• Site tracking

    From ram@ram@zedat.fu-berlin.de (Stefan Ram) to comp.misc on Wed Jul 8 08:51:11 2026
    From Newsgroup: comp.misc

    I asked the chatbot to generate a report of the events
    leading to new public knowledge about a possible tracking
    of each and every web visit by some operating system.
    The formatting is mine.

    | Peter Stokes, an alleged member of the Scattered Spider hacking group,
    | breached a luxury jewelry retailer in May 2025. He routed his traffic
    | through a VPN to conceal his location while setting up an account on
    | the third-party secure tunneling tool, ngrok.
    |
    | A VPN alters your network IP address, but it does absolutely nothing
    | to stop Windows telemetry. Under a court order, Microsoft provided
    | timestamped records to the FBI showing that on May 12, 2025, at 19:21
    | UTC, a specific hardware device accessed the ngrok account sign-up
    | page.
    |
    | Microsoft accomplished this by tracking a mechanism known as the
    | Global Device Identifier (GDID). The GDID is a persistent,
    | device-level identifier designed to uniquely identify an installation
    | of a Windows operating system. It binds your operating system
    | configuration to certain Microsoft services and digital activities,
    |
    | .----------------------------------------------------------.
    | | tracking when a device connects to external servers, web |
    | | utilities, or specific platforms. |
    | '----------------------------------------------------------'
    |
    | The deep public surveillance implications of GDID tracking were
    | largely unknown to the general public and cybersecurity researchers
    | prior to the unsealing of the Stokes case file. The true depth of this
    | logging infrastructure only came to light because of the public
    | disclosure of these specific investigative documents.
    |
    | This telemetry capability reveals that Microsoft can theoretically
    | monitor and log when your machine communicates with specific domains
    | or third-party web endpoints, even without relying on traditional
    | browser cookies. Consequently, privacy experts warn that this
    | infrastructure could allow Microsoft to maintain a comprehensive
    | record of the web servers and services your computer contacts.
    |
    | Armed with this data, investigators mapped Stokes' movements across
    | Tallinn, New York, and Thailand by correlating his system's GDID
    | history with public Snapchat logins that occurred from the same
    | matching IP addresses. He was ultimately arrested in Helsinki on April
    | 10, 2026, while trying to board a flight to Japan.
    |
    | This pervasive GDID telemetry tracking is explicitly active on
    | Windows 10 and Windows 11.
    |
    | The tracking system is deeply woven into core OS functions. Nominally,
    | Microsoft utilizes the GDID for platform services, licensing
    | verification, and crash telemetry. However, because the tracker
    | remains completely consistent across any network connection - and
    | cannot be easily reset unless you entirely wipe and reinstall the
    | operating system - it operates as a permanent homing beacon.
    |
    | Various technical methods exist for those looking to manage system
    | telemetry and enhance digital privacy. Standard procedures often
    | involve adjusting diagnostic data settings within the operating
    | system's privacy menus to the "Basic" or "Required" level. Advanced
    | users sometimes implement network-level filtering tools to block known
    | telemetry endpoints at the router or gateway level. Furthermore,
    | technical documentation and privacy guides frequently discuss the use
    | of alternative, open-source operating systems designed with a focus on
    | user anonymity and minimal outbound communication.

    Chatbots sometimes make mistakes.


    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From snipeco.2@snipeco.2@gmail.com (Sn!pe) to comp.misc on Wed Jul 8 14:36:08 2026
    From Newsgroup: comp.misc

    Stefan Ram <ram@zedat.fu-berlin.de> wrote:

    I asked the chatbot to generate a report of the events
    leading to new public knowledge about a possible tracking
    of each and every web visit by some operating system.
    The formatting is mine.

    | Peter Stokes, an alleged member of the Scattered Spider hacking group,
    | breached a luxury jewelry retailer in May 2025. He routed his traffic
    | through a VPN to conceal his location while setting up an account on
    | the third-party secure tunneling tool, ngrok.
    |
    | A VPN alters your network IP address, but it does absolutely nothing
    | to stop Windows telemetry. Under a court order, Microsoft provided
    | timestamped records to the FBI showing that on May 12, 2025, at 19:21
    | UTC, a specific hardware device accessed the ngrok account sign-up
    | page.
    |
    | Microsoft accomplished this by tracking a mechanism known as the
    | Global Device Identifier (GDID). The GDID is a persistent,
    | device-level identifier designed to uniquely identify an installation
    | of a Windows operating system. It binds your operating system
    | configuration to certain Microsoft services and digital activities,
    |
    | .----------------------------------------------------------.
    | | tracking when a device connects to external servers, web |
    | | utilities, or specific platforms. |
    | '----------------------------------------------------------'
    |
    | The deep public surveillance implications of GDID tracking were
    | largely unknown to the general public and cybersecurity researchers
    | prior to the unsealing of the Stokes case file. The true depth of this
    | logging infrastructure only came to light because of the public
    | disclosure of these specific investigative documents.
    |
    | This telemetry capability reveals that Microsoft can theoretically
    | monitor and log when your machine communicates with specific domains
    | or third-party web endpoints, even without relying on traditional
    | browser cookies. Consequently, privacy experts warn that this
    | infrastructure could allow Microsoft to maintain a comprehensive
    | record of the web servers and services your computer contacts.
    |
    | Armed with this data, investigators mapped Stokes' movements across
    | Tallinn, New York, and Thailand by correlating his system's GDID
    | history with public Snapchat logins that occurred from the same
    | matching IP addresses. He was ultimately arrested in Helsinki on April
    | 10, 2026, while trying to board a flight to Japan.
    |
    | This pervasive GDID telemetry tracking is explicitly active on
    | Windows 10 and Windows 11.
    |
    | The tracking system is deeply woven into core OS functions. Nominally,
    | Microsoft utilizes the GDID for platform services, licensing
    | verification, and crash telemetry. However, because the tracker
    | remains completely consistent across any network connection - and
    | cannot be easily reset unless you entirely wipe and reinstall the
    | operating system - it operates as a permanent homing beacon.
    |
    | Various technical methods exist for those looking to manage system
    | telemetry and enhance digital privacy. Standard procedures often
    | involve adjusting diagnostic data settings within the operating
    | system's privacy menus to the "Basic" or "Required" level. Advanced
    | users sometimes implement network-level filtering tools to block known
    | telemetry endpoints at the router or gateway level. Furthermore,
    | technical documentation and privacy guides frequently discuss the use
    | of alternative, open-source operating systems designed with a focus on
    | user anonymity and minimal outbound communication.

    Chatbots sometimes make mistakes.


    According to ChatGPT, Apple does similar:

    ----------------

    "Does apple use GDID or equivalent?"


    "Apple uses several device identifiers that serve purposes similar to a
    Global Device ID, but Apple does not publicly document a single
    identifier called "Global Device ID (GDID)."

    The most important Apple identifiers include:

    • ECID (Exclusive Chip ID) – A unique identifier
    permanently programmed into the device's processor during manufacture.
    Apple uses it for firmware signing, activation, and restore processes.
    It is not generally available to apps or users.
    • Serial Number – A manufacturer-assigned identifier used
    for warranty, support, and inventory.
    • IMEI – On cellular-capable iPhone and some iPad models,
    the international identifier for the cellular modem.
    • UDID (Unique Device Identifier) – Historically a unique device identifier accessible to developers. Apple deprecated app access
    to the UDID for privacy reasons, although it is still available in
    certain development and management contexts.
    • Identifier for Vendor (IDFV) – Unique per device and app vendor.
    • Identifier for Advertisers (IDFA) – Used for
    advertising, subject to user permission via App Tracking Transparency.

    For enterprise management using Mobile Device Management (MDM), Apple
    also provides device identities and certificates that uniquely identify
    managed devices to the MDM server.

    If by "equivalent" you mean a permanent hardware identity comparable to
    a GDID, then ECID is the closest Apple equivalent. It is globally
    unique, hardware-based, and immutable, but Apple keeps it largely
    inaccessible outside trusted system software and specialized tools. For
    most administrative and support purposes, Apple instead relies on the
    device's serial number and, where applicable, the IMEI."

    -----------
    --
    ^Ï^. Sn!pe, bird-brain. All that was old is new again.

    My pet rock Gordon just is.
    --- Synchronet 3.22a-Linux NewsLink 1.2