logoalt Hacker News

dlenskitoday at 3:50 PM2 repliesview on HN

Yeah, this is what's glaringly missing from the article.

Exactly how does Microsoft's device identifier get associated with the ngrok session (normally initiated via its closed-source CLI)?

I can't tell from the article whether Microsoft is doing something underhanded to inject its device identifiers into network traffic, or whether the ngrok client software (again, closed-source!) grabbed the device identifier… and might well do the same on any other OS, using /etc/machine-id on Linux for example.

Since ngrok uses a "freemium" model, it wouldn't surprise me at all if its clients send machine IDs to try to catch users trying to get around its free limits.


Replies

srichard16today at 5:15 PM

I work at ngrok, and this is not how our freemium plan works. Free plans limit based on usage alone, not on machine IDs.

show 2 replies
nickphxtoday at 4:46 PM

from the microsoft store. the ngrok app was downloaded via microsoft store...

show 1 reply