| ▲ | embedding-shape 4 hours ago | |
> Also, can anybody tell how “Microsoft had records showing that on May 12, 2025, at 19:21 UTC, the GDID associated with Stokes’ computer “accessed, among other ngrok pages, 'https://dashboard[.]ngrok.com/signup,'” works? That URL shows 16 blocked requests, it tries to load (at the very least) datadog and googletagmanager, I'm guessing the police simply reached out to all the analytics companies Ngrok ends up indirectly/directly sending data to, which ends up saving everything they get their hands on. What surprises me the most is that the guy was using a Windows installation to do all of this. But then again, you only hear about the dumbest criminals who get caught, so I guess it does make sense after all. | ||
| ▲ | advisedwang 36 minutes ago | parent [-] | |
> I'm guessing the police simply reached out to all the analytics companies Ngrok ends up indirectly/directly sending data to, which ends up saving everything they get their hands on. But those companies would have no way of knowing the GDID. It's not sent in a header, I assume. | ||