- The interesting part is not really the existence of a machine identifier. Almost every modern OS has some equivalent. The bigger question is the boundary: which components can access it, and when does a local identifier become a remote tracking identifier? A machine-id sitting on disk is very different from an OS vendor correlating it with network activity.
by cheschire
7 subcomments
- Well they can’t use that to track users of Linux.
I was a big fan of Microsoft ten to fifteen years ago. I’ve since transitioned my whole family off Microsoft products now over to Linux, Apple, and proton. Edit: and Brave.
I really thought their corporate culture would’ve changed after the late 90’s but I guess this is a good lesson for founders. The culture you build into your company will likely outlast your tenure.
- To me this indicates that Microsoft has some sort of traffic analysis performed on endpoints, then linked to GDID. I'd guess this is part of Defender's real time protection or MAPS.
Fun fact, Microsoft Defender MAPS was previously named SpyNet.
https://en.wikipedia.org/wiki/Microsoft_Active_Protection_Se...
The GDID identifier seems software in nature though. They could be more aggressive and tie it to the baseboard's serial number the way some games do. Then the hardware is tracked throughout its entire lifecycle, not just per instance of Windows install.
- I guess we’ll see a Windows tool that sets your identifier to this suspect’s “g:6755467234350028” very soon (weird ID, by the way. 16-digits makes sense, but I would have expected it to be hexadecimal)
Also, can anybody tell how “Microsoft had records showing that on May 12, 2025, at 19:21 UTC, the GDID associated with Stokes’ computer “accessed, among other ngrok pages, 'https://dashboard[.]ngrok.com/signup,'” works?
If it’s the browser sending that info to Microsoft, wouldn’t somebody have noticed that their PC contacts Microsoft for every web page they open? Or do they batch that data and send it at some later time?
Also, would that mean this ‘only’ affects those using Microsoft’s browser (or does Chrome do the same, sending data to Google?)
Alternatively, is this happening lower in the stack? I can think of a place where a system component has access to the domain name, but not of one where it has the full URL.
by materialpoint
1 subcomments
- This goes a long way to prove that Microsoft does NOT care about your privacy, even if the header of their cookie consent claims so. They absolutely do not care, and this should be said about every big-tech vendor, not matter how lame it seems to say so. It is long overdue that we all say what needs to be said: they do not care about your privacy, your independence, or your well being. They DO NOT CARE.
- So this kid uses his home computer at his home, and they trace him down with the IP address, and the IP address also makes a request for Windows Updates. And that narrows down the Device ID. The device id is now traced to this kid.
This is the kind of stuff privacy advocates have been raising the alarms about. This is the kind of capability that de facto erased all privacy assertions. And further led companies like Google to take advantage of this and erase assumptions of privacy all together.
- Vague article. No evidence that Microsoft can see what web pages you are visiting in Chrome or Firefox (for example).
by contubernio
3 subcomments
- Does this not violate European privacy laws?
by zaptheimpaler
0 subcomment
- I'm probably going to called a lunatic but I'm convinced this kind of telemetry is somehow linked to and behind the huge coordinated advertising push for VPNs in the last few years. More and more, the "invisible hand of the market" seems like literally the hands of a few very large conglomerations of power and capital that shape the economics of the entire market to effectively control it - they shape the gradient and make sure companies optimize loss. VPNs are either directly spyware that increases tracking capability, or are being offered now because they don't need your IP to track you anymore so they might as well make money off your fears while still tracking you. More broadly, I don't see much of a free market or democracy left anymore, now every government is doing a coordinated push to eliminate privacy as well.
- Related thread by some Massgrave.dev devs explaining some GDID mechanisms:
https://x.com/massgravel/status/2074304593303892354
- US Tech is fast becoming like Russia's and China's.
by Alien1Being
0 subcomment
- The most surprising part of this is a "hacker" using Windows ...
by RandyOrion
0 subcomment
- The criminal complaint missing in this article: https://www.justice.gov/usao-ndil/media/1450651/dl
Basically, Microsoft logs things from windows users, including and not limiting to, the machine GDID, IPs that come with the GDID, and when and what exact URLs accessed. So for windows users, privacy, an important part of information security, is totally destroyed by these logs enforced on windows. Another important part of information security is bug fixing, and microsoft did make at least one security researcher angry [1].
And a simple solution to that problem is moving to linux. You save yourself a lot of time and energy for leaving the adversarial information security condition imposed by windows and microsoft.
P.S. You may consider debloating windows for a more information security friendly environment. However, that is nearly impossible, as long as you realize that windows is an OS composed of thousands of closed source softwares, and doing security audits on all of these will be costly.
[1] https://news.ycombinator.com/item?id=48315968
- Duplicate? https://news.ycombinator.com/item?id=48807767
by nubinetwork
0 subcomment
- Android has one too. If you don't link your google account to an app, they can use your device id as your profile.
- And remember, most of this telemetry is just marketing/ad tech, so anyone that works in the martech/adtech space, you're also part of this.
by ChrisArchitect
0 subcomment
- [dupe] Full Writeup of the Windows GDID
https://news.ycombinator.com/item?id=48811081
- Could this identification be through some alternate Windows service like Windows Update, Windows Time ntp server or Windows Defender?
by zelphirkalt
1 subcomments
- My surprise level is at approximately... zero.
Next we will see some news, that MS was compelled to share that info with some three letters. - Oh wait, that is exactly what has already happened, according to the article.
MS is just like that person, who drives a dagger into your back.
by protocolture
0 subcomment
- Probably a capability demanded through a TCN or TAN as part of a mechanism like Australias Access and Assistance bill.
by diogenescynic
1 subcomments
- I assume this likely true for nearly all device manufactures. I assume all devices have some kind of unique ID that they use for tracking, whether they said so or not.
by fumeux_fume
0 subcomment
- [dead]
by Pavel_Akimov
0 subcomment
- [flagged]
- [dead]
- [dead]
- TLDR: Microsoft can (at least) correlate your Windows installation to all website domains you visit while using Windows.
It's unclear what the mechanism is, but I'd wager their "telemetry" is constantly revealing your installation ID, your current IP, and domains that were recently resolved.
by egamirorrim
1 subcomments
- Truly terrifying. But also shocking that a 'hacker' is using windows