Microsoft Can Track Users via a Windows Device ID

81 pointsposted 2 hours ago
by ifh-hn

23 Comments

pluc

a minute ago

US Tech is fast becoming like Russia's and China's.

cheschire

an hour ago

Well they can’t use that to track users of Linux.

I was a big fan of Microsoft ten to fifteen years ago. I’ve since transitioned my whole family off Microsoft products now over to Linux, Apple, and proton. Edit: and Brave.

I really thought their corporate culture would’ve changed after the late 90’s but I guess this is a good lesson for founders. The culture you build into your company will likely outlast your tenure.

tremon

37 minutes ago

Both systemd and dbus have a similar device id for Linux, which e.g. Chrome reads at startup:

https://manpages.debian.org/trixie/systemd/machine-id.5.en.h...

https://manpages.debian.org/trixie/dbus-bin/dbus-uuidgen.1.e...

heikkilevanto

28 minutes ago

I don't like the idea of a persistent id for my machine. Would there be any harm in rewriting the machine-id at every boot? Or just deleting it as part of the shutdown sequence?

CoastalCoder

24 minutes ago

Thanks, I wasn't aware of that.

I have the urge to grab a pitchfork, but I know better than to make assumptions about why that functionality was added. Time to do some homework I guess.

merb

38 minutes ago

Well Enterprises can also enroll Linux machines in intune

midtake

an hour ago

To me this indicates that Microsoft has some sort of traffic analysis performed on endpoints, then linked to GDID. I'd guess this is part of Defender's real time protection or MAPS.

Fun fact, Microsoft Defender MAPS was previously named SpyNet.

https://en.wikipedia.org/wiki/Microsoft_Active_Protection_Se...

The GDID identifier seems software in nature though. They could be more aggressive and tie it to the baseboard's serial number the way some games do. Then the hardware is tracked throughout its entire lifecycle, not just per instance of Windows install.

xnx

24 minutes ago

Vague article. No evidence that Microsoft can see what web pages you are visiting in Chrome or Firefox (for example).

zelphirkalt

an hour ago

My surprise level is at approximately... zero. Next we will see some news, that MS was compelled to share that info with some three letters. - Oh wait, that is exactly what has already happened, according to the article.

MS is just like that person, who drives a dagger into your back.

egamirorrim

an hour ago

Truly terrifying. But also shocking that a 'hacker' is using windows

efilife

24 minutes ago

Some hackers want to spend their time doing cool stuff rather than constantly fixing their system

protocolture

an hour ago

Probably a capability demanded through a TCN or TAN as part of a mechanism like Australias Access and Assistance bill.

Terr_

2 hours ago

TLDR: Microsoft can (at least) correlate your Windows installation to all website domains you visit while using Windows.

It's unclear what the mechanism is, but I'd wager their "telemetry" is constantly revealing your installation ID, your current IP, and domains that were recently resolved.

pogue

an hour ago

The article links to this page, which was shared on HN yesterday. [1]

I feel like using wireshark to look at what's being sent back and forth from Windows telemetry, when using Edge, Chrome & etc should reveal what's being sent and recieved. Using MITM SSL spoofing should be able to intercept the packets.

[1] https://github.com/SmtimesIWndr/gdid-reversal

Terr_

an hour ago

I would be shocked if Microsoft was not using their own layer of certificate-pinning to stop people from doing that, and/or using another layer of encryption separate from the networking layer.

pogue

an hour ago

Only way to see what's going on is testing to see what's going on. Hopefully, someone who knows more about it than me can take a look at the packets and see what they contain.

cromka

an hour ago

But you'd still see some encrypted traffic and it wouldn't fly under a radar

8cvor6j844qw_d6

31 minutes ago

I was under the impression Windows is unreliable for these kind of activities as they are "leakish".

I imagine it's not too difficult to narrow down the potential suspects with how much data points you'd get from ISP, Windows telemetry, and whatever.

red_admiral

38 minutes ago

"all" would be troubling indeed. I hope that someone can discover the mechanism, and whether it's depending on any settings like "Share browsing data with other Windows features" or any other settings.

echelon_musk

an hour ago

Worse than just domains as TFA shows full URLs are recorded.

Reminds me of Google Safebrowsing.