So not only was this “hacker” using Windows and Edge, they singed in to windows with a Microsoft account. And then used that same computer for their social media. Nice.
I'm not a "hacker" by any means, but I would probably use a Qubes based system with a dedicated "hacking" VM, only use anonymous VPNs connected from public WiFi access points (having left my mobile at home) while wearing a fake beard and STILL be paranoid that I somehow somewhere make a mistake.
Personally I'd say use Qubes because it might be better at preventing you from getting raided in the first place.
Decisions decisions.
Serious "hackers" are usually state sponsored now, or members of mature groups.
So again, the "make an account" is the part you ALWAYS skip. Local accounts or it technically isn't even a PC anymore.
Hotels last I saw don't collect an obscure gdid...
Did this victim use edge and sync their browser history or something perhaps?
Not to mention that one of the many major UI regressions in Windows is the removal of title bars from application windows, which is fundamental to this "trick." Try opening a PDF in Edge and also in Acrobat. Neither window has a title bar, and they are otherwise almost identical. You have to scrutinize the very few controls around the window to determine which app you're looking at.
Microsoft and its software are trash now.
>"Massgrave, the group behind Microsoft Activation Scripts, has noted that Windows setup sends hardware info to Microsoft and receives identifiers back that are later used for Store access and licensing. Blocking GDID assignment breaks both activation and UWP apps."
I think probably it sends the gdid back to Microsoft as part of telemetry/updates/MS account periodic re-auth, which lets them know the current IP address, and then once the government has Microsoft's logs and the various target websites' logs, they can correlate based on IP address. I don't think it's actually sending the gdid to the web sites. Maybe.
This serves to further illustrate that nobody should be using Windows for anything that involves the need for privacy. And doubly, triply, and morefold so, nobody should ever sign a Windows machine into a MS account for any reason.
>Send optional diagnostic data to improve Microsoft products [Includes how you use the browser, websites you visit, and enhanced error reporting. Determined by your Windows diagnostic data setting]
>Allow Microsoft to save your browsing activity including history, usage, favourites, web content, and other browsing data to personalise and improve Microsoft Edge and Microsoft services like ads, search, shopping, news, and Copilot [Includes your history, usage, favourites, web content and other browsing data]
I saw an article where they analyzed the leaked IP addresses from a breach forum, and some of the top ten were Surfshark and iCloud Private relay.
what's wrong with icloud private relay? It uses a 2-hop architecture so it's probably more private than any single-hop VPN.
> well documented and trivially rotatable
Yes, but almost nobody does that or complains about it at all, even though applications may have been silently phoning it home for many years now.
sounds like you can rotate it, but it doesn't really matter because the registration/rotation process sends a bunch of static information to microsoft, which means they can re-correlate the the old id back to the new id.