• allywilson@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      4 hours ago

      It mentions this GDID is sent in telemetry. So this guy kept using a hosted proxy, meaning his egress IP was always changing accessing different services, but everytime his Windows 11 machine was sending back telemetry (which included his GDID) they were logging the IP address he was appearing from (the proxy) - so they were able to track and identify him.

      • Honytawk@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        1
        ·
        38 minutes ago

        If you use your Microsoft account to login, they have to be able to identify you somehow when you try to authenticate. It is basic usage. Not Telemetry. That is what caught him.

        • Windex007@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          ·
          10 hours ago

          From the article:

          Microsoft’s records showed that at that exact same minute, a Windows device carrying GDID g:6755467234350028 had visited the ngrok signup page.

          Why does Microsoft have a record that includes both the GDID and a web addresses? I am confused by this mechanism.