Discussion summary

Microsoft can track users via a Windows Device ID, correlating browsing data with system activity. The extent of data collection and mechanisms remain unclear.

What the discussion says

  • Some believe Windows telemetry is extensive and potentially intrusive.
  • Others suggest it is similar to tracking mechanisms used by other device manufacturers.
  • Users can check telemetry data via Windows tools like Diagnostic Viewer.
  • There is concern about the transparency and control over what data is shared.
Microsoft can correlate your Windows install to visited websites.
egamirorrim
It's possible that Windows shares browsing data through telemetry.
red_admiral

Comments

Hacker News

Truly terrifying. But also shocking that a 'hacker' is using windows

by egamirorrim

Some hackers want to spend their time doing cool stuff rather than constantly fixing their system

by efilife

TLDR: Microsoft can (at least) correlate your Windows installation to all website domains you visit while using Windows.

It's unclear what the mechanism is, but I'd wager their "telemetry" is constantly revealing your installation ID, your current IP, and domains that were recently resolved.

by Terr_

Worse than just domains as TFA shows full URLs are recorded.

Reminds me of Google Safebrowsing.

by echelon_musk

"all" would be troubling indeed. I hope that someone can discover the mechanism, and whether it's depending on any settings like "Share browsing data with other Windows features" or any other settings.

by red_admiral

I was under the impression Windows is unreliable for these kind of activities as they are "leakish".

I imagine it's not too difficult to narrow down the potential suspects with how much data points you'd get from ISP, Windows telemetry, and whatever.

by 8cvor6j844qw_d6

It's Microsoft Defender SmartScreen in Edge.

You can also use the Windows Diagnostic Viewer to check the telemetry data being shipped to Microsoft. I'd be willing to bet that you could use Edge (with defaults) and see the URLs being sent to Microsoft but nothing would come from Brave, Firefox, Chrome etc.

by boopig

The article links to this page, which was shared on HN yesterday. [1]

I feel like using wireshark to look at what's being sent back and forth from Windows telemetry, when using Edge, Chrome & etc should reveal what's being sent and recieved. Using MITM SSL spoofing should be able to intercept the packets.

[1] https://github.com/SmtimesIWndr/gdid-reversal

by pogue

I assume this likely true for nearly all device manufactures. I assume all devices have some kind of unique ID that they use for tracking, whether they said so or not.

by diogenescynic

I'm more surprised that this already isn't a known fact. I wonder exactly how far into each device activity is being tracked.

by blaqq2

Probably a capability demanded through a TCN or TAN as part of a mechanism like Australias Access and Assistance bill.

by protocolture

My surprise level is at approximately... zero. Next we will see some news, that MS was compelled to share that info with some three letters. - Oh wait, that is exactly what has already happened, according to the article.

MS is just like that person, who drives a dagger into your back.

by zelphirkalt

Well they can’t use that to track users of Linux.

I was a big fan of Microsoft ten to fifteen years ago. I’ve since transitioned my whole family off Microsoft products now over to Linux, Apple, and proton. Edit: and Brave.

I really thought their corporate culture would’ve changed after the late 90’s but I guess this is a good lesson for founders. The culture you build into your company will likely outlast your tenure.

by cheschire

Tangentially related to Device ID: Apple is significantly worse when it comes to machine identifiers; even with Autopilot enabled you can still install Linux on a Microsoft Surface device (or even Windows if you don't use a Microsoft Account). With MDM locks, Apple devices are literally bricks (especially since all ram and storage is soldered down and locked/paired to the secure enclave chip).

by gigel82

I remember a long time ago intel tried introducing unique IDs for their processors. People got up in arms made a big stink and intel put its tail between its legs. Many years later, the industry through a thousand little cuts has that and more with merely a whimper because it’s not a single big boogey entity but it’s diluted across hundreds of thousands of developers who deployed a myriad ways to fingerprint their users…

by mc32

Well Enterprises can also enroll Linux machines in intune

by merb

Aww you missed the Ballmer Years. Chalked full of "me too!"'s and broken promises. But he was right about one thing. Developers, developers, developers...

by reactordev

> Edit: and Brave.

I would suggest staying away from Brave. I recently compiled the debloated Brave edition from source and was rather disappointed. Brave was slower on my machine than Firefox and Chromium according to Speedometer 3.1. The built-in adblocker does a worse job at cosmetic filtering than uBlock Origin on Firefox. On top of that, I had to build the browser from source because the only binaries I could find are Brave's own. Their builds aren't reproducible, and no Linux distro packages their own.

If you think I am being paranoid, you may also want to take a look at this:

https://www.pcmag.com/news/brave-browser-caught-redirecting-...

by drnick1

> this is a good lesson for founders. The culture you build into your company will likely outlast your tenure.

Good founders already know this. Bad ones don't care.

by noisy_boy

Could this identification be through some alternate Windows service like Windows Update, Windows Time ntp server or Windows Defender?

by haussman

And remember, most of this telemetry is just marketing/ad tech, so anyone that works in the martech/adtech space, you're also part of this.

by bigbuppo

The (not so) interesting part is how inefficient it is. Marketing by ads on the internet has less than 0.5% hit or click rate, and even then it is mostly accidental clicks due to the over-saturation of ads. It's not a real economy. It is just simply not actually worth it.

by materialpoint

Android has one too. If you don't link your google account to an app, they can use your device id as your profile.

by nubinetwork

The criminal complaint missing in this article: https://www.justice.gov/usao-ndil/media/1450651/dl

Basically, Microsoft logs things from windows users, including and not limiting to, the machine GDID, IPs that come with the GDID, and when and what exact URLs accessed. So for windows users, privacy, an important part of information security, is totally destroyed by these logs enforced on windows. Another important part of information security is bug fixing, and microsoft did make at least one security researcher angry [1].

And a simple solution to that problem is moving to linux. You save yourself a lot of time and energy for leaving the adversarial information security condition imposed by windows and microsoft.

P.S. You may consider debloating windows for a more information security friendly environment. However, that is nearly impossible, as long as you realize that windows is an OS composed of thousands of closed source softwares, and doing security audits on all of these will be costly.

[1] https://news.ycombinator.com/item?id=48315968

by RandyOrion

The most surprising part of this is a "hacker" using Windows ...

by Alien1Being

Join the discussion

Write your take first — we'll ask for email only when you're ready to publish.

  • Hacker News
  • Truly terrifying. But also shocking that a 'hacker' is using windows
    by egamirorrim
  • Some hackers want to spend their time doing cool stuff rather than constantly fixing their system
    by efilife
  • TLDR: Microsoft can (at least) correlate your Windows installation to all website domains you visit while using Windows.

    It's unclear what the mechanism is, but I'd wager their "telemetry" is constantly revealing your installation ID, your current IP, and domains that were recently resolved.

    by Terr_
  • Worse than just domains as TFA shows full URLs are recorded.

    Reminds me of Google Safebrowsing.

    by echelon_musk
  • "all" would be troubling indeed. I hope that someone can discover the mechanism, and whether it's depending on any settings like "Share browsing data with other Windows features" or any other settings.
    by red_admiral
  • I was under the impression Windows is unreliable for these kind of activities as they are "leakish".

    I imagine it's not too difficult to narrow down the potential suspects with how much data points you'd get from ISP, Windows telemetry, and whatever.

    by 8cvor6j844qw_d6
  • It's Microsoft Defender SmartScreen in Edge.

    You can also use the Windows Diagnostic Viewer to check the telemetry data being shipped to Microsoft. I'd be willing to bet that you could use Edge (with defaults) and see the URLs being sent to Microsoft but nothing would come from Brave, Firefox, Chrome etc.

    by boopig
  • The article links to this page, which was shared on HN yesterday. [1]

    I feel like using wireshark to look at what's being sent back and forth from Windows telemetry, when using Edge, Chrome & etc should reveal what's being sent and recieved. Using MITM SSL spoofing should be able to intercept the packets.

    [1] https://github.com/SmtimesIWndr/gdid-reversal

    by pogue
  • I assume this likely true for nearly all device manufactures. I assume all devices have some kind of unique ID that they use for tracking, whether they said so or not.
    by diogenescynic
  • I'm more surprised that this already isn't a known fact. I wonder exactly how far into each device activity is being tracked.
    by blaqq2
  • Probably a capability demanded through a TCN or TAN as part of a mechanism like Australias Access and Assistance bill.
    by protocolture
  • [dupe] Full Writeup of the Windows GDID

    https://news.ycombinator.com/item?id=48811081

    by ChrisArchitect
  • My surprise level is at approximately... zero. Next we will see some news, that MS was compelled to share that info with some three letters. - Oh wait, that is exactly what has already happened, according to the article.

    MS is just like that person, who drives a dagger into your back.

    by zelphirkalt
  • My thoughts exactly. Weren't they just caught recently handing over bitlocker keys (that get uploaded to MS by default when you sign in with a microsoft account) to the feds?[1]

    Windows is malware.

    [1] https://www.forbes.com/sites/thomasbrewster/2026/01/22/micro...

    by thewebguyd
  • Well they can’t use that to track users of Linux.

    I was a big fan of Microsoft ten to fifteen years ago. I’ve since transitioned my whole family off Microsoft products now over to Linux, Apple, and proton. Edit: and Brave.

    I really thought their corporate culture would’ve changed after the late 90’s but I guess this is a good lesson for founders. The culture you build into your company will likely outlast your tenure.

    by cheschire
  • Tangentially related to Device ID: Apple is significantly worse when it comes to machine identifiers; even with Autopilot enabled you can still install Linux on a Microsoft Surface device (or even Windows if you don't use a Microsoft Account). With MDM locks, Apple devices are literally bricks (especially since all ram and storage is soldered down and locked/paired to the secure enclave chip).
    by gigel82
  • I remember a long time ago intel tried introducing unique IDs for their processors. People got up in arms made a big stink and intel put its tail between its legs. Many years later, the industry through a thousand little cuts has that and more with merely a whimper because it’s not a single big boogey entity but it’s diluted across hundreds of thousands of developers who deployed a myriad ways to fingerprint their users…
    by mc32
  • Well Enterprises can also enroll Linux machines in intune
    by merb
  • Aww you missed the Ballmer Years. Chalked full of "me too!"'s and broken promises. But he was right about one thing. Developers, developers, developers...
    by reactordev
  • > Edit: and Brave.

    I would suggest staying away from Brave. I recently compiled the debloated Brave edition from source and was rather disappointed. Brave was slower on my machine than Firefox and Chromium according to Speedometer 3.1. The built-in adblocker does a worse job at cosmetic filtering than uBlock Origin on Firefox. On top of that, I had to build the browser from source because the only binaries I could find are Brave's own. Their builds aren't reproducible, and no Linux distro packages their own.

    If you think I am being paranoid, you may also want to take a look at this:

    https://www.pcmag.com/news/brave-browser-caught-redirecting-...

    by drnick1
  • > this is a good lesson for founders. The culture you build into your company will likely outlast your tenure.

    Good founders already know this. Bad ones don't care.

    by noisy_boy
  • Both systemd and dbus have a similar device id for Linux, which e.g. Chrome reads at startup:

    https://manpages.debian.org/trixie/systemd/machine-id.5.en.h...

    https://manpages.debian.org/trixie/dbus-bin/dbus-uuidgen.1.e...

    by tremon
  • Could this identification be through some alternate Windows service like Windows Update, Windows Time ntp server or Windows Defender?
    by haussman
  • And remember, most of this telemetry is just marketing/ad tech, so anyone that works in the martech/adtech space, you're also part of this.
    by bigbuppo
  • The (not so) interesting part is how inefficient it is. Marketing by ads on the internet has less than 0.5% hit or click rate, and even then it is mostly accidental clicks due to the over-saturation of ads. It's not a real economy. It is just simply not actually worth it.
    by materialpoint
  • Android has one too. If you don't link your google account to an app, they can use your device id as your profile.
    by nubinetwork
  • by m132
  • The criminal complaint missing in this article: https://www.justice.gov/usao-ndil/media/1450651/dl

    Basically, Microsoft logs things from windows users, including and not limiting to, the machine GDID, IPs that come with the GDID, and when and what exact URLs accessed. So for windows users, privacy, an important part of information security, is totally destroyed by these logs enforced on windows. Another important part of information security is bug fixing, and microsoft did make at least one security researcher angry [1].

    And a simple solution to that problem is moving to linux. You save yourself a lot of time and energy for leaving the adversarial information security condition imposed by windows and microsoft.

    P.S. You may consider debloating windows for a more information security friendly environment. However, that is nearly impossible, as long as you realize that windows is an OS composed of thousands of closed source softwares, and doing security audits on all of these will be costly.

    [1] https://news.ycombinator.com/item?id=48315968

    by RandyOrion
  • The most surprising part of this is a "hacker" using Windows ...
    by Alien1Being
  • Related thread by some Massgrave.dev devs explaining some GDID mechanisms:

    https://x.com/massgravel/status/2074304593303892354

    by super256

Related stories