Remix.run Logo
Terr_ 7 hours ago

TLDR: Microsoft can (at least) correlate your Windows installation to all website domains you visit while using Windows.

It's unclear what the mechanism is, but I'd wager their "telemetry" is constantly revealing your installation ID, your current IP, and domains that were recently resolved.

boopig 18 minutes ago | parent | next [-]

It's Microsoft Defender SmartScreen in Edge.

You can also use the Windows Diagnostic Viewer to check the telemetry data being shipped to Microsoft. I'd be willing to bet that you could use Edge (with defaults) and see the URLs being sent to Microsoft but nothing would come from Brave, Firefox, Chrome etc.

pogue 7 hours ago | parent | prev | next [-]

The article links to this page, which was shared on HN yesterday. [1]

I feel like using wireshark to look at what's being sent back and forth from Windows telemetry, when using Edge, Chrome & etc should reveal what's being sent and recieved. Using MITM SSL spoofing should be able to intercept the packets.

[1] https://github.com/SmtimesIWndr/gdid-reversal

Terr_ 7 hours ago | parent [-]

I would be shocked if Microsoft was not using their own layer of certificate-pinning to stop people from doing that, and/or using another layer of encryption separate from the networking layer.

pogue 7 hours ago | parent | next [-]

Only way to see what's going on is testing to see what's going on. Hopefully, someone who knows more about it than me can take a look at the packets and see what they contain.

cromka 7 hours ago | parent | prev [-]

But you'd still see some encrypted traffic and it wouldn't fly under a radar

8cvor6j844qw_d6 6 hours ago | parent | prev | next [-]

I was under the impression Windows is unreliable for these kind of activities as they are "leakish".

I imagine it's not too difficult to narrow down the potential suspects with how much data points you'd get from ISP, Windows telemetry, and whatever.

red_admiral 6 hours ago | parent | prev | next [-]

"all" would be troubling indeed. I hope that someone can discover the mechanism, and whether it's depending on any settings like "Share browsing data with other Windows features" or any other settings.

echelon_musk 7 hours ago | parent | prev [-]

Worse than just domains as TFA shows full URLs are recorded.

Reminds me of Google Safebrowsing.

ale42 5 hours ago | parent [-]

Possibly the same but done by Edge?