The ID is a distraction from the real problem. Windows has had per-installation IDs long before this, and other operating systems also have unique IDs. But there is no legitimate reason for Microsoft to know anything about anyone using ngrok at any time, and Microsoft definitely should not have the search capability to be able to run a query to find all users who were using ngrok at a certain time. This functionality provides no benefits to the users. It doesn’t matter whether they collect that information by machine ID or even by just the client IP address submitting the information to their data collection system. The data should not be collected.
Here’s how it works and how to limit it.
We know how to limit it.
“No, not like that! 😭😭😭”
Had it coming. You can tell he was a skiddie from the fact that he used Windows in the first place.
Not really news. Many corporate software licenses are tied to a composite ID so the software only runs on that single machine. Changing the network card or GPU or anything else, alters the Composite ID. So the ID is unique to the hardware, and moving it onto a VPN isn’t going to hide your unique ID.
We’ve spoofed it just by cloning MAC addresses man. That’s not the same.
Probably not the Composite ID, but something that was tied to MAC address only.
But what I meant was a tracking ID is not new, and this hacker duse should have known that. Even our phones handover meta data that can make you unique online. Is, version, patch level, language, apps installed, font, etc. Creates a findable fingerprint.




