.

https://www.ietf.org/rfc/rfc1178.txt

4 Likes

The only problem with that is that the internet was a different place 30 years ago. They were not dealing with surveillance capitalism and predatory governments. There is no mention at all of privacy or fingerprinting etc.

Choose “NSA-honeypot-xxx” [where xxx is pick your own number].

1 Like

Thanks everyone.

@mat8913 the point isn’t literally that I don’t know how to choose a hostname. It’s that I want to choose the most common one so as to blend in.

@kieran “linux” sounds great. Totally boring. Why didn’t I think of that? Unfortunately, now I can’t use it because then you’ll know it’s me knocking on your server :sunglasses: . I also like your idea of making a list of hostname leakpoints, but I really don’t know where they might be, apart from HTTP referer stuff and maybe software updates. It seems to me from indirect observations that my hostname has leaked via those routes. Furthermore, using a software VPN isn’t good enough because it’s not trivial to guarantee that the VPN starts up before the first such emission can occur; a router-based VPN is required but they don’t provide much privacy. AFAIK only Protonmail’s VPN is worth anything, and if you’re smart enough to use it, you’ll also stick out like a sore thumb, so ironically it doesn’t really work. Tor is a solution (just watch that font size and browser dimensions), but it’s impractical “because CloudFlare”. So… this is why I actually still care about anything and everything that spits out my hostname, including but not limited to the horrible software center and update checker app that ships with most every Linux. (I also want a MAC address that randomizes on every boot, but that’s another discussion.)

I don’t care what shows up at the terminal prompt, although it’s a deanonymizing hazard when recording video of the screen or capturing it. If I had a penny for every poor fool who ever uploaded a video with their bookmarks showing. Kinda like the noobs who have all their family pics on the shelf behind them during a public Zoom session. Oh, and watch out for those reflective surfaces and distinctive household architectural features, wallpaper, etc., but none of that matters because my hostname is just pissing out there 24/7 AAAAAGH! :exploding_head:

@tracy I can neither confirm nor deny that I’m using that hostname.

It should be solid to block all outbound traffic except traffic that is destined for the VPN server. In other words, you need a firewall in your router but you don’t need VPN in your router. That only works when you are behind your firewall however, so it is not as effective for a portable device.

A VPN doesn’t really stop any hostname leakage - although it may make the leaked hostname less useful since it is harder to associate the hostname back to you.

Since you mention MAC address randomization, what about hostname randomization? Change it on every boot?

However look carefully at the above RFC regarding the potential difficulties of changing your hostname. Some software will absorb the hostname as a one-off and hence won’t track any subsequent changes. One such annoying example is /etc/hosts

Or their open tabs.

one thing i’ve noticed is that if you leave it to say what it chooses for you by default then that is the WORST option. why ? because it automatically pulls it’s default name from the UEFI/BIOS (usually it’s the bare-metal motherboard name) … we can’t have that now can we ? :joy:

what is probably better is to run open-hardware (preferably some PureBoot/Libre-Boot BIOS) that will give (hopefully) a more “sane” out-of-the-box host-name. that’s not guaranteed though …

or you can always use a random-number-generator :rofl:

1 Like

If you are worried about hostname being leaked, then make it non-unique.
So random generators are out.
linux, my-computer, or some such sound great.
Maybe search for the most popular hostname, perhaps this:
https://networking.ringofsaturn.com/Web/top100hostnames.php
and choose from the top of the list.

2 Likes

www < that’s a good one.

Unless you change it all the time e.g. on every boot.

Based on your list, “host” looks good.

1 Like

RMS seems to be the best host name … thumbs up if you agree :sweat_smile:

I kind of like the idea of standardizing hostname, though in a local network it can be useful to have different names for different machines.

But when say, connecting to DHCP on an untrusted WiFi network it’d ideally send something random or just a default name or nothing at all.

This is seemingly possible, and preferable in the scenario of an untrusted network. Some (rare?) DHCP servers may however require this field (as an administrative choice).

In my crowded, trusted home network, the DHCP server unfortunately only displays this field in the listing of current leases, so it is a pain when a client does not send a client-identifier (or sends a relatively meaningless client-identifier).

For Linux computers it may be possible to configure the DHCP client to remove any connection between the hostname and the client-identifier used for DHCP. As an example of where this might be needed:

The computer that I am currently sitting on has a wired interface and a wireless interface. Both interfaces are using DHCP. They show up in the DHCP lease table with the same name (i.e. nothing to distinguish which interface is which), that name being the hostname, presumably because Linux sent the hostname as the client-identifier in both DHCP requests.

1 Like

I agree that it very much depends. I think this is true for all network anonymity features. E.g. changing MAC address on every connect is probably a good precaution for hotel and train networks, but not for corporate or home ones.

Looks like in network-manager that at least can be set on a connection basis with the mac-address-randomization option.

Apparently there is a per-connection option for this, as well, ipv4.dhcp-hostname! (and a ipv6 equivalent if you care about that) I think that would address your issue, as the wired and wireless connection are considered separate connections: https://linux-tips.com/t/customizing-dhcp-client-hostname-in-network-manager/408/2

Assuming you’re using nm, of course :smile:

1 Like

I most definitely care about IPv6 but it isn’t using DHCP.

Yes, I am using nm.

Will see tomorrow whether this actually worked.

1 Like

Such a fruitful discussion! Hopefully the Purism team will find this thread and take it under consideration for the next PureOS spin.

@kieran Hostname randomization is a brilliant idea! Can we just set a boot script to edit /etc/hosts everytime? I think that just getting the browser to take up the new hostname on each boot would be good progress. Is there anywhere else to modify, apart from /etc/hosts? How would it be modified – with sed or awk, cat with truncate, or custom code?

You’re right that a router could be programmed to block all destinations apart from one’s VPN servers, although as you pointed out, that’s not a portable solution. (Pocket VPNs are available, but I don’t know how practical they are or whether or not they require one to install untrusted apps.) If it’s not obvious, we should all assume that VPNs are compromised and export everything to who-knows-where, but they’re quite good at hiding one’s IP from targets. (Tor is better in this regard but has other serious drawbacks.) That said, if one’s hostname is sent to the target, then they would at least know that username X is associated with the same person as username Y even if the IP changes, absent hostname reassignment in between.

I’m not sure that (null) is a wise hostname to use. On the plus side, you might find a 0day in your IoT device by trying that. On the minus side, obviously only one device can use it at a time, and it’s probably rare (i.e.identifying) in the wild. And just in case some noob finds this thread and thinks that anonymity comes down to just IP and hostname… I suppose I should also mention that stylometry and clicking/tapping behavior are major sources of deanonymization, for starters.

“Or their open tabs.” – You don’t need to know anything about cybersecurity to see how stupid some people are.

@reC Thanks for the warning about hostname importation from EFI. That’s horrid.

@Dwaff Unique is sometimes good, sometimes bad. If all you do is visit one website, then reboot and get a new hostname, then no useful information will be conveyed by it. (You can’t say that I’m the same guy who visited the site, or some other site, yesterday. Of course this might all be compromised by some ass of a process which goes out and sends my hostname to an update server.) Your link to that list of popular hostnames is a great resource. Unfortunately, I was unable to load it, but I found it cached elsewhere. Adding to what kieran and reC mentioned, it seems to say that the most popular hostnames are, in order: “www”, “host”, “mail”, “dummy”, “ns”, and “ftp”. “www” is about 6X “host”, and on down from there. Take all this with a grain of salt because it also says that “host5” is extremely popular, so it sounds like a very biased sample. Still, those are good choices.

@vmedea If you actually need different hostnames for different devices, then random ones might work (unless you have a long uptime and reuse the same one for too many Web transactions) or otherwise “host1”, “host2”, etc., based on Dwaff’s list. More importantly, how can we set “assigned-mac-address” to “random” for wifi and/or Ethernet?

Based on that “tips” page you sent, I found that there are also “ipv4.dhcp-send-hostname” and “ipv6.dhcp-send-hostname”. Seems like one can set these to “no” and get it to just not send a hostname, but whether this covers HTTP referers as well is unclear to me, as is the overall scope of such a constraint. What do you people think?

I’m not sure I understand. How does the browser leak the hostname? When will “HTTP referers” contain the local hostname, according to you?

2 Likes

@vmedea It didn’t. I am wondering whether the correct nm parameter is dhcp-client-id (not dhcp-hostname) so I changed that one as well and we will see tomorrow.

As you can see from the side discussion that I am having with @vmedea this is a can of worms but …

The actual hostname is permanently stored in /etc/hostname but on the other hand you can theoretically change the hostname temporarily (which may be what you want here) using the hostname command.

The problem in the previous paragraph is that some random software might just read /etc/hostname so there is definitely an element of trial and error.

One approach would be to change your hostname permanently to some long, random, unique, printable, valid string, then change it temporarily to another long, random, unique, printable, valid string - and then go looking for all the places on or coming out of your own computer that either string shows up. Then work out how that place got hold of the hostname.

That will give you an inventory to work on.

Only then would you go ahead and implement actual hostname randomization.

You may have to adjust /etc/hosts as well.

As you can see from my side discussion about DHCP, that is just one of the places where the hostname can be independently configured. If you don’t use DHCP then you can bypass having to think about that but then for a portable device you more or less do want to use DHCP.

As far as I know the browser does not transmit the hostname in the User-Agent string. It does however transmit the operating system and version (which is itself bad enough) unless you take action against that.

I would like to state for the record that there is no way that I would want hostname randomization and there is no way that I would want to set the hostname to “linux” (or similar) on all hosts. I have many hosts and I need a sensible, unique name on each host. Your mileage is free to vary. :wink:

1 Like