I can’t believe Microslop would do something like this to its loyal customers!
I was gonna comment something about Linux distro also having a machine ID, but then I remembered that it’s not in a big database, and it’s so well enforced I routinely have multiple machines with the same ID pop up :D
Linux users will probably tell you their id if you ask them nicely and seem interested in their distro of choice.
What idiot hacker uses Windows?
A genz hacker. In a world where “hacking” is writing prompts and calling IT help desks.
Sounds like the tagline for a really crap movie. How far we’ve fallen from two people on one keyboard.
Don’t forget breaking out a second keyboard, but both people use one hand on each keyboard instead of one keyboard each!
It’s necessary since hacking is so time sensitive - if it can’t be done in a hurry there’s no point!
I know, right. . . Now that’s real hacking!
Okay look, I’m old, I’m inadequate, and I’m drunk. But I’m also a millennial, and I was a flight instructor at the age of 23. I pray to whatever god actually exists instead of Jesus for the unceremonious deletion of every soul that doesn’t give young folks a chance to learn, grow and actualize themselves. Because I am so inordinately sick of being written off due to the year in which my parents fucked that I’ve got room on the docket to be pissed off when you do it to cohorts other than mine.
It is our responsibility to teach the kids, to let them learn, to let them fuck up in order to learn some more, so that they can become the actual adults someday. And it hurts my mind, soul and dick that I’m apparently the only human on earth not excessively lead-addled to realize that. And bitch I’ve washed my hands in 100LL. It’s blue and feels cold at any temperature.
If there’s one thing I’m going to teach you commie retards before I’m banned outright from this platform, it’s that you treat your students with at least the benefit of the doubt if you can’t manage genuine respect. Believe it or not, they’re real people living real lives that are different than your own. Things that are obvious to you aren’t to them because their lives led them to be curious about a different set of things than you did. And if you find yourself in the role of “teacher”, almost always your path led you to expertise sooner than your students. Sooner. Not Younger. I can tell you that, having served as a flight instructor at 23 mostly teaching men in their 50’s.
You think you’re the senior in a field? You think it’s your job to reign superior over your juniors? Think again. Because it’s your job to sit in the right seat as a kid twice your age sits in the Captain’s seat and fails to use the rudder correctly, because falling off a bike is how you learn how to ride. You have to let them slam the plane into the runway, because how the hell else are they going to learn?
Anyone with more experience expressing contempt for those with less experience for having shown up later: FUCK YOUR FUNERAL. Die unmourned.
it’s not the experience or knowledge part that bothers me, as you said people focused on different things and everyone starts from 0. it’s the attitude of giving up when their ai slop doesn’t work or coming up with bandaid solutions to get the task done quickly rather than trying to actually learn or see the bigger picture. it’s an era of short attention span and fast dopamine due to tech, ofc everyone is affected but gen z and a more so because their parents put ipads in their faces since 0 years old.
The amount of times boomers on worksites called me retarded for not knowing how to do something I’d never done before astounded me.
Meanwhile these fuckers would get real butthurt and start yelling and making a fuss when they’d struggle to find a file they just saved on their PC and you do anything besides silently assist them.
I vowed to be different, to teach my people what it means to be competent and respectful. I tell them I expect to see the same level of professionalism and respect I show them going to everyone around them. It’s working! They aren’t coming to work high or hungover, they aren’t being pieces of shit, and they’re communicating with each other instead of yelling insults at each other (well except for when its funny lol).
This has made me unpopular with the boomer leaders but fuck em: we get shit done, we get it done right, nobody gets hurt, and everybody feels respected and doesn’t dread coming to work.
I’m sorry, I don’t quite get how this is relevant to the topic at hand at all.
It’s a response to the tired refrain that the latest generation are stupid and lazy
tl;dr
Stop being a boomer and teach like a man.
Wait, calling IT Help Desks isn’t social engineering now?
Tbf, some of the best hackers were social engineering their way into the backend just by calling up certain support numbers in the 80s
I refuse to call social engineers hackers, conmen is more fitting.
Defcon would disagree. I’ve watched so many presenters talk about all forms of penetration testing, many of which used social engineering and lockpicking as a way to create exploitable vulnerabilities in networks. Whether or not you care to call them hackers… It doesn’t really matter, won’t stop them from hacking.
The weakest link in cybersecurity are usually the users after all.
Hacking is making something work in an unconventional or unexpected way. Social engineers hack people in that way.
Real hackers social-engineered their way into high security systems decades before the first blue haired femboy nerd proudly announced “Btw i am usin Arch!”
Gen Z knows how to use Windows?
There’s a very easy trick to defeat this: use Linux.
I wouldn’t call overhauling your entire operating system, including finding alternatives to software you use daily, making sure your hardware is compatible and relearning your entire work method as an “easy trick”.
I think you might actually be surprised…
No you don’t understand… I’ve spent the last 30 years investing in increasingly awful software companies to create “industry standards” and leaving these companies behind would require me to change and learn!!!
So many issues with the world boils down to that last part, people refusing to change and learn. I never understood it, I’ve always loved change and learning. I’ve seen so many people go from having that same openness to only caring about keeping everything the same and never learning, it’s really disturbing. Some are like that from a very early age, others fall into it at any other part of their lives and it’s never a good thing IMO.
At some point you just have to leave the software behind. That time is now!
I talked with the women i’m working with where we print our price lists about changing from adobe to something else and she told me it would be a bad idea since it would make both of our work much more buggy and time consuming with more chances of the end result being worse. So i’ll keep using indesing and the adobe suite for now but i did switch from sketchup to blender for 3D modeling and it’s a bit challenging and more messy then i’m used to but i get better rendering results from what i tried so far.
If your system uses systemd, it has an etc/machine-id, which is used for a lot of different things. And changing it will break a lot of stuff, probably until you reboot. I guess you could write something to randomly shuffle it every time you reboot? But it is the go-to way for lots of programs (including browsers) to identify themselves. Which means (unless you have done the work to scramble your machine ID) you can be tracked on Linux as well.
The difference is that Linux isn’t sending telemetry to some central entity associating that ID to an IP.
Microsoft’s records showed that at that exact same minute, a Windows device carrying GDID g:6755467234350028 had visited the ngrok signup page. Three hours later, the same GDID visited the retailer’s own website, through the same Tzulo proxy address used to set up the ngrok account.
This article is super vague about this as well. How does Microsoft not only have the GDID->IP link, but they have Web history as well? Are they just exposing all this through advertising telemetry?
Fucking gross. And if you know of anything on Linux exposing/transmitting the machine-id, please do let everyone know because nothing should. Anything that does should be considered malware.
i think i remember hearing the dbus machine-id being read by google chrome on linux. it could be used for privacy violation with proprietary software, though i personally consider linux machines with chrome or equivalent software installed compromised.
It’s not just Windows tracking your web browsing history. GPU drivers do it too. Source: https://www.neowin.net/news/intel-windows-driver-to-now-collect-user-telemetry-data-like-website-categories-by-default/
It’s not just Windows tracking your web browsing history. GPU drivers do it too.
…on Windows. if you explicitly install their malware and agree to data sharing.
That’s wild. Shit like this makes me distrust proprietary drivers
I distrust proprietary anything at this point
also there’s the TPM chip.
Upvoting both comments for awareness, since Linux is the first of a multi-step process, not a privacy panacea.
But we must be clear that in both theory and practice there’s little comparison between systemd and modern Windows machine-user association.
Someone using Windows regularly has a gaping wound, is actively bleeding out. Switching to Linux is just a tourniquet, but every other treatment is at best no-effect until that tourniquet is applied.
E: transpose
systemd/Windows for clarityAlso as a life long programmer, I have this feeling it is possible to just go in and make some changes so I can have the system just make shit up about the TPM while indeed also doing the equivalent of having system-d decide to respond with random bullshit.
Don’t even need to be a programmer, just find a community of them that you trust that distribute their own “fixes”.
Definitely not doing that with anything else because its both hidden in compilation and buried like herpes across multiple components. Probably/hopefully not directly related but I really want to know what they changed to break the clipboard service.
And you’d be technically correct, the best kind of correct.
To the inquisitor:
any distro that’s fully OSS can be fully compiled from scratch with any modifications you choose).
Though yes, if you’re still using Windows, the learning curve may look like a wall.
I really want to know what they changed to break the clipboard service
Guessing the X11 [X]Wayland migration KDE Plasma bug report? Should be fixed in 6.5.2.
Adjacent comment. I’ve found working in a true posix environment is drastically better than the oddities I dealt with Win32. One annoyance is Microsoft has never been able to implement
fork().Though i never messed with x11 as I was never motivated to see what it was like under the figurative hood.
It really is a hell of a lot more sane, instantly missed once you don’t have it. And yeah Fork’s a blessing when used with care lol
Sorry, switched contexts there. Microsoft broke their clipboard service recently which makes me think they added “telemetry” collecting logic somewhere in there.
Oh right, I misread. And yeah not sure (my win32 repro targets have all been locked for a while) but with all the facepalm regressions I’ve read about lately it really could be anything.
Please elaborate on what u are referring to with regard to systemd machine user association?
I’m specifically highlighting that there is none though I acknowledge machine ID makes it easier.
ETA: edited original comment to be more clear
Yeah, motherboard-level tracking is scary because even the OS won’t be able to detect it. The truly paranoid people (and security researchers) go as far as desoldering chips to ensure nothing phones home.
Where in the source does Firefox expose machine-id to websites?
With a quick grep I’m only seeing it around audio?
If that hacker only knew about tracking by Windows…
My laptop came with Win11, I’ve removed that drive a few months ago and replaced it with Mint.
Does this mean MS has my motherboard, WiFi, other hardware identifiers that would still tie that laptop to their database?
Yup!
Motherboard, CPU, GPU models and serial numbers. Ram size and speed. Those were used during Windows activation as old as windows 95. But likely yes, a full list of every component connected.
Your Android phone collects every WiFi network it has ever seen and sends it to Google, so we should assume Microsoft does the same (Android can locate you without GPS by using your neighbors’ WiFi signals as position identifiers, and can triangulate you to a few feet using the relative networks’ signal strengths)
GrapheneOS babyyyyy
And if you dont have Pixel, try /e/os, SailfishOS, Mobian, PostmarketOS or anything other than vendor Android.
Cannot wait for the Motorola/GrapheneOS collab phones.
Um… You’re aware that your pixel was known to google before you graphened it?
Never knew a google account, so it was known to Google but not to me. … but while on the topic, know of a better option?
Jolla Phone is just starting to ship
Android phone collects every WiFi network it has ever seen and sends it to Google
Possibly, but how often do you use WiFi on a phone?
Please note: I didn’t say you had to connect to these networks. This happens as a background process unless you do a ritual to shut off location services and actively work to keep it off. Most people do not know/care to do this. And even if it’s off in settings, some apps have the permission to temporarily override this (and will ask you once to grant it such permission and then have that permission for the lifetime of the app). And regardless of which app overrides said setting, Google gets a copy of whatever the background scan finds (for all Android phones that have the Play store installed, which is most of them).
Possibly, but how often do you use WiFi on a phone?
Basically whenever I’m at home or a relative’s house?
If it was registered, probably. They use a mixture of that to allow re-enabling the same license on the same hardware.
OEM systems come with the license key stored in the firmware (ACPI tables specifically), you can read them from *nix easily enough.
sudo strings /sys/firmware/acpi/tables/MSDMIf you boot the system and login an account then yeah they’ll be able to link that, but the install itself can “self activate”.
So they’re saying that all these “secret” societies online, like the Peter Thiel psychopathy, are relatively easily identified and rounded up and prosecuted to the fullest extent of the law, and they’re just choosing not to do it? I’m shocked.
Why would they catch pedophiles? Their founder is one
The level of naivete to think it’s a good idea using a microsoft account on a microsoft product for your illegal activity is astounding. Especially when you consider the amount of technical knowledge required to do such a thing.
I legitimately cannot make that connection, Microsoft has never been shy about tracking you or their tight relationship with 3 letter agencies. It doesn’t take a genius to know they are going to snitch, I figured that was a foregone conclusion.
Kids need to learn about OPSEC.
Then why haven’t we heard about all the criminals (pedophiles, terrorists,…) being caught by Microsoft surveillance? Because they don’t care about the crimes you do. Their tracking is for money making only.
If I were a criminal I would not bank on it - they might use it for blackmail, too - but for the most part they are not in danger.
The current federal government is pedophiles, they aren’t going to arrest themselves.
Agreed, using the same device for illegal and personal activity is dumb.
Yeah. What a moron.
Ctrl-f NSAKEY (sees nothing) — it seems the internet has forgotten the NSAKEY debacle https://en.wikipedia.org/wiki/NSAKEY
Identifier. Not tracker. They’re not phoning home, thank god.
It mentions this GDID is sent in telemetry. So this guy kept using a hosted proxy, meaning his egress IP was always changing accessing different services, but everytime his Windows 11 machine was sending back telemetry (which included his GDID) they were logging the IP address he was appearing from (the proxy) - so they were able to track and identify him.
If you use your Microsoft account to login, they have to be able to identify you somehow when you try to authenticate. It is basic usage. Not Telemetry. That is what caught him.
Ugh… How do you think they correlated the GDID to his social media?
His social was logged into with that identifier
From the article:
Microsoft’s records showed that at that exact same minute, a Windows device carrying GDID g:6755467234350028 had visited the ngrok signup page.
Why does Microsoft have a record that includes both the GDID and a web addresses? I am confused by this mechanism.
Because everything you do is tracked
Could be using Edge (Account syncing), or using Bing while signed in (Considering they were signing into private accounts while on the VPN, seems possible)
This seems the most likely… but still I want clarity on the mechanism. An identifying token defined in the registry is being sent over the wire. That mechanic is pretty substantial, and I’m surprised a bigger fuss hasn’t been made about that. This is pretty far beyond conventional header fingerprinting.
From other articles I’ve seen (Here’s an example) it was telemetry and cross referencing the IPs used.
VPNs might help hide from passive identification, but they don’t help when you connect to the same service on your normal and private connections alternatively. The computer equivalent of using both your real name and an alias with the same person, they’ll know who you are.
Yep. Assume the worst, imo
and how do you think the social account was linked with said identifier?

By design.
He’ so stupid for sending ransomware and logging into snapchat/facebook from the same laptop without even using VMs
arguably more stupid for using windows and assuming there was any level of privacy
It is truly god damn unfortunate that Microsoft has spent decades fostering a level of technical ineptitude among the average person that they cannot even consider getting off their fucking shit ass platform that “just works”. Because that is the real problem. So many people on here will say “just use Linux!” But the vast majority of people cannot fathom where to even start with that and won’t even consider it because Windows “just works” and it has done so for so long that people just can’t be bothered.
The average user was incompetent WAY before Microsoft ever entered the scene.
Knowing anything about computers is a lot more niche than you think.
Windows “just works”
Honestly, I cannot understand, who can tolerate Windows 11. It does not even work! Constant bugs, eats memory like a hog, have to uninstall programs when updates itself (so constantly), because automatic re-installs. Every time you reboot, you have to kill several unnecessary background processes it automatically starts, or everything works even more like in tar. On my Surface Pro (Microslop made! Their own product!) the task bar never worked properly, every time there was an update to fix something, something else stopped working. Even the damn desktop broke few times, with random updates. It is a vibe coded piece of garbage.
I have everything I cannot switch to Linux, on Windows 10 - at least that still works. Windows 11 cannot even fill that bare minimum.
The only part of “just works” that’s still “just” working is that windows comes installed by default on the vast majority of laptops. I dread having to use windows each time I have to, not because linux is that much better, but because windows is really just that much worse.
It’s easier than ever to use Linux these days and Lemmy certainly doesn’t lack for penguin faithful that’ll proselytize and condemn you to computer-hell if you don’t adopt their religion.
But the “”“problem”“” is that Windows works okay for the vast majority of users. Most of the annoying parts of W11 can be changed or disabled within the OS itself, without needing special tools or knowledge. And I think that the vast majority of users don’t even care enough to do that. We use stock W11 at work and while the “new” style right menus and shit are annoying, they still function fine.
Windows likely won’t lose serious market share until prebuilt PCs come with Linux instead of Windows installed. Especially the non-gaming prebuilts.
So those users even care about being tracked?
Yeah I played solitaire in 3.1. Even playing the asteroids avoiding game in C-64 I always assumed teams of people or aliens were observing my progress. Nothing to do with The Last Starfighter
Also 10. And 8. Maybe since Vista actually…
It’s probably since XP at least. Probably introduced in some form in NT.
I used xp-Antispy to cut off the telemetry back in the day.






















