[Feature Request] Disable Showing IP and Locale by Default

[amarraff]

Wanted features:

Have IP and Locale hidden by default, instead of having to run commands to hide them alongside fastfetch.

Motivation:

Makes it easier and more secure for people to share their fastfetch info. Many people are moving to fastfetch from neofetch. When using fastfetch to share one's desktop ricing or system info over the internet, it would be helpful to have the machine's local IP and locale not be shown for security purposes.

[CarterLi]

This is my localip: 192.168.1.5/24

Please attack me if you can.

[amarraff]

This is my localip: 192.168.1.5/24

Please attack me if you can.

I get your point, but if a hacker or group of hackers ever try to target you, it's best for them to not have your local IP. It'd be nice to have this info hidden. I think many people would feel more comfortable switching to fastfetch if it was hidden by default as well.

[CarterLi]

If you don't like it, you disable it in the config file.

[CarterLi]

If you want to argue the LOCAL IP can affect security, please prove it.

[amarraff]

If you don't like it, you disable it in the config file.

I'm still pretty new to Linux, I don't know where that is or how to edit that. Could you please tell me? Many other users are in the same boat as me on that, since the Linux OS's percent share is rising and there are more beginners. It would be better to have the option disabled by default.

If you want to argue the LOCAL IP can affect security, please prove it.

To my understanding, it would give them immediate knowledge of which device on your network is your computer, instead of them having to figure that out. Plus, again, it just makes people feel better to not have any kind of IP showing by default. Perhaps it doesn't matter to some, but it matters to many other users who would rather not risk it. I think it'd be a better default behavior to hide the information, with an easier shorthand to display it like -ip

[CarterLi]

To my understanding, it would give them immediate knowledge of which device on your network is your computer, instead of them having to figure that out.

Seems you have zero knowledge about what a LOCAL IP is. 192.168.1.5 gives others absolutely zero knowledge about your computer.

A local IP make sense only if someone's device and yours are in the same LAN. That is to say, if you are in your home, an attacker MUST connect to your wi-fi to find your device by local IP. And even if the attacker somehow find your home, got your wi-fi password, connected to your wi-fi, got your local IP, he still need to find a vulnerable port to attack you.

[CarterLi]

I promise, the Local IP module gives absolutely less knowledge than the Host module.

[CarterLi]

Anyway, you generate the config file with --gen-config, and remove "localip" in the config file.

[amarraff]

I understand your points, but at the end of the day it'd still be better to hide this information by default. You acknowledged through your previous comment that if a hacker breached your local network through a vulnerable port, they could use the information against you. It would be better to hide sensitive system information by default (especially any related to user location, like locale) and only display hardware/distro info. The golden rule in situations like this is to have the feature be opt-in, not opt-out.

[amarraff]

Anyway, you generate the config file with --gen-config, and remove "localip" in the config file.

Thank you, this would be helpful info to have in a more accessible place for beginners.

[CarterLi]

So is the kernel version sensitive? If you use an old kernel that is known to be vulnerable, and show it to attackers, isn't it much more dangerous?

[amarraff]

So is the kernel version sensetive? If you use a old kernel that is known to be vulnerable, and show it to attackers, isn't it much more dangerous?

Not really, because if they have no idea what machine it's on, then they can't do anything. Similar to your argument about local IP. But I'd argue the IP is more sensitive because that's what would allow them to potentially access the kernel in the first place.

[CarterLi]

But I'd argue the IP is more sensitive because that's what would allow them to potentially access the kernel in the first place.

False. If I want to attack you, I would better send you a malware somehow (by sending malicious twitter messages or something, since you show your twitter account in the profile), rather than get your country / city / home and try to hack your wi-fi.

[amarraff]

But I'd argue the IP is more sensitive because that's what would allow them to potentially access the kernel in the first place.

False. If I want to attack you, I would better send you a malware somehow (by sending malicious twitter messages or something, since you show your twitter account in the profile), rather than get your country / city / home and try to hack your wi-fi.

That doesn't make it false, that just means it's a more difficult method of attack.

[CarterLi]

You can't persuade me. That's all.

[amarraff]

Curious about @LinusDierheimer's thoughts on this

[CarterLi]

https://github.com/fastfetch-cli/fastfetch/issues/611#issuecomment-1793493478

[LinusDierheimer]

Curious about @LinusDierheimer's thoughts on this

I am with @CarterLi on this.

[CarterLi]

Thanks @LinusDierheimer . I am glad you are back.

[LinusDierheimer]

I don't have the time to work on fastfetch atm, but i am always there when someone mentions me. I am glad that you continue this project so great.

[CarterLi]

Just leave it to me.