Remix.run Logo
jimbob45 a day ago

How did they query his GDID/PUID to make the arrest though? Does the browser have access to it during some requests? Also, if it’s stored as plaintext, what’s stopping anyone from randomizing it on machine startup?

davikr a day ago | parent [-]

I'm guessing Ngrok gets subpoena'd, hands over the IP who created the account, page access timestamp, etc - FBI hands over to Microsoft, finds which Windows PCs were active with a certain IP on that time period, tries to correlate other characteristics such as OS version or anything to get a single hit, and then return other IPs used by that machine and everything else they have, like SmartDefender / Edge telemetry.

pjc50 a day ago | parent [-]

> finds which Windows PCs were active with a certain IP on that time period

.. and how do they do that?

While we're on the subject of telemetry, has anyone got a GDPR orientated writeup of what's known?