A Hacker's Arrest Reveals Microsoft Can Track Users Via a Windows Device ID (www.pcmag.com)
from Moovau@lemmy.ml to privacy@lemmy.ml on 07 Jul 12:07
https://lemmy.ml/post/49728981

#privacy

threaded - newest

Rat_in_a_hat@lemmy.ca on 07 Jul 13:37 next collapse

Poor kid. Seems he was just starting out and didn’t get into the weeds of OpSec.

He used a personal laptop with his personal information stored on it tied to an identifier. Not great OpSec. A hardware ID spoofer or a partitioned disk with different OS would’ve made wonders.

Anonymous_Leaker@lemmy.world on 08 Jul 08:11 collapse

It goes to show you, Linux is the better OS to have.

Eternal192@anarchist.nexus on 07 Jul 13:38 next collapse

Microslop’s Software is spyware? Impossible, they are such a trustworthy company!

ramble81@lemmy.zip on 07 Jul 14:31 next collapse

Maybe I’m missing something here but how is that not a logical conclusion for any service where you have a unique identifier? If it can get your IP it can get a general idea (CGNAT/VPN can screw with it a bit), if it’s allowed network access it can get nearby APs, which are pretty well mapped at this point, and if you allow it GPS, well that’s a no brainer.

ieris19@lemmy.zip on 07 Jul 15:12 collapse

The whole point of a lot of these unique identifiers is that they’re anonymous so they can legally collect more data on you.

The goal is that you can’t reverse the ID to find the person, because then it ceases to be personally identifiable information.

Anonymous_Leaker@lemmy.world on 08 Jul 08:14 collapse

Making you sign into a Microsoft account should make people so angry.

naeap@sopuli.xyz on 08 Jul 10:50 collapse

…or a Google, Facebook, or… account

But yes

Anonymous_Leaker@lemmy.world on 08 Jul 10:51 collapse

Meaning, having to sign in an account just to use Windows on set up! Obviously you need to sign in to use Facebook’s dog shit. I am talking about the operating system itself.

“Officially, Windows 11 Home and Pro editions both require an active internet connection and a Microsoft account to complete the initial setup.”

There are workarounds with local accounts but, you shouldn’t even have to do that shit with a proper operating system.

For example, Windows 7 didn’t do the, sign in to get started bullshit when you first use it.

naeap@sopuli.xyz on 08 Jul 11:13 collapse

I was more thinking about 3rd parties using Microsoft, Google, Facebook logins for their shit, so can get tracked even better

But, yes, you’re right

Anonymous_Leaker@lemmy.world on 08 Jul 11:16 collapse

It’s sad to say, all this tracking might get way worse.

naeap@sopuli.xyz on 08 Jul 11:49 collapse

Yeah… I’m currently really shocked and afraid of the ongoing push of chat control on Europe as well
That will be a major impact on privacy and without reason
And they just try again and again - they don’t even have a pause, they just start again and hope, that it will go through one time

Not sure how to escape it, and if, you are already labelled a terrorist
Like Spanish police looks if you have a pixel with GrapheneOS, because then they think you’re a drug dealer

Or years ago the apartment of a guy in Vienna got raided and all his work IT devices confiscated, just because he ran a remote VPS as Tor exit node

Not sure what we can do

I grew up in the internet and it was a great place.
Now people without any knowledge want to take this all away…

unskilled5117@feddit.org on 07 Jul 16:36 next collapse

How does Microsoft know which GDID is accessing which websites?

The document adds that Microsoft records also showed the GDID accessing “multiple sites” from servers at Tzulo, a web hosting provider, to help pull off the hack.

The GDID is one thing, but how is the connection to activities made? Is the GDID sent while making requests to a server (in this case Tzulo), which records it? But then it wouldn’t be microsoft records showing that. But if it isn‘t, how do you know which GDID visits a website? If Microsoft is collecting which website is visited on device and sending it off to their servers then the GDID is the smallest thing to worry about.

belated_frog_pants@beehaw.org on 07 Jul 16:37 next collapse

Ditch windows whenever you can. MS is pure evil and hates its customers.

Anonymous_Leaker@lemmy.world on 08 Jul 08:10 next collapse

I feel like there are more elaborate evil ways too.

musikfreak@friendica.de on 08 Jul 09:15 next collapse

@Moovau That isn't news, they have been able to since the release of Windows 10.

medem@lemmy.wtf on 08 Jul 10:11 collapse

Kinda his fault for using Window$ tbh