• Windex007@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    12 hours ago

    From the article:

    Microsoft’s records showed that at that exact same minute, a Windows device carrying GDID g:6755467234350028 had visited the ngrok signup page.

    Why does Microsoft have a record that includes both the GDID and a web addresses? I am confused by this mechanism.

    • The_Decryptor@aussie.zone
      link
      fedilink
      English
      arrow-up
      1
      ·
      10 hours ago

      Could be using Edge (Account syncing), or using Bing while signed in (Considering they were signing into private accounts while on the VPN, seems possible)

      • Windex007@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        7 hours ago

        This seems the most likely… but still I want clarity on the mechanism. An identifying token defined in the registry is being sent over the wire. That mechanic is pretty substantial, and I’m surprised a bigger fuss hasn’t been made about that. This is pretty far beyond conventional header fingerprinting.

        • The_Decryptor@aussie.zone
          link
          fedilink
          English
          arrow-up
          1
          ·
          6 hours ago

          From other articles I’ve seen (Here’s an example) it was telemetry and cross referencing the IPs used.

          VPNs might help hide from passive identification, but they don’t help when you connect to the same service on your normal and private connections alternatively. The computer equivalent of using both your real name and an alias with the same person, they’ll know who you are.