logoalt Hacker News

stackghostyesterday at 11:38 PM2 repliesview on HN

For those like me who were not abreast of this issue: the FBI was able to arrest some kid who hacked/is alleged to have hacked a jewellery retailer through a VPN. They were able to track the hacker via the user's GDID, which is a stable identifier unaffected by VPN usage.

This surveillance is certainly going to expand in scope as age verification comes into widespread usage. Personally I see little legitimate use case for this telemetry. It seems only useful for the purposes of tracking users for law enforcement or targeted advertising purposes.


Replies

jimbob45today at 4:20 AM

How did they query his GDID/PUID to make the arrest though? Does the browser have access to it during some requests? Also, if it’s stored as plaintext, what’s stopping anyone from randomizing it on machine startup?

show 1 reply
Joker_vDtoday at 12:07 AM

Well, it's a darn good thing there is nothing like that over here on the Linux side. I'm pretty sure that if e.g. systemd attempted to generate a unique, persistent machine identifier during the installation process, it'd be shot down and patched off extremely quickly.

show 3 replies