Well they can’t use that to track users of Linux.
I was a big fan of Microsoft ten to fifteen years ago. I’ve since transitioned my whole family off Microsoft products now over to Linux, Apple, and proton. Edit: and Brave.
I really thought their corporate culture would’ve changed after the late 90’s but I guess this is a good lesson for founders. The culture you build into your company will likely outlast your tenure.
To me this indicates that Microsoft has some sort of traffic analysis performed on endpoints, then linked to GDID. I'd guess this is part of Defender's real time protection or MAPS.
Fun fact, Microsoft Defender MAPS was previously named SpyNet.
https://en.wikipedia.org/wiki/Microsoft_Active_Protection_Se...
The GDID identifier seems software in nature though. They could be more aggressive and tie it to the baseboard's serial number the way some games do. Then the hardware is tracked throughout its entire lifecycle, not just per instance of Windows install.
I guess we’ll see a Windows tool that sets your identifier to this suspect’s “g:6755467234350028” very soon (weird ID, by the way. 16-digits makes sense, but I would have expected it to be hexadecimal)
Also, can anybody tell how “Microsoft had records showing that on May 12, 2025, at 19:21 UTC, the GDID associated with Stokes’ computer “accessed, among other ngrok pages, 'https://dashboard[.]ngrok.com/signup,'” works?
If it’s the browser sending that info to Microsoft, wouldn’t somebody have noticed that their PC contacts Microsoft for every web page they open? Or do they batch that data and send it at some later time?
Also, would that mean this ‘only’ affects those using Microsoft’s browser (or does Chrome do the same, sending data to Google?)
Alternatively, is this happening lower in the stack? I can think of a place where a system component has access to the domain name, but not of one where it has the full URL.
This goes a long way to prove that Microsoft does NOT care about your privacy, even if the header of their cookie consent claims so. They absolutely do not care, and this should be said about every big-tech vendor, not matter how lame it seems to say so. It is long overdue that we all say what needs to be said: they do not care about your privacy, your independence, or your well being. They DO NOT CARE.
And remember, most of this telemetry is just marketing/ad tech, so anyone that works in the martech/adtech space, you're also part of this.
So this kid uses his home computer at his home, and they trace him down with the IP address, and the IP address also makes a request for Windows Updates. And that narrows down the Device ID. The device id is now traced to this kid.
This is the kind of stuff privacy advocates have been raising the alarms about. This is the kind of capability that de facto erased all privacy assertions. And further led companies like Google to take advantage of this and erase assumptions of privacy all together.
Vague article. No evidence that Microsoft can see what web pages you are visiting in Chrome or Firefox (for example).
The most surprising part of this is a "hacker" using Windows ...
Could this identification be through some alternate Windows service like Windows Update, Windows Time ntp server or Windows Defender?
Android has one too. If you don't link your google account to an app, they can use your device id as your profile.
My surprise level is at approximately... zero. Next we will see some news, that MS was compelled to share that info with some three letters. - Oh wait, that is exactly what has already happened, according to the article.
MS is just like that person, who drives a dagger into your back.
[dupe] Full Writeup of the Windows GDID
Truly terrifying. But also shocking that a 'hacker' is using windows
Probably a capability demanded through a TCN or TAN as part of a mechanism like Australias Access and Assistance bill.
I assume this likely true for nearly all device manufactures. I assume all devices have some kind of unique ID that they use for tracking, whether they said so or not.
[dead]
[flagged]
[dead]
TLDR: Microsoft can (at least) correlate your Windows installation to all website domains you visit while using Windows.
It's unclear what the mechanism is, but I'd wager their "telemetry" is constantly revealing your installation ID, your current IP, and domains that were recently resolved.
The interesting part is not really the existence of a machine identifier. Almost every modern OS has some equivalent. The bigger question is the boundary: which components can access it, and when does a local identifier become a remote tracking identifier? A machine-id sitting on disk is very different from an OS vendor correlating it with network activity.