Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

33% Positive

Analyzed from 454 words in the discussion.

Trending Topics

#microsoft#windows#gdid#hacker#telemetry#device#devices#edge#history#used

Discussion (12 Comments)Read Original on HackerNews

karmakaze5 minutes ago
Apparently only some aspects can be reduced and the mechanism is also in Windows 10.
mancerayderabout 3 hours ago
This was a fun article to read. Yes Windows is more surveillance software than Android or Apple are - the article makes that case well at the end when talking about how tracking is more explicit and can be turned off on those.

But I'm struck with how dumb, or just lacking in paranoia, this seemingly successful and rich hacker is. First of all he's using Windows. Excuse me? Second he used that device to log into personal stuff like Snapchat and Facebook. And he posted a picture of himself at a hotel that they tracked.

I'm no hacker, but if I were, I'd treat devices as disposable surgical gloves, and I wouldn't touch Windows.

dpark31 minutes ago
He’s not a hacker in the sense used by people here. He’s a glorified script kiddie. His group couldn’t even deploy ransomware with two admin accounts. They aren’t competent.
zb3about 2 hours ago
> I'm no hacker, but if I were, I'd treat devices as disposable surgical gloves,

We're too lazy for this..

ndiddyabout 2 hours ago
> Note that, Microsoft had already flagged Stokes to the FBI once before, in an October 2024 criminal referral describing “online services telemetry.”

I don’t like the idea of Microsoft taking it upon themselves to proactively report what their customers are doing to law enforcement. I guess this makes it unwise to use Windows to i.e. look for information on where to get an abortion if you live in a red state.

cheschireabout 2 hours ago
> unwise to use Windows

full stop

drdexebtjlabout 3 hours ago
What isn’t clear to me is how they’re able to say which GDID visited each site and when.

Did the hacker not disable telemetry? Was he using Microsoft Edge? Or is it just a GDID->IP mapping combined with network activity?

It is obvious that Microsoft has an identifier for my device. They enforce license activation.

The problem is that they’re tracking user activity and associating it with this ID, even for a user who, one would assume, rejected all telemetry.

Can they do this in devices owned by companies and governments that are configured with strict no telemetry and no cloud services policies?

AlOwainabout 2 hours ago
It's very naive to assume that they wouldn't collect and report the telemetry regardless. Filtering then bundling and compressing the data while staggering the calls back home. Any outbound traffic to Microsoft could be injected with that data, and redirected once it reaches.
bsianabout 3 hours ago
>Microsoft’s records showed that at that exact same minute, a Windows device carrying GDID g:6755467234350028 had visited the ngrok signup page. Three hours later, the same GDID visited the retailer’s own website, through the same Tzulo proxy address used to set up the ngrok account.

Can someone explain the mechanism through which Windows sends this information to Microsoft? Did the hacker use Edge, which communicated the web history + the GDID of the user to Microsoft, or is Windows snooping on browsers besides Edge and sending the web history to Microsoft, or is Windows bundling a summary of all connections open and sending it to Microsoft?

burnt-resistorabout 3 hours ago
It's "Connected Devices Platform" telemetry bullshit.

See https://github.com/SmtimesIWndr/gdid-reversal

drdexebtjl3 minutes ago
None of it says how the GDID was associated with browsing history. It says it’s associated with a Microsoft account.

Why did Microsoft have his browsing history? Was he syncing it from Edge?

ChrisArchitectabout 1 hour ago
Discussions:

Full Writeup of the Windows GDID

https://news.ycombinator.com/item?id=48811081

Microsoft Can Track Users via a Windows Device ID

https://news.ycombinator.com/item?id=48815196