this post was submitted on 11 Jul 2026
286 points (99.7% liked)
Privacy
4803 readers
452 users here now
Icon base by Lorc under CC BY 3.0 with modifications to add a gradient
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Wait. I understand that this ID is used for Windows <> Microsoft communications. How did it escalate them to knowing that this ID was used to visit ngrok and the retailer's website? Does Windows report website visits? Does it append this ID to HTTP requests? Or what's the connection here?
The connection is that Windows records everything you do. So the FBI asks for every Windows user who accessed a specific site around a date/time and Microsoft can provide that.
You accessed a site over VPN? Your ISP has no idea it was you, , and the VPN didn't keep records, but Windows recorded that and sent it back to the mothership with your unique identifier.
Where did you read that?
Windows does not record everything you do, and especially does not link everything to an ID. Only the MS authentication and MS store stuff uses this GDID.
The GDID isn't even linked to your name if you don't use a Microsoft Account. The FBI had to jump through hoops to get the information they wanted and only managed to do so after 4 separate instances where they tracked every social media the guy owned and compared it with logins that happened.
The FBI can use any form of ID to track, and if Linux had a store it could use that ID as well.
From the article:
Seems pretty clear to me. Microsoft tracked acces to an independent sign up page using the GDID.
glad i ditched window for home use around 1995
My guess is oauth. He basically used fake Microsoft account to access services during the hack and them used his actual microsoft account to access something else. He used VPN for the hack but he connected from his actual IP to the second service. The only thing linking those was the GID. So they figured out his actual IP address and checked other logins from this IP around the same time and found out his other accounts.
my guess is it's either of two things: edge history synced to ms account
Exactly it, and their claim that it is stored with bitlocker level encryption is obviously meaningless if they have the keys.
Fun fact, windows 11 backs up your bitlocker private key with Microsoft if you sign in with a Microsoft Account.
There’s a database somewhere with every bitlocker key to almost every Windows 11 device on earth.
I’m sure they let the NSA and the FBI right in. The CIA probably has sleeper agents working devops at Microsoft so they don’t even need to access it procedurally. $10 says Israel can access it too, because why the fuck not.