It mentions this GDID is sent in telemetry. So this guy kept using a hosted proxy, meaning his egress IP was always changing accessing different services, but everytime his Windows 11 machine was sending back telemetry (which included his GDID) they were logging the IP address he was appearing from (the proxy) - so they were able to track and identify him.
If you use your Microsoft account to login, they have to be able to identify you somehow when you try to authenticate. It is basic usage. Not Telemetry. That is what caught him.
Identifier. Not tracker. They’re not phoning home, thank god.
It mentions this GDID is sent in telemetry. So this guy kept using a hosted proxy, meaning his egress IP was always changing accessing different services, but everytime his Windows 11 machine was sending back telemetry (which included his GDID) they were logging the IP address he was appearing from (the proxy) - so they were able to track and identify him.
If you use your Microsoft account to login, they have to be able to identify you somehow when you try to authenticate. It is basic usage. Not Telemetry. That is what caught him.
Ugh… How do you think they correlated the GDID to his social media?
His social was logged into with that identifier
From the article:
Why does Microsoft have a record that includes both the GDID and a web addresses? I am confused by this mechanism.
Because everything you do is tracked
and how do you think the social account was linked with said identifier?