| ▲ | stackghost a day ago | |||||||||||||||||||||||||||||||||||||
For those like me who were not abreast of this issue: the FBI was able to arrest some kid who hacked/is alleged to have hacked a jewellery retailer through a VPN. They were able to track the hacker via the user's GDID, which is a stable identifier unaffected by VPN usage. This surveillance is certainly going to expand in scope as age verification comes into widespread usage. Personally I see little legitimate use case for this telemetry. It seems only useful for the purposes of tracking users for law enforcement or targeted advertising purposes. | ||||||||||||||||||||||||||||||||||||||
| ▲ | marysol5 20 hours ago | parent | next [-] | |||||||||||||||||||||||||||||||||||||
This isn't "tracking", this is attribution in a court. The defence can't stand there and say "That's not him/this device" when the forensics point exactly at it. | ||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||
| ▲ | Joker_vD a day ago | parent | prev | next [-] | |||||||||||||||||||||||||||||||||||||
Well, it's a darn good thing there is nothing like that over here on the Linux side. I'm pretty sure that if e.g. systemd attempted to generate a unique, persistent machine identifier during the installation process, it'd be shot down and patched off extremely quickly. | ||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||
| ▲ | a day ago | parent | prev | next [-] | |||||||||||||||||||||||||||||||||||||
| [deleted] | ||||||||||||||||||||||||||||||||||||||
| ▲ | jimbob45 a day ago | parent | prev [-] | |||||||||||||||||||||||||||||||||||||
How did they query his GDID/PUID to make the arrest though? Does the browser have access to it during some requests? Also, if it’s stored as plaintext, what’s stopping anyone from randomizing it on machine startup? | ||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||