• someone@lemmy.today
    link
    fedilink
    English
    arrow-up
    31
    ·
    10 hours ago

    I can’t believe Microslop would do something like this to its loyal customers!

  • cley_faye@lemmy.world
    link
    fedilink
    English
    arrow-up
    31
    ·
    14 hours ago

    I was gonna comment something about Linux distro also having a machine ID, but then I remembered that it’s not in a big database, and it’s so well enforced I routinely have multiple machines with the same ID pop up :D

    • PieMePlenty@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      6 hours ago

      Linux users will probably tell you their id if you ask them nicely and seem interested in their distro of choice.

    • Eximius@lemmy.world
      link
      fedilink
      English
      arrow-up
      37
      arrow-down
      2
      ·
      14 hours ago

      A genz hacker. In a world where “hacking” is writing prompts and calling IT help desks.

      • Captain Aggravated@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        19
        arrow-down
        6
        ·
        edit-2
        10 hours ago

        Okay look, I’m old, I’m inadequate, and I’m drunk. But I’m also a millennial, and I was a flight instructor at the age of 23. I pray to whatever god actually exists instead of Jesus for the unceremonious deletion of every soul that doesn’t give young folks a chance to learn, grow and actualize themselves. Because I am so inordinately sick of being written off due to the year in which my parents fucked that I’ve got room on the docket to be pissed off when you do it to cohorts other than mine.

        It is our responsibility to teach the kids, to let them learn, to let them fuck up in order to learn some more, so that they can become the actual adults someday. And it hurts my mind, soul and dick that I’m apparently the only human on earth not excessively lead-addled to realize that. And bitch I’ve washed my hands in 100LL. It’s blue and feels cold at any temperature.

        If there’s one thing I’m going to teach you commie retards before I’m banned outright from this platform, it’s that you treat your students with at least the benefit of the doubt if you can’t manage genuine respect. Believe it or not, they’re real people living real lives that are different than your own. Things that are obvious to you aren’t to them because their lives led them to be curious about a different set of things than you did. And if you find yourself in the role of “teacher”, almost always your path led you to expertise sooner than your students. Sooner. Not Younger. I can tell you that, having served as a flight instructor at 23 mostly teaching men in their 50’s.

        You think you’re the senior in a field? You think it’s your job to reign superior over your juniors? Think again. Because it’s your job to sit in the right seat as a kid twice your age sits in the Captain’s seat and fails to use the rudder correctly, because falling off a bike is how you learn how to ride. You have to let them slam the plane into the runway, because how the hell else are they going to learn?

        Anyone with more experience expressing contempt for those with less experience for having shown up later: FUCK YOUR FUNERAL. Die unmourned.

        • dragonlobster@programming.dev
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 hours ago

          it’s not the experience or knowledge part that bothers me, as you said people focused on different things and everyone starts from 0. it’s the attitude of giving up when their ai slop doesn’t work or coming up with bandaid solutions to get the task done quickly rather than trying to actually learn or see the bigger picture. it’s an era of short attention span and fast dopamine due to tech, ofc everyone is affected but gen z and a more so because their parents put ipads in their faces since 0 years old.

        • CancerMancer@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          4
          ·
          edit-2
          5 hours ago

          The amount of times boomers on worksites called me retarded for not knowing how to do something I’d never done before astounded me.

          Meanwhile these fuckers would get real butthurt and start yelling and making a fuss when they’d struggle to find a file they just saved on their PC and you do anything besides silently assist them.

          I vowed to be different, to teach my people what it means to be competent and respectful. I tell them I expect to see the same level of professionalism and respect I show them going to everyone around them. It’s working! They aren’t coming to work high or hungover, they aren’t being pieces of shit, and they’re communicating with each other instead of yelling insults at each other (well except for when its funny lol).

          This has made me unpopular with the boomer leaders but fuck em: we get shit done, we get it done right, nobody gets hurt, and everybody feels respected and doesn’t dread coming to work.

          • warbond@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            3 hours ago

            It’s a response to the tired refrain that the latest generation are stupid and lazy

      • lordziv@lemmy.nz
        link
        fedilink
        English
        arrow-up
        13
        arrow-down
        2
        ·
        edit-2
        13 hours ago

        Tbf, some of the best hackers were social engineering their way into the backend just by calling up certain support numbers in the 80s

        • skozzii@lemmy.ca
          link
          fedilink
          English
          arrow-up
          8
          arrow-down
          1
          ·
          13 hours ago

          I refuse to call social engineers hackers, conmen is more fitting.

          • Squirrelanna@lemmy.blahaj.zone
            link
            fedilink
            English
            arrow-up
            2
            ·
            5 hours ago

            Defcon would disagree. I’ve watched so many presenters talk about all forms of penetration testing, many of which used social engineering and lockpicking as a way to create exploitable vulnerabilities in networks. Whether or not you care to call them hackers… It doesn’t really matter, won’t stop them from hacking.

          • thallamabond@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            1
            ·
            8 hours ago

            Hacking is making something work in an unconventional or unexpected way. Social engineers hack people in that way.

          • HieroProtagonist@lemmy.ml
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            5 hours ago

            Real hackers social-engineered their way into high security systems decades before the first blue haired femboy nerd proudly announced “Btw i am usin Arch!”

    • Honytawk@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      3 hours ago

      I wouldn’t call overhauling your entire operating system, including finding alternatives to software you use daily, making sure your hardware is compatible and relearning your entire work method as an “easy trick”.

    • bloogoose@lemmy.zip
      link
      fedilink
      English
      arrow-up
      74
      arrow-down
      2
      ·
      19 hours ago

      No you don’t understand… I’ve spent the last 30 years investing in increasingly awful software companies to create “industry standards” and leaving these companies behind would require me to change and learn!!!

      • M137@lemmy.today
        link
        fedilink
        English
        arrow-up
        8
        ·
        12 hours ago

        So many issues with the world boils down to that last part, people refusing to change and learn. I never understood it, I’ve always loved change and learning. I’ve seen so many people go from having that same openness to only caring about keeping everything the same and never learning, it’s really disturbing. Some are like that from a very early age, others fall into it at any other part of their lives and it’s never a good thing IMO.

      • Wioum@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        12 hours ago

        At some point you just have to leave the software behind. That time is now!

      • dindonmasker@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        16
        ·
        18 hours ago

        I talked with the women i’m working with where we print our price lists about changing from adobe to something else and she told me it would be a bad idea since it would make both of our work much more buggy and time consuming with more chances of the end result being worse. So i’ll keep using indesing and the adobe suite for now but i did switch from sketchup to blender for 3D modeling and it’s a bit challenging and more messy then i’m used to but i get better rendering results from what i tried so far.

    • mic_check_one_two@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      17
      arrow-down
      1
      ·
      17 hours ago

      If your system uses systemd, it has an etc/machine-id, which is used for a lot of different things. And changing it will break a lot of stuff, probably until you reboot. I guess you could write something to randomly shuffle it every time you reboot? But it is the go-to way for lots of programs (including browsers) to identify themselves. Which means (unless you have done the work to scramble your machine ID) you can be tracked on Linux as well.

      • treadful@lemmy.zip
        link
        fedilink
        English
        arrow-up
        43
        ·
        16 hours ago

        The difference is that Linux isn’t sending telemetry to some central entity associating that ID to an IP.

        Microsoft’s records showed that at that exact same minute, a Windows device carrying GDID g:6755467234350028 had visited the ngrok signup page. Three hours later, the same GDID visited the retailer’s own website, through the same Tzulo proxy address used to set up the ngrok account.

        This article is super vague about this as well. How does Microsoft not only have the GDID->IP link, but they have Web history as well? Are they just exposing all this through advertising telemetry?

        Fucking gross. And if you know of anything on Linux exposing/transmitting the machine-id, please do let everyone know because nothing should. Anything that does should be considered malware.

        • Septimaeus@infosec.pub
          link
          fedilink
          English
          arrow-up
          15
          ·
          edit-2
          15 hours ago

          Upvoting both comments for awareness, since Linux is the first of a multi-step process, not a privacy panacea.

          But we must be clear that in both theory and practice there’s little comparison between systemd and modern Windows machine-user association.

          Someone using Windows regularly has a gaping wound, is actively bleeding out. Switching to Linux is just a tourniquet, but every other treatment is at best no-effect until that tourniquet is applied.

          E: transpose systemd/Windows for clarity

          • DevDave@piefed.social
            link
            fedilink
            English
            arrow-up
            5
            ·
            15 hours ago

            Also as a life long programmer, I have this feeling it is possible to just go in and make some changes so I can have the system just make shit up about the TPM while indeed also doing the equivalent of having system-d decide to respond with random bullshit.

            Don’t even need to be a programmer, just find a community of them that you trust that distribute their own “fixes”.

            Definitely not doing that with anything else because its both hidden in compilation and buried like herpes across multiple components. Probably/hopefully not directly related but I really want to know what they changed to break the clipboard service.

            • Septimaeus@infosec.pub
              link
              fedilink
              English
              arrow-up
              3
              ·
              15 hours ago

              And you’d be technically correct, the best kind of correct.

              To the inquisitor:

              any distro that’s fully OSS can be fully compiled from scratch with any modifications you choose).

              Though yes, if you’re still using Windows, the learning curve may look like a wall.

              I really want to know what they changed to break the clipboard service

              Guessing the X11 [X]Wayland migration KDE Plasma bug report? Should be fixed in 6.5.2.

              • DevDave@piefed.social
                link
                fedilink
                English
                arrow-up
                3
                ·
                8 hours ago

                Adjacent comment. I’ve found working in a true posix environment is drastically better than the oddities I dealt with Win32. One annoyance is Microsoft has never been able to implement fork().

                Though i never messed with x11 as I was never motivated to see what it was like under the figurative hood.

                • Septimaeus@infosec.pub
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  7 hours ago

                  It really is a hell of a lot more sane, instantly missed once you don’t have it. And yeah Fork’s a blessing when used with care lol

              • DevDave@piefed.social
                link
                fedilink
                English
                arrow-up
                3
                ·
                8 hours ago

                Sorry, switched contexts there. Microsoft broke their clipboard service recently which makes me think they added “telemetry” collecting logic somewhere in there.

                • Septimaeus@infosec.pub
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  8 hours ago

                  Oh right, I misread. And yeah not sure (my win32 repro targets have all been locked for a while) but with all the facepalm regressions I’ve read about lately it really could be anything.

            • Septimaeus@infosec.pub
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              15 hours ago

              I’m specifically highlighting that there is none though I acknowledge machine ID makes it easier.

              ETA: edited original comment to be more clear

        • mic_check_one_two@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          3
          ·
          15 hours ago

          Yeah, motherboard-level tracking is scary because even the OS won’t be able to detect it. The truly paranoid people (and security researchers) go as far as desoldering chips to ensure nothing phones home.

      • ozymandias117@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        13 hours ago

        Where in the source does Firefox expose machine-id to websites?

        With a quick grep I’m only seeing it around audio?

  • EpicMuch@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    22
    arrow-down
    1
    ·
    15 hours ago

    My laptop came with Win11, I’ve removed that drive a few months ago and replaced it with Mint.

    Does this mean MS has my motherboard, WiFi, other hardware identifiers that would still tie that laptop to their database?

    • TeddE@lemmy.world
      link
      fedilink
      English
      arrow-up
      35
      ·
      13 hours ago

      Yup!

      Motherboard, CPU, GPU models and serial numbers. Ram size and speed. Those were used during Windows activation as old as windows 95. But likely yes, a full list of every component connected.

      Your Android phone collects every WiFi network it has ever seen and sends it to Google, so we should assume Microsoft does the same (Android can locate you without GPS by using your neighbors’ WiFi signals as position identifiers, and can triangulate you to a few feet using the relative networks’ signal strengths)

      • emergencyfood@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        3
        ·
        9 hours ago

        Android phone collects every WiFi network it has ever seen and sends it to Google

        Possibly, but how often do you use WiFi on a phone?

        • TeddE@lemmy.world
          link
          fedilink
          English
          arrow-up
          9
          ·
          8 hours ago

          Please note: I didn’t say you had to connect to these networks. This happens as a background process unless you do a ritual to shut off location services and actively work to keep it off. Most people do not know/care to do this. And even if it’s off in settings, some apps have the permission to temporarily override this (and will ask you once to grant it such permission and then have that permission for the lifetime of the app). And regardless of which app overrides said setting, Google gets a copy of whatever the background scan finds (for all Android phones that have the Play store installed, which is most of them).

        • AppleMango@lemmy.world
          link
          fedilink
          English
          arrow-up
          9
          ·
          8 hours ago

          Possibly, but how often do you use WiFi on a phone?

          Basically whenever I’m at home or a relative’s house?

    • cley_faye@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      14 hours ago

      If it was registered, probably. They use a mixture of that to allow re-enabling the same license on the same hardware.

      • The_Decryptor@aussie.zone
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 hours ago

        OEM systems come with the license key stored in the firmware (ACPI tables specifically), you can read them from *nix easily enough.

        sudo strings /sys/firmware/acpi/tables/MSDM

        If you boot the system and login an account then yeah they’ll be able to link that, but the install itself can “self activate”.

  • db2@lemmy.world
    link
    fedilink
    English
    arrow-up
    80
    ·
    19 hours ago

    So they’re saying that all these “secret” societies online, like the Peter Thiel psychopathy, are relatively easily identified and rounded up and prosecuted to the fullest extent of the law, and they’re just choosing not to do it? I’m shocked.

  • the_riviera_kid@lemmy.world
    link
    fedilink
    English
    arrow-up
    40
    arrow-down
    2
    ·
    edit-2
    18 hours ago

    The level of naivete to think it’s a good idea using a microsoft account on a microsoft product for your illegal activity is astounding. Especially when you consider the amount of technical knowledge required to do such a thing.

    I legitimately cannot make that connection, Microsoft has never been shy about tracking you or their tight relationship with 3 letter agencies. It doesn’t take a genius to know they are going to snitch, I figured that was a foregone conclusion.

    Kids need to learn about OPSEC.

    • Xerxos@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      7 hours ago

      Then why haven’t we heard about all the criminals (pedophiles, terrorists,…) being caught by Microsoft surveillance? Because they don’t care about the crimes you do. Their tracking is for money making only.

      If I were a criminal I would not bank on it - they might use it for blackmail, too - but for the most part they are not in danger.

    • allywilson@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      6 hours ago

      It mentions this GDID is sent in telemetry. So this guy kept using a hosted proxy, meaning his egress IP was always changing accessing different services, but everytime his Windows 11 machine was sending back telemetry (which included his GDID) they were logging the IP address he was appearing from (the proxy) - so they were able to track and identify him.

      • Honytawk@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 hours ago

        If you use your Microsoft account to login, they have to be able to identify you somehow when you try to authenticate. It is basic usage. Not Telemetry. That is what caught him.

        • Windex007@lemmy.world
          link
          fedilink
          English
          arrow-up
          7
          ·
          12 hours ago

          From the article:

          Microsoft’s records showed that at that exact same minute, a Windows device carrying GDID g:6755467234350028 had visited the ngrok signup page.

          Why does Microsoft have a record that includes both the GDID and a web addresses? I am confused by this mechanism.

          • The_Decryptor@aussie.zone
            link
            fedilink
            English
            arrow-up
            1
            ·
            10 hours ago

            Could be using Edge (Account syncing), or using Bing while signed in (Considering they were signing into private accounts while on the VPN, seems possible)

            • Windex007@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              7 hours ago

              This seems the most likely… but still I want clarity on the mechanism. An identifying token defined in the registry is being sent over the wire. That mechanic is pretty substantial, and I’m surprised a bigger fuss hasn’t been made about that. This is pretty far beyond conventional header fingerprinting.

              • The_Decryptor@aussie.zone
                link
                fedilink
                English
                arrow-up
                1
                ·
                6 hours ago

                From other articles I’ve seen (Here’s an example) it was telemetry and cross referencing the IPs used.

                VPNs might help hide from passive identification, but they don’t help when you connect to the same service on your normal and private connections alternatively. The computer equivalent of using both your real name and an alias with the same person, they’ll know who you are.

  • Semotto@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    15 hours ago

    He’ so stupid for sending ransomware and logging into snapchat/facebook from the same laptop without even using VMs

  • TemplaerDude@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    1
    ·
    17 hours ago

    It is truly god damn unfortunate that Microsoft has spent decades fostering a level of technical ineptitude among the average person that they cannot even consider getting off their fucking shit ass platform that “just works”. Because that is the real problem. So many people on here will say “just use Linux!” But the vast majority of people cannot fathom where to even start with that and won’t even consider it because Windows “just works” and it has done so for so long that people just can’t be bothered.

    • Honytawk@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 hours ago

      The average user was incompetent WAY before Microsoft ever entered the scene.

      Knowing anything about computers is a lot more niche than you think.

    • kolmaskommentoija@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 hours ago

      Windows “just works”

      Honestly, I cannot understand, who can tolerate Windows 11. It does not even work! Constant bugs, eats memory like a hog, have to uninstall programs when updates itself (so constantly), because automatic re-installs. Every time you reboot, you have to kill several unnecessary background processes it automatically starts, or everything works even more like in tar. On my Surface Pro (Microslop made! Their own product!) the task bar never worked properly, every time there was an update to fix something, something else stopped working. Even the damn desktop broke few times, with random updates. It is a vibe coded piece of garbage.

      I have everything I cannot switch to Linux, on Windows 10 - at least that still works. Windows 11 cannot even fill that bare minimum.

    • AppleMango@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      8 hours ago

      The only part of “just works” that’s still “just” working is that windows comes installed by default on the vast majority of laptops. I dread having to use windows each time I have to, not because linux is that much better, but because windows is really just that much worse.

    • grinning_serpent@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      16 hours ago

      It’s easier than ever to use Linux these days and Lemmy certainly doesn’t lack for penguin faithful that’ll proselytize and condemn you to computer-hell if you don’t adopt their religion.

      But the “”“problem”“” is that Windows works okay for the vast majority of users. Most of the annoying parts of W11 can be changed or disabled within the OS itself, without needing special tools or knowledge. And I think that the vast majority of users don’t even care enough to do that. We use stock W11 at work and while the “new” style right menus and shit are annoying, they still function fine.

      Windows likely won’t lose serious market share until prebuilt PCs come with Linux instead of Windows installed. Especially the non-gaming prebuilts.

  • unemployedclaquer@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    2
    ·
    14 hours ago

    Yeah I played solitaire in 3.1. Even playing the asteroids avoiding game in C-64 I always assumed teams of people or aliens were observing my progress. Nothing to do with The Last Starfighter