Now for the version in plain English: Sign into Windows with a Microsoft Account, and a server assigns your installation a permanent ID number. Windows stores it locally, several background services read it, and it gets stamped onto activity your PC reports back to Microsoft.
Wait. I understand that this ID is used for Windows <> Microsoft communications. How did it escalate them to knowing that this ID was used to visit ngrok and the retailer’s website? Does Windows report website visits? Does it append this ID to HTTP requests? Or what’s the connection here?
My guess is oauth. He basically used fake Microsoft account to access services during the hack and them used his actual microsoft account to access something else. He used VPN for the hack but he connected from his actual IP to the second service. The only thing linking those was the GID. So they figured out his actual IP address and checked other logins from this IP around the same time and found out his other accounts.
The connection is that Windows records everything you do. So the FBI asks for every Windows user who accessed a specific site around a date/time and Microsoft can provide that.
You accessed a site over VPN? Your ISP has no idea it was you, , and the VPN didn’t keep records, but Windows recorded that and sent it back to the mothership with your unique identifier.
Windows does not record everything you do, and especially does not link everything to an ID. Only the MS authentication and MS store stuff uses this GDID.
The GDID isn’t even linked to your name if you don’t use a Microsoft Account. The FBI had to jump through hoops to get the information they wanted and only managed to do so after 4 separate instances where they tracked every social media the guy owned and compared it with logins that happened.
The FBI can use any form of ID to track, and if Linux had a store it could use that ID as well.
Fun fact, windows 11 backs up your bitlocker private key with Microsoft if you sign in with a Microsoft Account.
There’s a database somewhere with every bitlocker key to almost every Windows 11 device on earth.
I’m sure they let the NSA and the FBI right in. The CIA probably has sleeper agents working devops at Microsoft so they don’t even need to access it procedurally. $10 says Israel can access it too, because why the fuck not.
Wait. I understand that this ID is used for Windows <> Microsoft communications. How did it escalate them to knowing that this ID was used to visit ngrok and the retailer’s website? Does Windows report website visits? Does it append this ID to HTTP requests? Or what’s the connection here?
My guess is oauth. He basically used fake Microsoft account to access services during the hack and them used his actual microsoft account to access something else. He used VPN for the hack but he connected from his actual IP to the second service. The only thing linking those was the GID. So they figured out his actual IP address and checked other logins from this IP around the same time and found out his other accounts.
The connection is that Windows records everything you do. So the FBI asks for every Windows user who accessed a specific site around a date/time and Microsoft can provide that.
You accessed a site over VPN? Your ISP has no idea it was you, , and the VPN didn’t keep records, but Windows recorded that and sent it back to the mothership with your unique identifier.
Where did you read that?
Windows does not record everything you do, and especially does not link everything to an ID. Only the MS authentication and MS store stuff uses this GDID.
The GDID isn’t even linked to your name if you don’t use a Microsoft Account. The FBI had to jump through hoops to get the information they wanted and only managed to do so after 4 separate instances where they tracked every social media the guy owned and compared it with logins that happened.
The FBI can use any form of ID to track, and if Linux had a store it could use that ID as well.
glad i ditched window for home use around 1995
my guess is edge history synced to ms account
Exactly it, and their claim that it is stored with bitlocker level encryption is obviously meaningless if they have the keys.
Fun fact, windows 11 backs up your bitlocker private key with Microsoft if you sign in with a Microsoft Account.
There’s a database somewhere with every bitlocker key to almost every Windows 11 device on earth.
I’m sure they let the NSA and the FBI right in. The CIA probably has sleeper agents working devops at Microsoft so they don’t even need to access it procedurally. $10 says Israel can access it too, because why the fuck not.
Is that even necessary? Didn’t YellowKey make bitlocker on Windows 11 a joke?